Risk Perception and Analysis Assignment: Swinburne University

Verified

Added on 2021/06/17

AI Summary

This report, submitted for Swinburne University's RSK80003 course, delves into the multifaceted realm of risk management. It distinguishes between proactive and reactive risk management, emphasizing the importance of identifying and mitigating potential threats before they materialize, while also addressing responses to risks after they occur. The assignment elaborates on the risk management process, including identifying risks, assessing their significance, prioritizing them, assigning ownership, responding to risks, recognizing control measures, evaluating improvement possibilities, monitoring results, and reviewing the entire process. It explores the sources of organizational risks, categorizing them into internal and external environments, and the impact of government policies and legal environments. Furthermore, the report details the components and significance of a risk register, outlining the distinction between operational and general risks, and defining successful risk control. Finally, it examines risk perception analysis and systemic risk control, highlighting the importance of feedback and continuous evaluation in maintaining effective risk management systems.

Swinburne University of Technology
Faculty of Engineering and Industrial Science
Assignment 3: RSK80003 Risk Perception and Analysis
[Type student name here]
[Type course of study here]
[Type submission date here]

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

PART A: ELEMENTS OF RISK MANAGEMENT
1. (a) Pro-active risk management refers to identifying threats and taking safety measures
before the risks occur (Bender, 2004). The difficulties are dealt with in advance by
devising business strategies aimed at lofty goals and at the same time taking all the
necessary precautions in risk mitigation. For example, installing a burglar proof system in
a house rather than running the risk of losing personal assets to burglaries. Reactive risk
management is a response based response which involves taking action after the risk
occurs or a problem is identified after an audit, responding immediately to safety events,
for example, fire-fighting after a fire outbreak.
(b) Process of risk management
i. Identify the risk- This step describes, uncovers and recognizes the risk.
A Project Risk Register is then prepared. The Risk Register is a document
that helps track problems as they arise making it possible to do pro-active
risk management to mitigate the risks. This may also happen after
occurrence of a risk and reactive measures taken to contain it.
ii. Understanding the risk significance- Amount of loss that could be
incurred in case of occurrence of the risk is evaluated under this step. This
is significant as the amount and kind of investment to be made in pro-
active measures is decided after significance consideration. Low loss risks
will tend to receive lesser attention than high profile ones. For example,
between maintenance of office stationary and installation of a fire control
system, the former will need more resources.
iii. Prioritizing risks- The risks are analyzed and classified according to
potential impact and the amount of attention that each deserves is
determined. The ones that require immediate attention are taken care of
first and the others reserved for a later time.
2

iv. Owning the risks- This involves assigning individuals to oversee the
entire process of the risk mitigation as per priority. The assigned
individuals will always be on watch-out and in case of occurrence of the
risk, be at the forefront in containment exercise. Safety drills that relate to
their assigned risks will be led by them at all times. Risk mitigation is
therefore institutionalized.
v. Responding to the risks- Involves coming up with measures aimed at
mitigating the impact of the risk that has occurred. If the risk is new, that
is, if it is not included in the risk register and has never occurred before,
reactive measures are taken to curb it, after which pro-active measures are
put in place to prevent damage in case it happens again.
vi. Recognizing risk control measures available- Includes understanding
and applying the right insurance cover for the risk. A statement is made,
stating the process-oriented measures in place, to be applied in case of
occurrence of the risk. This is well detailed, with the roles of every player
clearly defined so as to make it easy to deal with occurrence of the risk.
vii. Risk’s control improvement possibilities evaluation- Any
improvements on the measures put in place is evaluated after putting into
consideration financial, legal and moral issues. Loop holes that could give
the insurance company an allowance to file a negligence suit to avoid
compensation of damages are evaluated and sorted out. The activities of
the company are also regularly checked and ensured to be in line with the
surrounding community’s moral values.
viii. Monitoring results- After a proper response to the risk, the task now is to
regularly track the progress of the project as per the response adopted to
3

ensure that all is well. A graph can be kept to keep tabs on the frequency
of occurrence of the risk and help evaluate the pro-active measures put in
place. If they are effective, they are left in operation. If they are not,
improvements are made, or new systems altogether introduced.
ix. Reviewing the process-The whole process undertaken is reviewed so as
to establish whether it was satisfactory or not according to the results.
This helps the company make plans for the future, mostly involving
investment in a better risk management system, or if the current one is
satisfactory, such investment can be directed elsewhere.
(c) The main types of sources of risks in an organization are:
i. Internal environment- The trade that the organization deals in is the first
source of its risks. For instance, a company dealing in manufacture and
storage of hydrochloric acid risks extensive damages in case of explosions
and resulting fire.
Employee motivation is also an internal environment factor that could
pose risks to the company. If they are not well remunerated for their hard
work, they may end up selling the company trade secrets to rival firms.
Organization and operational structure could also pose a risk internally. If
there is no coordination among the top officials when working, then the
company may not hold for long until it faces dissolution.
Innovation is important as it helps the company keep in competition with
other rival firms. If a firm does not improve its products over time, it may
easily become obsolete.
ii. External environment- Factors like competition may compel a company to
engage in certain measures, in an attempt to cope with intense
competition, thereby risking the very existence of the company. This may
involve reducing the prices of its products so as to attract customers,
which can have positive or more likely, negative impacts.
4

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Government policy (as an external business environment)- Sometimes a
government can pass a policy that can kick a company out of business,
especially if its operations are rendered illegal under the new laws passed.
Certain regulations may also force the company to stop certain operations
which may eventually translate to reduction of profit margins and losses.
The company’s legal environment may be a source of risks to the firm.
The company should be flexible and easily adapt to changing regulations,
else it will fall prey to law suits and get itself in settlement meetings that
could bankrupt it.
(d) A Risk register is a document created in the preliminary steps of risk management to
identify certain risks as they occur, and other risks as a result of these initial risks, making
it possible to make effective pro-active measures. The contents are a disparate collection
including:
i. Description of risks- Within the project risk register, each risk that had been
identified as a potential threat to the business is clearly defined.
ii. Risk triggers- The register lists all the forces that could bring about occurrence of
the risk in question. All employees are informed about all these triggers so as to
be co-watchdogs with the rest of the experts assigned to check on these risks. If a
certain amount of capital owned by the firm could make it go bankrupt, then
everyone is motivated to work hard to ensure that that level is never reached.
iii. Steps to mitigate the risks- This encompasses insurance covers, installation of
safety systems e.g., fire systems, security cameras and alarms. It also includes the
conduct of the whole body of employees in case of occurrence of a risk such as a
fire. Clear passage ways are created, and necessary indications made using
posters, to allow for orderly evacuation and to allow for the installed systems to
perform their duty.
iv. Impact of the risks- The register also includes the kind of damage to be expected
in case of occurrence of the risk. Hence, it helps in putting in place measures to
ensure that the high loss risks never occur. Early planning is also made just in
case the risk occurs, to allow for normal business operations. For example, if a
5

company deals in highly flammable products, then investment in insurance
against damages and losses due to fire is done. In case of a fire, which could burn
down the entire premises, the firm is still covered and will not lose much.
v. Likelihood or probability of the risk occurring- Likelihood and frequency of
occurrence of the risk is indicated. As a result, the firm is always ready to put in
immediate counter-measures in case pro-active measures fail to mitigate the risk.
Occurrence of the risk will never take the business by surprise. For instance, if the
premises get flooded during the rainy seasons, then effective drainage systems are
put in place to take care of the problem. If the drainage system fails, the firm will
have already invested in water pumps and outside drainage systems to help the
overwhelmed internal drainage systems.
vi. Risk matrix score of the risk- This score will determine whether the risk is low-
loss or high-loss. In case of the latter, safety investment is channeled elsewhere
whereas if the former is the case, it will receive more attention in terms of
investment.
vii. Risks left after mitigation/ The residual risk- After mitigation of a risk, there are
normally small other risks that result. They are called residual risks. For instance,
if a major fire occurs, there are fumes which still hang in the air and are just as
dangerous as the fire when inhaled. The register therefore keeps an account of all
these residual risks and the company puts in measures to take care of such
residual risks that is, buying nose and mouth covers for employees.
viii. The ownership of the risk- In the register is included a list of employees entrusted
with the responsibility of being on the watch-out for specific risks, and being on
the forefront in mitigating them in case they occur.
ix. The risk identification- Each risk is assigned a unique identification. This serves
both in easy identification in case of occurrence, and making the employees get
used to them in a positive manner. Employees will take certain occurrences as
normal happenings and continue with their work.
x. The acceptable probability after treatment- After a risk occurrence has been taken
care of, there is still the probability of the risk occurring again, acceptable
probability after treatment. Such information is important as counter measures are
6

put in place to take care of the smallest occurrence of such risks. For instance,
when hiring staff, the company should make every one sign a declaration of non-
disclosure, so that any secrets of the company stays within the company. And any
risk of a laid off employee using such information in a court of law to attack the
company becomes illegal.
(e) Distinction between operational and general risks is of significance during
compensation by the insurance company after occurrence of a risk. Operational risks are
those that affect direct operations of the business, for instance, death of a senior officer
within the organization, or damage to earlier-on active physical assets. General risks
include losses due to natural disasters e.g., earthquakes, floods, tornadoes etc. If the terms
of a risk are not well defined in relation to whether they are general or operational, the
insurance company could be legally allowed to refuse compensation, which would be a
tragedy to the establishment.
(f) A risk is under successful control if the feedback, after application of Risk
Management System, is (or towards) what was expected. Risk perception analysis can
also be drawn, and frequency of occurrence of the risk over time evaluated, according to
Rowe. If the frequency reduces significantly, then this means that the risk is under
successful control. On the other hand, if occurrence of risk stagnates or increases in
frequency, then the control measures have failed and re-evaluation needs to be done to
make new and better pro-active risk measures.
The system can be influenced in such a way that occurrence of the risk is mimicked.
Response of the system to the introduced risk will confirm whether it is strong enough to
curb such-like risks in the future. For instance, testing the security system of a firm for
backdoors, or testing the protection circuits, distance relays, differential relays etc. of a
transformer in an electrical substation.
(g) Systemic risk control covers a wider jurisdiction, encompassing the whole industry. It
involves all the values and practices coordinated and shared among firms in, or related to
the industry within which the risk of interest exists. These include inflation, regional
political stability, trade restrictions among countries etc. Attributes helping in managing
7

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

the risk are built into the way the community works. A Risk Management System on the
other hand is company-based, with a smaller jurisdiction, and is the mechanism the
company uses to manage risks within it. It covers risks that are within the grasp and
control of the company.
(h) Content of a Risk Management System could as well be described in the context of
Risk Management Process, which involves identifying the risk, understanding its
implication and deciding what to do. Content therefore include:
a. Register or Inventory of Risks- This is a list of all the risks that have been
identified, which are likely to affect the organization.
b. Adequacy of control measures records- Step by step measures in controlling every
risk in case of occurrence is stated including insurance against each risk. The
short-comings of the control measures and counter-measures to take in case of
failure are also stated.
c. Requirement of organization for maintenance of set control measures- A
statement of routine checks, testing and maintenance of security measures put in
place to manage occurrence of risks is stated.
2.
a. Why a competent management team would prefer to operate with lower loss
and risk costs and with higher risk control costs
It is only logical for a team to invest less in risk control with the perception that
the probability of the risk occurring is negligible. Money is saved in the process,
though still at a risk of losing even more than they would have in case of
occurrence of the risk, if better and costlier control measures were put in place.
A reliable risk management system, though costly and maybe reducing the profit
margins of the business, will ensure smooth running of operations (Hubbard,
2009). The organization does not need to worry about losses that it could incur in
case of occurrence of the risk. If a manufacturing company decides to install a fire
system without insurance for damages in case of fire, it could still survive, though
operating in the catastrophe area without knowing it, owing its weak system to the
8

probabilistic nature of risks. However, if a fire breaks out, and the fire system
fails to put it out, then that’s the end for this company.
The case is different for a company that spends on installing a reliable fire system,
and better still insuring the company for losses and damages in case of fire.
Though more expensive than the latter, the organization is at peace with itself,
with surety of compensation in case of losses resulting from a fire.
b. Constituents of Total Cost of Risk(TCOR) at RRC Power Solutions
RRC power solutions is a Germany-based company dealing in manufacture of
custom batteries for all sorts of electronics, from military to personal gadgets.
Total Cost of Risk is the sum of the investment made in risk control and the losses
incurred in the process. RRC initially invested in protective clothing for the
engineers working at their production sites. A single suit costs close to $100 on
the lower scale. When it started its own production, the company had 25
engineers working at their production site in Homburg. This means that they spent
$2500 in protective clothing alone. Including insurance, fire system installation
and safe storage of chemicals used, their risk control in the first quarter of their
first year of operation was $70,000.
Despite all that was spent in risk control, the high demand for custom batteries
and its first government contract to build long lasting batteries to be used in
military operations brought in profit, that covered all that was spent. The need to
expand had them investing more in building a bigger premise, better safety
systems and more advanced protective clothing for its employees. Actual figures
are not provided, but the profits reduced.
An incident occurred in 2013 when there was an explosion in one of their labs,
during a test for a new battery technology for E-bikes. The fire system was
overwhelmed and a section of the lab was badly damaged, destroying most of the
research and two employees were also badly burned while trying to save their
research. The insurance company initially filed a suit of negligence but later
9

dropped it on accounts of circumstantial evidence which cannot be legally used to
prevent compensation. The company was compensated by insurance for the
damages, but delays in coming up with a more efficient battery for the bikes still
cost them a lot of money. The damaged models had to be recreated and improved
to meet the demand of the ever growing customer base. The insurance company
never paid for the money spent and lost on research, and losses due to business
stoppage after the fire and during investigation.
PART B: RELATIVE SIGNIFICANCE OF RISK
1. INTEREST RATE RISK
There are two broad classifications of risks, systemic and unsystemic risks. The latter is inherent
to the whole market, affecting a large number of assets. It is very unpredictable and impossible to
avoid. The former is company-based, affecting only a small number of assets and is sometimes
predictable thus can be avoided.
a) Interest rate risk is a systemic risk that involves fluctuation of interest rates on
investment’s value, in a spread between two defined rates, in any interest rate relationship
including the yield curve. These changes affect securities adversely but are possible to
reduce through hedging i.e., interest rate swap or diversification i.e., fixed-income
securities investment.
b) Parameters that describe this risk include:
i. Economic growth- In the mortgage market, for instance, when people borrow
money to buy houses, the banks lend them. The banks get this money from their
own depositors. If a bank pays 3% interest on a four year GIC, and 6% on a four-
year mortgage, the bank makes 3% Net Interest Margin. In the case of demand for
mortgage borrowing going up, and if the bank doesn’t have enough funds to lend
10

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

all borrowers, then it raises its GIC rate to attract retail funds or issue bonds. The
funding may sometimes be hard to come by, and the banks are forced to increase
their mortgage rates to reduce the number of people borrowing. This in effect cuts
across all other financial institutions and all rates increase.
ii. Monetary Policy- All central banks alter supply of money into the economy to
control inflation and also try to manage the respective countries’ economy. To
increase money supply, central banks deposit their money into their accounts in
commercial banks. This causes a reduction in interest rates. However, if it takes
money from the economy, or holds its reserve, interest rates go up. Since
businesses are not given a heads-up on when supply goes up or down, they either
earn profits or incur losses.
iii. Inflation- When investing, an investor needs to maintain or increase his or her
purchasing power. Therefore, in case of an inflation, the investor will want to lend
money at a high interest rate for the longest time possible. For instance, during the
inflation in the mid-1980s, lenders charged very high interest rates so as to offset
the levels of inflation and make profit.
iv. Fiscal Policy- This refers to the way in which governments spend money to
finance their activities. High levels of government borrowing and expenditure
leads to “crowding-out” effect making it difficult for companies to borrow from
lending institutions. Interest rates automatically increase.
v. Variability- The risk cannot be predicted, just like many other risks, due to
uncertainty of future occurrences. There is always a difference in what happens to
what is expected to happen, bringing in the element of surprise. The government
can pass a policy of reducing interest rates on loans given by banks. This affects
interest rates on all securities and assets attached to the banks, and by extension,
to other establishments.
11

c) Parameters that can compare this risk to others of the same type are:
 Timing difference- Banks and other financial intermediaries sometimes have
timing differences in repricing of bank assets and maturity of fixed rates,
liabilities etc. Such mismatches can expose a bank to unexpected fluctuations as
interest rates will vary. A bank that did a short-term deposit and funded a long-
term loan faces a decline in the two if interest rates increase. The declines come
about because cash flow on the long-term loan are fixed all through its lifetime,
while interest paid on the funding varies, and only increases after short –term
deposit has matured.
This links Interest Rates Risk to Repricing Risk
 Imperfection correlation (during adjustment of rates)- This involves rates paid on
instruments with similar repricing features. Differences arising from changing the
rates brings about cash-flow changes that are properly spread between assets and
liabilities of the same repricing frequencies. This therefore links basis risk to
interest rate risk.
 Repricing mismatches- These expose banks to changes in shape and slope of the
yield curve. Unanticipated shifts in this curve will have adverse effects on banks’
income or worse still, underlying economic damages. For example, an underlying
economic value of long-term position in a 20-year bond hedged by a similar short
position 10-year notes could reduce sharply in case the yield curve steepens, even
if that position is well hedged against parallel shifts in the curve. This links
Interest rates risk to yield curve risk
12