Recent decades have seen much greater attention paid to risk management at an organizational level, as evidenced by the proliferation of legislation, regulation, international standards and good practice guidance. The recent experience of Covid-19 has only served to heighten this attention. Growing interest in the discipline has been accompanied by significant growth in the risk management profession; but practitioners are not well served with suitable books to guide them in their work or challenge them in their professional development.
This book attempts to place the practice of risk management within organizations into a broader context, looking as much at why we try to manage risk as how we try to manage risk. In doing so, it challenges two significant trends in the practice of risk management:
⢠The treatment of risk management primarily as a compliance issue within an overall corporate governance narrative; and ⢠The very widespread use of qualitative risk assessment tools ("heat maps" etc.) which have absolutely no proven effectiveness.
Taken together, these trends have resulted in much attention being devoted to developing formalized systems for identifying and analyzing risks; but there is little evidence that this is driving practical, cost-effective efforts to actually manage risk. There appears to be a preoccupation with the risks themselves, rather than a focus on the positive actions that can (and should) be taken to benefit stakeholders. This book outlines a simple, quantitative approach to risk management which refocuses attention on treating risks; and presents choices about risk treatment as normal business decisions.
Frequently asked questions
Simply head over to the account section in settings and click on âCancel Subscriptionâ - itâs as simple as that. After you cancel, your membership will stay active for the remainder of the time youâve paid for. Learn more here.
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
Both plans give you full access to the library and all of Perlegoâs features. The only differences are the price and subscription period: With the annual plan youâll save around 30% compared to 12 months on the monthly plan.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, weâve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes, you can access Simplifying Risk Management by Patrick Roberts in PDF and/or ePUB format, as well as other popular books in Business & Business Strategy. We have over one million books available in our catalogue for you to explore.
This is categorically not an academic text, and this chapter is not a discussion of semantics. But, in order to have a productive discussion of why and how we try to manage risk within organisations (and indeed how we measure the effectiveness of our attempts to do so) in subsequent chapters, some clarity is needed on what is meant by the word.
This chapter begins by looking at some fundamental issues around how risk may be defined. This leads naturally into a discussion of the risk perspectives of different stakeholder groups, focusing particularly on owners, senior managers and lenders. This is followed by a brief discussion of how the tensions that inevitably arise between these different stakeholder groups may be managed. The chapter concludes by briefly reviewing some common risk measures and categorisations of risk that will be of utility in later chapters.
Upside and Downside Risk
In everyday usage, the term âriskâ generally has negative connotations - few people talk about the risk of a pay rise or promotion at work, or the risk of their team winning the FA Cup â and many academics and practitioners follow this convention. However, others argue that risk concerns both positive and negative outcomes, e.g. âRisk is defined as uncertainty of outcome, whether positive opportunity or negative threatâ (Chittenden (2006, p.9)). In particular, within the finance literature, there is a long history of equating risk with variance in returns, an entirely symmetrical measure of variability in outcomes. As will be discussed in more detail below, in any given situation, different stakeholders may quite legitimately take different views on whether positive outcomes are relevant to their risk perspective.
Risk versus Uncertainty
In academic circles, many writers still refer back to Frank Knightâs (1964, p.205) classic distinction between risk and uncertainty, which limits the use of the term âriskâ to situations in which the probabilities of each outcome are precisely known. Knight was entirely correct in highlighting that all meaningful business decisions involve an element of uncertainty: running any complex organisation is not a simple game of chance with well-defined rules and perfectly calculable probabilities of different outcomes. However, I would suggest that not applying the term risk to these situations is perverse and goes against common sense usage of language. Moreover, Knightâs distinction suggests a clear dichotomy between calculable and non-calculable uncertainties, when the reality is some sort of continuum. The approach taken throughout this book is to always estimate probabilities of events as accurately as possible, accepting that, in any question of real practical interest, there will always be a level of uncertainty. This is no different to any other business decision using forecasts or estimates. As discussed in Chapters 5 and 6, managing risk effectively largely depends on understanding, and reducing as far as possible, the uncertainty in these estimates.
I would propose that the following is a more practically useful distinction between uncertainty and risk, based on the everyday use of language. We experience uncertainty about the future in all areas of life, but many of these gaps in our knowledge have no consequences; risk exists only where uncertainty about the future has potential consequences for us. Following this distinction, I am merely uncertain about the weather tomorrow in Tokyo, but the weather in Manchester presents a significant risk to me (of getting wet, of getting cold or, less likely, suffering from heat exhaustion). This leads to the idea of risk being a combination of the impact and likelihood of some uncertain future event. The concept of risk as a combination of impact and likelihood has sound historical roots, dating back to at least 1662: âFear of harm ought to be proportional not merely to the gravity of the harm, but also to the probability of the eventâ (quoted in Bernstein (1996, p. 71)). This sentiment is also codified in all modern good practice guidance, e.g. âRisk is the combination of the probability of an event and its consequencesâ (ISO (2002, p.2)).
Risk to Whom?
Acceptance that a risk involves some consequence or impact inevitably prompts the question âRisk to whom?â Clearly, in the example above, the weather in Tokyo tomorrow does present a risk to many millions of people, just not to me. The idea of risk to whom is a crucial consideration in any discussion of risk in the context of organisations, where even relatively small organisations have a wide range of stakeholders â owners/shareholders, directors/trustees, staff/volunteers, customers/service users â each of whom may have very different beliefs about the likelihood of various future events and be differentially affected by these events should they occur. It is therefore generally meaningless to talk about risk as a one-dimensional concept. It is interesting to note that March and Shapira (1987, p.1408) found a willing acceptance that risk is multi-dimensional amongst practising managers: âalthough quantities are used in discussing risk, and managers seek precision in estimating risk, most show little desire to reduce risk to a single quantifiable constructâ. In particular, it makes no sense to talk about the ârisk to the firmâ (or other organisation); it is necessary to consider separately the different risks to the various stakeholder groups. I discuss the risk perspectives of some of the key stakeholder groups below.
Much of the academic discussion of organisational risk has focused largely, or even exclusively, on the perspective of owners or shareholders. Clearly, any approach to risk management based only on their perspective will be inherently limited, not least because it has no relevance to the public and not-for-profit sectors. However, where some form of ownership exists, owners represent an important stakeholder group to be considered. I will therefore begin by looking at the risk perspective of owners; this will be followed by a discussion of the risk perspectives of senior managers, lenders, staff and other stakeholders.
Owners
Since the middle of the twentieth century, the finance literature has focused on the variability of returns as the principal risk to owners (usually meaning shareholders). According to Utility Theory (see sidebar), any such variability is undesirable, and investors will require some form of compensation to bear this risk. Markowitz (1952, p.89) never actually equated risk and variance, stating only that: âUsually if the term âyieldâ were replaced by ⌠âexpected returnâ and âriskâ by âvariance of returnâ, little change of apparent meaning would resultâ. Sadly though, this aspect of his seminal work on investment portfolios has been serially misrepresented in the finance literature, and variance is often taken to be synonymous with risk.
Utility Theory Side-Bar
Bernoulli first elaborated Utility Theory, that the usefulness or âutilityâ of any additional wealth decreases as we get richer, in 1738. This has been expressed mathematically in various different ways over the centuries, but all of these result in a curve with a gradually decreasing gradient such as that illustrated in Figure 1.1.
Figure 1.1 A utility curve
The application of the theory to uncertain outcomes is relatively straightforward, as illustrated in the graph. The solid line represents a certain amount of wealth and its associated utility. The loss of utility from potential wealth downside (A) exceeds the gain in utility from an equal potential wealth upside (B), so uncertainty leads to an expected utility (X) less than the utility of the certain outcome. Thus, Utility Theory predicts that individuals are risk averse, that is, a certain outcome is always preferred to an uncertain outcome with the same expected value.
Utility Theory is mathematically elegant, and it is easy to calibrate a utility curve for an individual. From there it is simple to calculate the increase in expected outcome that is required to compensate for any particular level of uncertainty in outcomes. However, whilst Utility Theory is useful to illustrate the concept of risk aversion, it is of little practical use. It is a theory of individual preferences and there is no straightforward way of applying it to a diverse group of stakeholders. Moreover, the focus on total wealth doesnât appear to reflect how people actually approach decisions in real life. Prospect Theory (Kahneman and Tversky (1979)) provides a much better representation of how real people make decisions, based on gains and losses from a concrete starting point, rather than some theoretical total wealth. Once again though, it is a theory of individual choice, not of how groups make decisions.
The idealised notion of well-diversified shareholders, who invest in a very wide variety of firms (and other investment classes such as government debt and commodities), presents an important special case of ownership, which must be considered. If some simplifying assumptions are made (including ignoring the effects of taxes!), it can be shown that such investors are not concerned about the periodic fluctuations in performance of the individual firms in which they invest. Well-diversified shareholders are protected from these routine ups and downs simply by virtue of being so well diversified. Following our earlier discussion, there is uncertainty in the performance of individual firms but, in aggregate, there are no consequences for this sort of investor; so, they perceive no risk. These idealised owners are therefore concerned only with âsystemic riskâ, that is the extent to which fluctuations in the firms in which they invest co-vary with fluctuations in the market as a whole, known as âbetaâ, as this cannot be mitigated by diversification. Beta is largely determined by the industry sector(s) in which the firm operates, and other strategic choices, so it is not generally relevant to a discussion of risk management...
Table of contents
Cover
Half-Title
Endorsements
Title
Copyright
Dedication
Contents
Acknowledgements
About the Author
Introduction
List of Figures and Tables
Testimonials
1 What Do We Mean by Risk?
2 Why Do We Try to Manage Risk?
3 Risk Management Systems
4 Scope, Context and Criteria
5 Risk Assessment
6 Risk Treatment
7 Measuring the Effectiveness of Risk Management
8 Underlying Themes and Summary
Appendix A: Risk Return Relationships in UK Listed Companies
Appendix B: The Impact of Covid-19 on FTSE 100 Share Prices
Appendix C: Alternative Numerical Example
Appendix D: Some Useful Sources of Risk Information
