Erm PGDM 2018-20

ENTERPRISE RISK MANAGEMENT
Institute of Insurance & Risk

Management-PGDM-2018-20
By
ATMARAM CHERUVU
The last picture he ever took???
What is Risk?
ISO 31000 defines Risk as the

“effect of uncertainty on objective”
Risk Taking for Enterprise Value
COSO
Framework
RISK MATRIX
Executive Legislature Judiciary
President of India Rajya Sabha Supreme Court of India

Prime Minister (Council of States or the Upper
House) High Courts
(in each state)
Central Government Lok Sabha
(Ministries) (House of the People or the District Courts
Lower House)
Central Government Boards and Tribunals
(Independent Departments) 28 states and 7 union
territories Consumer Courts
Apex/Independent Offices
Rights Commissions
Largest political parties Leaders
Indian National Congress (INC) Sonia Gandhi
Bharatiya Janata Party (BJP) Rainath Singh
India is the world's largest democracy

Insurance Access Restriction
DR Offsite Backup
BCP Corporate Policy
I
M
P Control
A Response
C
T
System Default
Account
Reconciliation Procedures Manual
Management Review Management
Approval
LIKELIHO
OD
ERM Challenge
[One] challenge for management is to determine
how much uncertainty – and therefore how
much risk – the organisation is prepared and
able to accept.
Effective [ERM] allows management to balance
exposure against opportunity, with the goal of
enhancing capabilities to create, preserve and
ultimately realize value.
Strategic Value of ERM
• Increases the range of opportunities
• Identifies and manages entity-wide risks
• Reduces surprises and losses
• Reduces performance variability
• Improves resource deployment
• Anticipates, identifies, adapts and responds to
change
Common Challenges
• Difficulty distinguishing risks • Reluctance to mitigate risks
from problems (Example: buying insurance)
• Difficulty distinguishing • Excessive optimism
normal business practices
from risk mitigation / • Lack of systematic risk
contingency planning identification,
risk assessment, risk
• Difficulty distinguishing handling, and risk
between certain future monitoring procedures
events and uncertain future
events • The view that risk
management activities take
• Difficulty envisioning time away from doing “real
potential future (risky) work”
events
Where to start?
A good place to begin is a statement of the organisation’s
objectives
Identify risk-related events that might affect the achievement of
these objectives
Linking top risks to core strategies helps identify the most
relevant information that might serve as an effective leading
KRI #1
indicator of an emergingStrategic
risk
Risk #1
Initiative #1
KRI #2
Organisational
Risk #2
Objectives
KRI #3
Strategic
Risk #3
Initiative #2
KRI #4
ERM QUOTES
• ‘No institution, including our own, should be too
big too fail’. Jamie Dimon- J P Morgan Chase.
• So it is said that if you know your enemies and
know yourself, you can win a hundred battles
without a single loss. If you only know yourself,
but not your opponent, you may win or may
lose. If you know neither yourself nor your
enemy, you will always endanger yourself. Sun
Tzu
Atmaram Cheruvu
Mobile: +91 9987020900
email: cheruvua@yahoo.co.uk
ERM QUOTES
• “We focus on risk before we focus on return. The best
investors do not target return. They focus first on
risk.” Seth Klarman-American billionaire & hedge
fund investor.
• Barings was always described as this wake up call
that nobody would ever forget, but the fact is, only
lip service was ever played to the fact that risk
management needed to improve - Nick Leeson (in
2009)
Atmaram Cheruvu
Mobile: +91 9987020900
Directors Survey by Marsh 2018
Atmaram Cheruvu
Mobile: +91 9987020900
Costliest Insurance Losses
Atmaram Cheruvu
Mobile: +91 9987020900
Deadliest World Catastrophes
Atmaram Cheruvu
Mobile: +91 9987020900
Directors Survey by Marsh 2018
Atmaram Cheruvu
Mobile: +91 9987020900
Course Overview
The study of Enterprise Risk is one important segment of Risk Management.
Understanding of the concepts relating to Enterprise Risk Management and how
these concepts are being applied in different industries is very important for
Management Students. Enterprise Risk Management is a holistic approach. The
structure an Organization sets up to control Risk management across the whole of its
organization is known as Enterprise Risk Management. It deals with People, Process,
technology and also legal Risk.
ERM has been recognized as an important element of strong Corporate Governance.
Today its use in large Organizations is internally supported by laws, regulations and
compliance requirements. For large and public organizations ERM is no longer an
option. All large organizations are required to report on risk factors and potential
investors and their advisors will take into account how well risk management
standards are applied. Regulators demand effective ERM and stakeholders such as
lenders, customers, suppliers and staff organizations often ask for evidence that a
proper ERM structure is in place in an organization.
Atmaram Cheruvu
Mobile: +91 9987020900
Learning Outcomes
 Understand the concepts of Enterprise Risk Management.
 Understanding the evolution of Enterprise Risk Management.
 Understanding reasons for growing significance of Enterprise
Risk Management.
 Understand the principles, policy, analysis, various approaches
to Enterprise Risk Management.
 Understand the Technology, Environmental, Political, Ethical,
Marketing, Financial and Human Resources Risks.
 Understand risk control and mitigation techniques adopted by
major Corporations
 Developing and implementing an appropriate Enterprise Risk
Management System.
Atmaram Cheruvu
Mobile: +91 9987020900
Unit 1: Introduction to Enterprise Risk
Management.
• The concept and definition of Enterprise Risk

Management.-Historical perspective
• Integrating Risk into Strategic Planning. -
Dealing with Uncertainties in the
Environment. – Futility of Conventional
Appraisal Techniques - Surviving an Industry
Shakeout.
• Framework for Making Strategic Moves.
Atmaram Cheruvu
Mobile: +91 9987020900
Unit 2: Managing Technology Risks
• Threat of new Technology to Assembled

Products
• The effects of introduction of new products or
process technologies.
• Framework for managing Technology Risks
Atmaram Cheruvu
Mobile: +91 9987020900
Unit 3: Risks in Mergers, Acquisitions &
Strategic Alliances
• Understanding the risks in Mergers and
Acquisitions – Arriving at the Premium
• Stock vs. Cash deals
• Risks in Cultural Differences
• Managing Risks in Strategic Alliances
Atmaram Cheruvu
Mobile: +91 9987020900
Unit 4: Managing Environmental & Political Risks
• Understanding Environmental and Political

Risks
• Evolution of Political Risk Management
Identification and Analysis of Political Risks
• Country Risk Assessment – Different
Approaches to Dealing with Political Risk
Atmaram Cheruvu
Mobile: +91 9987020900
Unit 5: Managing Ethical, Legal &
Reputation Risks
• Understanding Legal and Ethical Risks
• Growing importance of Ethics – Corporate
Governance
• Managing Legal Risks faced by Companies
Atmaram Cheruvu
Mobile: +91 9987020900
Unit 6: Managing Financial Risks
• Understanding financial Risks
• Types of Financial Risks
• Steps in Financial Risk Management
• Role of Derivatives in Risk mitigation
Atmaram Cheruvu
Mobile: +91 9987020900
Unit 7: Managing Marketing Risks
• Understanding Marketing Risks – Challenges

• Building Customer Loyalty – Branding Risks
• Product Development and Pricing Risks –
Supply Chain Risks.
Atmaram Cheruvu
Mobile: +91 9987020900
Unit 8: Managing Human Resources Risks
• Understanding Human Resources Risks

• Succession Planning Attracting and Retaining
Employees
Atmaram Cheruvu
Mobile: +91 9987020900
Unit 9: Implementation of Enterprise Risk
Management.
• The Current state of Enterprise Risk
Management
• Integrating Risk Management Activities
• The dynamic interaction of Different Risks
• Developing a Risk Management Policy
• Implementation of Enterprise Risk
Management.
Atmaram Cheruvu
Mobile: +91 9987020900
Unit 10: Organizational Setup & key
responsibilities for Enterprise Risk Management.
• Governing Structure -Role of Board, Role of
committees, Role of RM department, Chief
Risk Officer, Risk Officers/ Specialists, Business
Managers, Department Heads.
• Relationship between Audit and Risk
Management. Relationship between
compliance and Risk Management.
Governance Risk and Compliance. Corporate
Governance.
Atmaram Cheruvu
Mobile: +91 9987020900
Unit 1: Introduction to Enterprise Risk
Management.
• A business has to try to minimize risks. But if
its behavior is governed by the attempt to
escape risk, it will end up taking the greatest
and least rational risk of all: the risk of doing
nothing. – Peter Drucker.
Atmaram Cheruvu
Mobile: +91 9987020900
What is RISK?
• Risk takes on many forms but is broadly categorized as the
chance an outcome or investment's actual return will differ
from the expected outcome or return. Risk includes the
possibility of losing some or all of the original investment.
Different versions of risk are usually measured by
calculating the standard deviation of the historical
returns or average returns of a specific investment.
• A high standard deviation indicates a high degree of risk.
Many companies allocate large amounts of money and
time in developing risk management strategies to help
manage risks associated with their business and investment
dealings.
Atmaram Cheruvu
Mobile: +91 9987020900
What is RISK?
• Risk takes on many forms but is broadly categorized as the
chance an outcome or investment's actual return will differ
from the expected outcome or return. Risk includes the
possibility of losing some or all of the original investment.
Different versions of risk are usually measured by
calculating the standard deviation of the historical
returns or average returns of a specific investment.
• A high standard deviation indicates a high degree of risk.
Many companies allocate large amounts of money and
time in developing risk management strategies to help
manage risks associated with their business and investment
dealings.
Atmaram Cheruvu
Mobile: +91 9987020900
What is RISK?
• Risk is the chance or probability that a person will be
harmed or experience an adverse health effect if
exposed to a hazard. It may also apply to situations
with property or equipment loss, or harmful effects
on the environment.
• Risk – the combination of the likelihood of the
occurrence of a harm and the severity of that harm.
Atmaram Cheruvu
Mobile: +91 9987020900
Fundamental Questions in ERM
• What are the various risks faced by the
company?
• What is the magnitude of each of these risks?
• What is the frequency of each of these risks?
• What is the relationship between the different
risks?
• How can the risks be managed to maximize
shareholder value?
Atmaram Cheruvu
Mobile: +91 9987020900
ERM PROCESS
• Identify the risks.
• Quantify risk to extent possible.
• Prevent or avoid risk where ever possible.
• Take on new risks if they are associated with
attractive opportunities.
• Transfer the risk if holding it is not consistent with
the company’s business strategy.
• Diversify the risk by tapping a portfolio of
opportunities.
Atmaram Cheruvu
Mobile: +91 9987020900
Definition
Enterprise risk management (ERM) is a plan-based
business strategy that aims to identify, assess and prepare
for any dangers, hazards and other potentials for disaster
– both physical and figurative – that may interfere with an
organization's operations and objectives. The discipline
not only calls for corporations to identify all the risks they
face and to decide which risks to manage actively, it also
involves making that plan of action available to all
stakeholders, shareholders and potential investors, as
part of their annual reports.
Atmaram Cheruvu
Mobile: +91 9987020900
ERM PROCESS
• Assess the risk intelligently and decide whether it is
important to preserve the possibility of extremely
good outcomes or to reduce the possibility of very
bad outcomes.
• Hedge the risk by acquiring a new risk that exactly
offsets the unwanted risks.
• Leverage the risk and magnify the outcomes, both
bad and good.
• Insure the risk.
Atmaram Cheruvu
Mobile: +91 9987020900
Integrating Risk into Strategic Planning
• Strategy formulation is main part of strategic planning process.
A robust ERM framework must provide relevant risk
information for decision-makers so as to reduce the possibility
of selecting a mistaken strategy or overlooking an important
one.
• To reinforce the importance of risk management, a 2003–12
study by Deloitte (2012) regarding the largest global public
companies points out that 73 percent of the root causes for
dramatic losses were derived from strategic risks, followed by
financial (17 percent) and operational (10 percent) risks. Also,
empirical evaluations showed firms that have implemented
ERM enjoy, on average, 16.5 percent premium in market
valuation (Hoyt and Liebenberg 2011; Lam and Quinn 2014).
Atmaram Cheruvu
Mobile: +91 9987020900
• “A general direction set for the company and its various
components to achieve a desired state in the future.
Strategy results from the detailed strategic planning
process”.
• Frigo and Anderson (2011) define strategic risk
management as a process for identifying, assessing and
managing risks and uncertainties, affected by internal
and external events or scenarios, that could inhibit an
organization’s ability to achieve its strategy and strategic
objectives with the ultimate goal of creating and
protecting shareholder and stakeholder value.
Atmaram Cheruvu
Mobile: +91 9987020900
Atmaram Cheruvu
Mobile: +91 9987020900
Importance of Strategic Planning
• Enduring organization’s excel simultaneously on
various fronts. They are sensitive to their environment.
They do not hesitate to move into unchartered areas
when the situation so demands. They use money in a
old fashioned way, keeping enough of it for a rainy day.
• Long lasting companies manage the risks they face in a
flexible way, backed by expertise across functions.
• Visionary companies display a powerful drive for
progress that enables them to change and adapt
without compromising their cherished values.
Atmaram Cheruvu
Mobile: +91 9987020900
Dealing with Uncertainty in Environment
• Essence of risk management is to help a firm to
survive and grow.
• When environment is unfavourable, the firm will
concentrate on survival and when it is favourable, it
will attempt to exploit new growth opportunities.
• Many companies take strategic decisions relying
totally on their gut instincts during times of
uncertainty. This is wrong. Intuition has to be backed
by some numbers for strategic planning to be
effective.
Atmaram Cheruvu
Mobile: +91 9987020900
Dealing with Uncertainty in Environment
• When uncertainty is high, firms have two broad
strategic options:
• Option 1: Make heavy investments and attempt to
control direction of market.
• Option 2: Make incremental investments and wait till
the environment becomes less uncertain before
committing themselves to a strategy. In the
intervening period, firm can collect more information
or form strategic alliances to share risk.
Atmaram Cheruvu
Mobile: +91 9987020900
Futility of Conventional Appraisal Techniques
• Where uncertainty is high, conventional appraisal
techniques such as Net Present Value are of little
use.
• Discovery driven planning is suggested. As project
progresses, new data is incorporated and
assumptions revised on ongoing basis.
• Euro Disney-Assumption at project stage-50%
revenue from tickets and 50% from hotels, food and
merchandise. After project completed-ticket prices
less than anticipated and visitors did not spend as
anticipated.
Atmaram Cheruvu
Mobile: +91 9987020900
• Ticket prices to be lowered due to recession in Europe.
• Disney expected people to stay in hotel for 4 days-but
actual average was 2 days, since there were just 15
rides compared to 45 at disney world. Assumption was
stream of visitors to be steady over the day, while
crowds came mainly during lunch time.
• Disney’s inability to seat all of them led to loss of
revenue, dissatisfied customers and bad word of
mouth publicity. Vistor’s also purchased smaller
portion of high value items like T-Shirts & Hats.
Atmaram Cheruvu
Mobile: +91 9987020900
Mistakes made by companies while planning new projects
with great degree of uncertainty are:
• Companies do not have precise information, but after few
important decisions are made, proceed as though
assumptions are facts.
• Companies have hard data but do not spend adequate time
in checking assumptions made.
• Companies have enough data to justify entry into new
business or market but make inappropriate assumptions
about their ability to execute the plan.
• Data right, assumptions right but failed to notice that a key
variable in environment has changed.
Atmaram Cheruvu
Mobile: +91 9987020900
Discovery Driven planning prescribes use of four different
documents, which are updated as events unfold:
• Reverse income statement-starts with required profits and works
backward to revenues and costs.
• Pro forma operations specifications that specify the activities
associated with the business including production, sales delivery &
service.
• Checklist for ensuing all assumptions are examined and discussed
at every stage of project execution.
• Planning chart which specifies the assumptions to be tested at
each project milestone. This allows major resource commitments
to be postponed until evidence from previous milestone event
signals that the risk associated with next step are justified.
Atmaram Cheruvu
Mobile: +91 9987020900
Faulty implicit assumptions made by companies:
• Customers will buy the product because the company
thinks it is a good product.
• Customers run no risk in buying from the company
instead of continuing to buy from their past suppliers.
• The product can be developed on time and within the
budget.
• The product will sell itself.
• Competitors will respond rationally.
• The product can be insulated from competition.
Atmaram Cheruvu
Mobile: +91 9987020900
Surviving an Industry Shakeout
• Two types of shakeout syndromes: Boon-and-bust
syndrome & Seismic-shift syndrome.
• Boom-and-bust syndrome typically applies to
emerging markets and cyclical business.
• During boom-many companies enter leading to
excess capacity.
• As competition increases, prices fall, many players
find going tough. Companies which survive are those
with a high degree of operational excellence and
those which focus on ruthless cost cutting.
Atmaram Cheruvu
Mobile: +91 9987020900
• Seismic-shift syndrome more applicable to mature
industry. Such industries enjoy prosperity for many
years in a protected environment where competition
is not very intense and margins are decent.
• This state of affairs mainly due to market
imperfections caused by factors such as patent
protection and import barriers.
• Seismic shift takes place when these factors
disappear. Deregulation, globalisation and
technological discontinuities are some of the factors
that cause a seismic shift.
Atmaram Cheruvu
Mobile: +91 9987020900
• Boom & Bust Survivors are called Adaptive survivors-
Example-Dell Computers-Survived due to lean build to
order direct selling model. Dell is now the one of the largest
manufacturer of PC’s in the world.
• Seismic shift Survivors are called “Aggressive
Amalgamators”. They usually make one or more of these
moves: Rapidly acquire and absorb smaller rivals, cut
operating costs and invest in technologies that increase the
minimum scale required for efficient operations.
• https://www.pocket-lint.com/apps/news/143315-28-tech-
brands-that-spectacularly-went-bust-or-disappeared-from-
existence
Atmaram Cheruvu
Mobile: +91 9987020900
Framework for making strategic Moves
• Strategic Moves can be broadly classified into
three: Capacity expansion, Vertical integration
and Diversification. Each of these could be in
form of greenfield project or mergers and
acquisitions.
Atmaram Cheruvu
Mobile: +91 9987020900
Capacity Expansion
• Growing an existing business often involves expansion of capacity, in
terms of plant, human resources, technological infrastructure, R&D
facilities, etc. Any major capacity expansion is a strategic decision that
involves significant resource commitments and is often difficult to
reverse. So such a decision has to be made carefully.
• Capacity expansion strategy is often narrowly applied to manufacturing.
But in many businesses, there is no or little manufacturing. So, capacity
needs to be understood in terms of the investments made in the most
critical area of the value chain. Thus, in the pharmaceutical industry,
capacity has to be defined in terms of scientific manpower and sales
force. In a software development company, capacity has to be
understood in terms of the number of programmers employed. In a
Business School, capacity may be defined as the number of professors
available to teach students.
Atmaram Cheruvu
Mobile: +91 9987020900
Capacity Expansion
According to Michael Porter, the decision to expand capacity has
to take into account various factors. Some of them are:
• Future demand.
• Future input prices.
• Likelihood of technological obsolescence.
• Probable capacity expansion by competitors.
• Future industry capacity and individual market
shares.
Atmaram Cheruvu
Mobile: +91 9987020900
Vertical Integration
• Vertical integration is a strategy where a firm acquires
business operations within the same production
vertical. It can be forward or backward in nature.
Vertical integration can help companies reduce costs
and improve efficiencies by decreasing transportation
expenses and reducing turnaround time, among other
advantages. However, sometimes it is more effective
for a company to rely on the established expertise
and economies of scale of other vendors rather than
trying to become vertically integrated.
Atmaram Cheruvu
Mobile: +91 9987020900
Diversification Strategy
• Diversification is an act of an existing entity
branching out into a new business
opportunity. This corporate strategy enables
the entity to enter into a new market segment
which it does not already operate in. The
decision to diversify can prove to be a
challenging decision for the entity as it can
lead to extraordinary rewards with risks.
Atmaram Cheruvu
Mobile: +91 9987020900
Managing Technological Risks
ATMARAM CHERUVU
2017-2019 PGDM
Managing Technology Risks
• Firms competitiveness is significantly influenced by its
ability to respond to new product or process
technologies.
• Technological change is normally characterized by a high
degree of uncertainty. Even if technical feasibility of an
innovation has been established, there may be
considerable uncertainty about its commercial viability.
So early commitment to new technology is not a easy
decision.
• Commit to new technology too fast and burn fingers or
wait and watch as competitor adopts new technology
and throws you out of business.
• Firms competitiveness is significantly influenced by its
ability to respond to new product or process
technologies.
• Technological change is normally characterized by a high
degree of uncertainty. Even if technical feasibility of an
innovation has been established, there may be
considerable uncertainty about its commercial viability.
So early commitment to new technology is not a easy
decision.
• Commit to new technology too fast and burn fingers or
wait and watch as competitor adopts new technology
and throws you out of business.
• Innovation: “The means by which the entrepreneur either
creates new wealth-producing resources or endows existing
resources with enhanced potential for creating
wealth”……..Peter Drucker.
• Product innovations can help a firm offer a innovative
product that customers value.
• Process innovations can make an organization to make
something more efficiently and pass on the cost savings to
Customers. This includes making manufacturing process
more efficient through automation, simplification, better
process control, lower energy consumption, etc.
• Innovation cycle time has reduced due to rise of
“knowledge economy” and rise of “Venture Capitalists”.
Managing Technological Risks
• Technology should add value and allow the firm to
charge a price for the value provided.
• Product innovations can help a firm to give innovative
products that customers value.
• Process innovations, which make manufacturing process
more efficient through automation, simplification, better
process control, lower energy consumption, etc, can help
a organization use this efficiency generated to reduce
costs and pass on this benefit to customers.
• Speed of technology development has increased
dramatically and hence innovation cycles have become
shorter.
Innovations
• Peter Drucker: “To be effective, an inovation has to be simple
and it has to be focused. It should do only one thing; otherwise
it confuses people. Indeed, the greatest praise an innovation can
receive is for people to say ‘This is Obvious! Why didn’t I think of
it? It’s so simple’……Innovations which do not aim at leadership
do not make much impact”.
• Innovations begin with analysis of opportunities.
• We should look at what opportunity innovation will satisfy and
how customers perceive it.
• Innovate not for the future but for the present. There should be
immediate application of innovation.
• Innovations must always be close to the market, focussed on the
market and market driven.
Commercializing Innovations
• What is the likelihood customers will be attracted to new
technology? Need to look at various stages of customer
experience like purchase, delivery, use maintenance and
disposal. Environmental friendliness, convenience,
simplicity and customer productivity are crucial.
• What is the price that will attract the largest number of
customers? If product is difficult to imitate or well
protected by patents, high price is possible.
• Will new technology evolve into or help in building a
profitable business? Generating positive cash flows very
important. If price beyond reach of customers, options
like leasing or renting product on time share basis can be
considered.
Learning from Silicon Valley
• People in Silicon Valley are generally convinced that only
radical innovation can create new wealth and not
improvements in existing processes.
• Budding entrepreneurs in the valley can try their luck
with several Venture Capitalists while in large corporate,
the top management is one point authority for approving
new projects.
• No prejudice in the valley on who can or cannot succeed.
Technology Risks
• Bad Fit: It is critically important to choose
tools and technologies that solve your
organization’s problems. The fact that a
particular system offers much better support
for Feature X is interesting only if you actually
need Feature X. A system that works miracles
for another organization may not be
appropriate for your organization.
Technology Risks
• Deficient products. Some products do not
deliver what they promise, or a feature is
implemented in a way that does not solve the
problem you need to solve. You can avoid this
trap with pilot projects and other field testing.
Pay attention to industry rumours & gossip—
which vendors have good reputations? Which
vendors are heavily criticized? Are the
criticisms relevant to your requirements?
Technology Risks
• Customer support issues. How does the
vendor handle customer support? Are current
customers generally pleased with the vendor?
What happens when (not if) you uncover a
bug in the product? Good customer support
will mitigate the inevitable bumps in the road;
bad customer support will magnify them.
Technology Risks
• Scalability. Is the technology designed to
handle the current requirements? What if you
are wrong about the scope and you need to
scale up significantly? For example, what if an
unexpected acquisition triples the scale you
are managing? Can the product/technology
handle additional requirements? Will the cost
of the product increase?
Framework for Managing
Technology Risks
• The basic aim of differentiation is to provide something
extra that the customers value and charge a premium for
it. If customers do not value additional features,
differentiation as a competitive strategy will not be
effective.
• Watch out for inflection points (points of sharp
discontinuity). When customer needs are more than
satisfied and differentiated offerings of existing players
lose their meaning, inflection points may occur.
• Conventional planning, budgeting and investment
appraisal could be counter productive. Dollars lost are
highly visible but dollars foregone are totally invisible.
Technology Risks
• Encouraging New Mindset in organizations- To quote
a CISCO employee “If we do not make it easy for our
customers to replace our products with newer
technologies, our competition will do it for us”. One
way to encourage new mindset is to create small
empowered teams outside the main organization
and allow them to try new technologies. “Attacking &
Defending has to be done by separate organizations”.
• After the new division has reached critical mass, it
makes sense to bring it back to the main
organization.
Technology Risks
• Stewardship is safeguarding existing skills & assets.
Entrepreneurship is creating something new. For
innovations to take place, emphasis must shift from
resource allocation to resource attraction. Resource
allocation is about managing downside. Resource
attraction is about creating upside.
• Innovations that destroy established core
competencies almost always come from outside,
while those that enhance these competencies may
come from inside the industry.
• Outsourcing.
• M&A.
• Strategic Alliances & Spin-offs.
Managing Information
Technology Risks
ATMARAM CHERUVU
PGDM 2017-19
Critical Elements for Success
• Access Control
• Network Security
• Data Integrity
• Asset Management
• Software Acquisition & Development.
Access Control
• Unauthorized access by insiders and knowledge from insiders
are two common denominators to many costly crimes. In
addition to these deliberate breaches of security, unintended
damage by employees, such as file deletion and virus release,
result in costly reparations.
• Effective access-control measures will help mitigate the risk of
both conscious and unconscious damage. An effective setup
should keep intruders out and should grant insiders access only
to the minimum number systems necessary. Clearly-defined
policies and procedures should be set regarding an individual’s
influence on the computing environment. Employee
extrapolation given limited data must also be considered in
order to protect company and customer information.
Access Control
• The degree of access control necessary will ultimately
depend on the value of the data it protects. The type of
access control measures necessary can range from low-
security passwords to high-security biometric scans.
• Auditors can be of help by asking common sense
questions regarding aspects of access control such as
password change policies, time limitations, and so forth.
Network Security
• Organizations must consider outside intruders such as
hackers and software engineers who specialize in finding
ways around access controls. Risk of such individuals gaining
access to protected systems and information is increased by
interconnectivity between systems of different organizations
and reliance upon the Internet as a means of transferring
information.
• Intruders using computer technology as a means of
infiltrating an organization include both creators of spam,
worms, and viruses, which target multiple systems with
widespread effects, and also hackers, who target specific
systems with goals in mind including information collection,
company harm, and personal statement distribution.
Network Security
• Companies must consider all of the ways in which data
flows into and out of their systems and target the
weakest links in order to protect against such malicious
activity. The transmission of information across
airwaves, through technology such as wireless routers
and infrared ports, is especially open to hacking because
signals are not contained physically. Scenario planning
can aid in the review process, and recovery in the case
of a problematic event should be considered.
Network Security
• Social engineers use personal interaction with people
who have access to systems in order to gain access
themselves. The impersonation of IT employees over
the phone is one example of a social engineering tactic
used to gather information from employees such as
passwords and usernames. Organizations must train
their employees regarding potential social engineering
risks present in normal conversation.
Data Integrity
• Given the role that data plays in decision-
making and important everyday operations of
organizations, the integrity of a given
organization’s data should be considered from
many angles, including its source, input,
processing, and protection. A company’s
success or failure can hinge on the results of
correct or incorrect data.
Data Integrity
• Sources of data should be trustworthy and
unified, and assumptions and extrapolations
made from that data need to be
questioned. Data input checks such as field
validation and naming policies minimize errors;
field validation protects data by ensuring that
data in a given field conforms to set standards,
while naming policies keep computers from
interpreting slightly different names of the
same entity as two separate entities.
Data Integrity
In the consideration of data processing, many
spreadsheets contain errors, such as rounded
multipliers, which can change the final output of a
complex calculation by a considerable amount,
potentially causing an organization to make incorrect
or even unlawful payments or collections
unknowingly. In addition to spreadsheet, the actual
programs used to process data need to be tested
thoroughly, which is not always the case with
freeware and shareware programs. Finally, an
organization should protect its data by backing it up
regularly.
Asset Management
• The computers and other technological devices
which store such data are themselves valuable and
costly as well. Hardware equipment is subject to
theft, damage, impoundment, and maintenance
costs. Portable devices such as laptops are especially
vulnerable to the two former risks, whereas they and
all stationary devices are subject to the two latter
risks. Upon the decision to dispose of hardware, an
organization must take into account the sensitivity of
the data on the machine in determination of its
destruction process.
Asset Management
• Software applications pose legal and security risks to
organizations, given that licensing restrictions are easy to
overlook and much data is transferred between
machines by software. In order to keep a company free
of illegal software, especially risky in the face of publisher
audits, internal auditors should ensure that IT is
responsible for installation and removal of software and
that software meant to remain on particular machines is
not re-used elsewhere. Controlled purchasing and
installation of software keeps track of all software being
placed on a company’s machines, and regular audits
expose unauthorized software and lead to its source.
Asset Management
• People pose additional risks in consideration of asset
management when they become addicted to
counter-productive computer activities, download
hacker-enabling files, and share illegal files using their
machines. The computer activity of employees
should be managed carefully, and clear policies
should outline computer use expectations.
Technological solutions are also available that limit
use and monitor activity.
Software Acquisition & Development
• An organization’s purchase of software applications
poses risks in terms of its usability, effect on customers,
legal issues, and effect on company
processes. Software tends to be most expensive when
developed within a company with the input of outside
consultants, and software intended from its onset to
perform its function within the company tends to
reduce overall risk and minimize costs. A company
must be especially careful when choosing Internet-
based applications because the lifespan of software is
much shorter due to competition and the speed of
development.
• Organizations purchasing software must be especially
careful with contracts. Contracts should address
intellectual property and copyright issues in order to
avoid problems such as unexpected royalty
fees. Extensive testing and re-testing of software by both
technical experts and end users should ensure the
performance of both custom-developed and
commercially acquired products. Considering the
significance of any acquired or developed software in
affecting the functions of an organization, an auditor
must reflect on basic concerns such as the supplier
reputation, former customer opinions, company aims,
testing strategies, and customer impact.
• A successful internal auditor can take into
consideration the multi-faceted and ever-changing
nature of technology risks within a company and
ensure that measures imposed by management
provide both flexibility and restriction where they are
necessary to allow for effective and realistic business
function. The use of common sense in general audits
can lead to significant findings even when compared
to complex technical reviews, which yield ineffective
results if not supported by a strong foundation.
Risks in Mergers, Acquisitions &
Strategic Alliances
ATMARAM CHERUVU
2017-2019 PGDM
Mergers & Acquisitions
• “There is a serious problem facing senior executives
who choose acquisitions as a corporate growth
strategy. My study reveals that fully 65 per cent of
major strategic acquisitions have been failures. And
some have been truly major failures resulting in
dramatic losses of value for the shareholders of the
acquiring company. With market values and
acquisition premiums at record highs, it is time to
articulate demanding standards for what constitutes
informed or prudent decision-making. The risks are
too great otherwise.” - Mark L Sirower (expert on
M&A).
• “There is a serious problem facing senior executives
who choose acquisitions as a corporate growth
strategy. My study reveals that fully 65 per cent of
major strategic acquisitions have been failures. And
some have been truly major failures resulting in
dramatic losses of value for the shareholders of the
acquiring company. With market values and
acquisition premiums at record highs, it is time to
articulate demanding standards for what constitutes
informed or prudent decision-making. The risks are
too great otherwise.” - Mark L Sirower
Triggers for M&A
• Increased Global Competition.
• Regulatory Changes
• Fast changing technology.
• Need for faster growth.
• Industry excess capacity.
M&A in India
Recent Indian Deals
• Walmart Inc.’s $16 billion acquisition of a majority
stake in Indian e-commerce company Flipkart Online
Services Pvt. Ltd.
• Vodafone India and Idea Cellular, two of India top
wireless carriers, are merging operations in the
country to create an entity that will be equally
owned by UK’s Vodafone Group and India’s
diversified Aditya Birla Group. Value: USD 23 billion.
• Daiichi bought the Ranbaxy- Singh brothers’
34.82 per cent stake for USD 2.4 billion in 2008. The
total deal value was USD 4.6 billion.
Recent Indian Deals
• UltraTech Cement completed the USD 2.54 billion
acquisition of Jaiprakash Associates' six integrated
cement plants and five grinding units, having a
capacity of 21.2 million tonnes last year. Post-
acquisition, UltraTech has become the fourth largest
cement player globally, excluding Chinese players.
The deal has also helped Jaypee Group, which can
reduce its debt that runs into thousands of crores of
rupees.
Recent Indian Deals
• India’s UPL Ltd. has said it will acquire Arysta Life
Science Inc. from Platform Specialty Products Corp. for
about $4.2 billion in an all-cash deal, making it the
largest outbound deal for the year so far.
• Hindalco Industries Ltd., controlled by billionaire
owner Kumar Mangalam Birla, agreed last week to
acquire US aluminum producer Aleris Corp. for about
$2.6 billion.
• M&A is a strategic move since it can make or break a company.
• Challenges to M&A are “Valuation of company being acquired”
and “integration of pre-merger entities”.
Why Mergers are Risky?
• Difficult to reverse.
• Failed merger can disrupt work process, diminish
customer confidence, damage the company’s
reputation, cause employees to leave and result in
poor employee motivation levels.
• Too much stress on strategic, unquantifiable benefits
of deal.
• Wrong integration strategies.
• Over-Valuation.
• Most companies fail to undertake a thorough risk
analysis before making an acquisition. Which is why
they end up burning their fingers.
• Over-Valuation- Mark Sirower says, “When you make
a bid for the equity of another company, you are
issuing cash or claims to the shareholders of that
company. If you issue claims or cash in an amount
greater than the economic value of the assets you
purchase, you have merely transferred value from
the shareholders of your firm to the shareholders of
the target – right from the beginning.”
• Many companies are confident about generating cost
savings before the merger. But they are unaware of the
practical difficulties involved in realising them.
• Many firms enter a merger hoping that efficiency can be
improved by combining the best practices and core
competencies of the acquiring and acquired companies.
Cultural factors may however, prevent such knowledge
sharing.
• Revenue growth, the reason given to justify many
mergers, is in general more difficult to achieve than cost
cutting. In fact, growth may be adversely affected after a
merger if customer or competitor reactions are hostile.
When Acquisition makes Sense?
Porter argues that acquisitions make sense only when
three conditions hold good:
• The acquired company’s management is more keen on
withdrawing, than continuing to run the operations.
So, the minimum price, it expects, is quite low.
• The market for companies is imperfect and does not
eliminate above-average returns through the bidding
process.
• The buyer has unique abilities and competencies which
it can use to manage the acquired company’s business
far more efficiently and effectively.
Identifying Synergies
• Aim of acquisition is to make the merged entity more
valuable than the sum of the values of pre-merger entities.
• In almost two out of three acquisitions, the acquirer’s stock
price falls after the deal is announced. This is a clear
indication that the markets tend to be cynical about the
realisation of the synergies projected. One reason could be
that the markets have already discounted the expectation
of an improvement in the operating performance of the
acquired company.
• At a more strategic level, acquisitions, by engaging the top
management in the integration process may allow
competitors to leap ahead.
Identifying Synergies
• Much of the risk in an M&A deal arises from the
acquiring company’s inability to identify and quantify
synergies accurately. Often, the synergies which are
highlighted, do not materialise, while those which may
have been completely overlooked become very
important.
• It is easier to achieve cost reduction than to boost
sales. When Citibank merged with Travelers, the
merged entity quickly reaped profits from cost cutting,
but its expectations on cross selling different financial
services to customers did not quite materialise.
Arriving at Premium
• Porter points out that an efficient market precludes the possibility
of the new company generating more returns than what the pre-
merger entities generated before the merger. If the management
of the acquired company is sound and the company itself has a
bright future, its market price would already have been bid up.
On the other hand, if its future is bleak or the management is
weak, the stock price could be low, but the infusion of capital and
effort required to turn it around could also be massive.
• As Porter puts it: “To the extent that the market for companies is
working efficiently, then, the price of an acquisition will eliminate
most of the returns for the buyer… The market for companies and
the seller’s alternative of continuing to operate the business,
work against reaping above-average profits from acquisitions.
Perhaps, this is why acquisitions so often seem not to meet
managers’ expectations.”
Arriving at Premium
According to Sirower, the acquiring company must consider the
following while working out the premium:
• Market expectations about the acquired company, when
considered alone.
• Impact on competitors and their possible responses
• Tangible performance gains from the merger and the
management talent necessary to achieve the gains
• Milestones in the implementation plan
• Additional investments which will be necessary
• Comparison of the acquisition with alternative investments.
The board has to ensure that senior management’s personal
interests do not supersede the interests of shareholders, while
fixing the premium.
Integration
• Integrating Computer systems.
• HR Issues-Pay parity, talent retention, downsizing
activities.
• CO-CEO’s.
• Cultural Integration.
• Quick decisions while managing change.
• Creating implementation team.
Role of Communication
• The certainty of misery is better than the misery of
uncertainty. Lack of communication increases
uncertainty and weakens the confidence of
employees in the management. A good
communication strategy is necessary to ensure that
rumors are not allowed to fill the information gap.
• Later, when employees have to adjust to the
changes, frequency of communication becomes
important. Frequent communication however does
not mean that all details must be communicated.
Managing Risks in Strategic Alliances
• Acquisitions are different from strategic alliances.
While an acquisition involves gaining control of
another corporate entity, a strategic alliance is a
more flexible and open-ended arrangement, in which
the different partners retain their individual
identities even if they exchange equity stakes.
• Porter argued that strategic alliances involve
significant costs in terms of coordinating, reconciling
goals and sharing profits, and could at best be
transitional. Thus, one needs to understand the pros
and cons before going ahead with a strategic alliance.
• Alliances involve a delicate balancing act between control
and autonomy. It is often the attempt made by one
partner to dominate the other that leads to the break-up
of an alliance.
• Before going ahead with an alliance, companies should
carefully analyse the value chain to determine which
activities should be retained internally and which can be
shared with partners. It is also important to examine
carefully whether the scope of the alliance should be
limited to start with and expanded over time. A related
issue is whether to choose one partner for many
activities or different partners for different activities.
• Unintended leakage of knowledge is a big risk in strategic
alliances.
• A systematic and pragmatic approach right from the
negotiation stage can minimize risks in strategic alliances.
The partners should painstakingly identify potential
problems and devise ways to solve them. Crisis situations
should be anticipated and a code of behaviour prescribed
for dealing with them.
• Top management commitment holds the key to the
success or failure of an alliance.
• The success of a strategic alliance depends critically on
the partners’ commitment to learning.
• Management of expectations is a crucial issue in
strategic alliances.
• Contrary to popular notions, absence of conflicts
may not necessarily imply that the alliance is
succeeding. It is quite possible that the two partners
have ‘given up’ or one partner is dominating the
other. Occasional conflicts may reflect a more normal
situation. The trick obviously lies in managing these
conflicts tactfully.
Managing Environmental &
Political Risks
ATMARAM CHERUVU
2017-2019 PGDM
Unit 4: Managing Environmental & Political Risks
• Understanding Environmental and Political

Risks
• Evolution of Political Risk Management
Identification and Analysis of Political Risks
• Country Risk Assessment – Different
Approaches to Dealing with Political Risk
Atmaram Cheruvu
Mobile: +91 9987020900
Environmental Management-Myths vs Reality
• Myth 1: Environmental costs have rocketed but the worst is almost
over.
• Reality: Given current regulation, law and public feeling,
environmental costs are unlikely to come down.
• Myth 2: Costs are uncontrollable and non-discretionary.
• Reality: There is much more control and discretion than is
commonly perceived.
• Myth 3: Regulations have the same impact on all competitors in an
industry.
• Reality: The impact of regulations is uneven, disadvantaging some
and benefiting others.
• Myth 4: Just do the right thing
• Reality: What is right depends on the situation.
Managing Environmental Risks
• Environmental risk is the possibility of degradation of
the environment owing to human activities, resulting
in direct or indirect harm to people.
• The best way to view environmental risk is as
another type of business risk. Organizations should
recognize the fact that by tackling environmental
problems, there may not be any immediate
improvement in the bottom line. In fact, huge costs
may be incurred. However, it is wrong to assume that
investments made to improve environmental
performance never pay off.
• Many companies wrongly equate environmental risk
management with regulatory compliance. Actually, there is
much more control and discretion when it comes to
environment related expenditures, than commonly assumed.
Regulation is subject to numerous interpretations. Like many
other investments, beyond a point, expenditures incurred in
improving environmental performance may show a negative
pay-off.
• The right way to manage environmental risk is to integrate it
with the company’s overall risk management processes.
Those responsible for managing environmental risks must be
clear about the potential benefit of their investments and
should be able to justify the level and type of investment
they have chosen.
• Sometimes, companies close plants in a hurry without
considering the implications. Regulators may intervene and
demand expensive clean up operations, because there is no
need to worry about people losing their jobs. (They might
not have done so if the plants were operational and there
were fears of job losses. In some cases, companies have even
reopened their plants, in view of such possibilities).
• Very often, managers are committed to improved
environmental standards but do not involve nearby
stakeholders before taking major decisions. Due to poor
communication and a failure to take the local community
along, they run into problems, even after making heavy
investments to improve their environmental management
practices.
• Environmental disasters can bring the companies involved
into disrepute, invite the intervention of regulatory
authorities and dramatically increase the cost of doing
business.
• Companies aren’t in business to solve the world’s problems
nor should they be. After all, they have shareholders who
want to see a return on their investments. That’s why
managers need to bring the environment back into the fold
of business problems and determine when it really pays to
be green… The truth is, environmental problems do not
automatically create opportunities to make money. At the
same time, the opposite stance – that it never pays for a
company to invest in improving its environmental
performance – is also incorrect.
Bhopal Gas Accident
• 3rd December 1984.
• Usd 470 million payout by Union Carbide.
• Pesticide plant.
• In August 1975, the Commissioner and Director of
Town and Country Planning for Madhya Pradesh
(MP), M N Buch recommended that the UC plant be
relocated 15 miles away. This recommendation was
ignored. In October 1975, the Indian Government
awarded a license to UC to manufacture and store
MIC at the plant.
Bhopal Gas Accident
• Due to the hazardous nature of MIC, the standard
practice was to manufacture it only as and when
needed. UC was however, concerned about
disruptions in production of MIC due to failures in
power and water supply. Consequently, it decided to
store MIC in 3 x 15,000 gallon tanks.
• Meanwhile, the changing business scenario in the
early 1980s, began to create problems for UC. There
was stiff competition from local small scale units.
Moreover, the country went into a recession and
many farmers cut back on consumption of pesticides.
Bhopal Gas Accident
• The poor safety practices and the declining profitability
prompted many talented engineers to leave the company
in the early 1980s. Consequently, safety practices became
even more lax.
• In 1982, the parent company decided to conduct a safety
audit of the Bhopal plant. It became evident that many of
the basic safety rules were being violated.
• On December 2, 1984, workers were asked to clean the
pipes that went from the MIC storage tanks to the vent
scrubbers. The operation continued even though the flow
of water was not as desired. Due to the absence of a
blocking device, water entered E610, setting off a violent
reaction.
Bhopal Gas Accident
• In the early hours of December 3, 1984, 45 tons of
MIC escaped into the air. The gas, which was heavier
than air, began to settle down. But a gentle wind
moved it over an area of about 40 sq km. Residents
woke up as the gas began to suffocate them. There
was no warning nor any action to facilitate quick
evacuation. When victims arrived at hospitals, the
doctors were not sure about how to treat them.
Bhopal Gas Accident
• Looking back, it is clear that UC did not have any systematic
process in place to handle disasters in the event of their
occurrence. Inadequate safety procedures became even more
lax when the plant started making losses and attention shifted to
cost-cutting. The factors which together contributed to the
disaster were:
• Sustained erosion of good maintenance procedures due to all
around cost- cutting, since the plant was
making a loss.
• Poor training of plant personnel.
• Depleting inventories of vital spares.
• Inadequate spending on capital equipment.
• High turnover of competent technical staff.
• Understaffing of important points.
Managing Political Risks
• Political risk covers actions of governments and
political groups that restrict business transactions,
resulting in loss of profit or profit potential. In
extreme cases, political risk may include confiscation
of property. Usually, however, political risk arises due
to various restrictions imposed by the government.
Political risk analysis is quite common in the case of
foreign investments. This may also be necessary in
some domestic situations.
• Civil strife, War, Kidnapping, Sudden tax hikes, Hyper
inflation and Currency crises come under the broad
category of political risk.
Different Manifestations of Political Risks
• Actions against personnel, like kidnapping.
• Breach of contract by government.
• Civil strife.
• Discriminatory taxation policies.
• Expropriation or nationalization of property.
• Inconvertibility of currency.
• Restrictions on remittances.
• Terrorism
• War
Evolution of Political Risk Management
• The art of political risk management was first mastered
by the large oil companies, who faced political risk as
they expanded their operations across the world. They
found themselves helpless when political upheavals
took place, like the communist takeover of the oil fields
in the Caspian Sea, expropriation in Mexico and the
growth of nationalism in Venezuela, Saudi Arabia and
Iran. The initial reaction of these oil companies was to
enlist the support of their government and demand
retaliatory measures. Gradually however, they realized
the need to be more proactive and to reduce their
dependence on government support.
Evolution of Political Risk Management
• Multinationals in other industries also realized the importance
of dealing with political risk in a systematic and structured way.
Companies like Ford, General Electric and Unilever developed in-
house capabilities for political risk analysis.
• When the Cuban revolution took place in 1959, Fidel Castro’s
communist regime nationalized all foreign investments. Most US
firms were taken unawares and few had taken insurance covers.
US firms lost an estimated $1.5 billion following the Cuban
revolution.
• Between 1960 and 1979, governments in 79 countries
expropriated the property of 1660 firms. The risk was highest in
resource intensive industries and in countries where
revolutionary regimes had seized power.
Variables leading to major loss
• Equity restrictions
• Exchange controls
• Fiscal/monetary expansion
• Foreign currency debt burden
• Labour cost expansion
• Tariffs
• Non-tariff barriers
• Payment delays
• Interference in maters such as personnel, recruitments, etc.
• Political turmoil
• Restrictions on repatriation of dividends or capital
• Discriminatory taxation
Identification & Analysis of Political Risks
• There are three types of political risk – Transfer risk,
Operational risk and Ownership Control risk. Transfer
risks arise due to government restrictions on transfer
of capital, people, technology and other resources in
and out of the country. Operational risks result when
government policies constrain the firm’s operations
and decision-making processes. These include pricing
and financing restrictions, export commitments, taxes
and local sourcing requirements. Ownership control
risks are due to government policies or actions that
impose restrictions on the ownership or control of local
operations. These include limits on foreign equity
stakes.
Macro Political Risk Analysis
• At a macro-level, MNCs should review major political
decisions or events that could affect enterprises across
the country on an ongoing basis. One important event
which business leaders monitor closely is elections.
Political swings to the left are normally bad for business.
Some companies closely align themselves with the
ruling party. When the opposition comes to power, they
face problems. Regions where political unrest is
common are best avoided by MNCs. This is especially
applicable to parts of the Middle East, eastern Europe
and Africa . The probability of moderate governments
being supplanted by extremist regimes must be
carefully evaluated.
Micro Political Risk Analysis
• Companies need to understand how government
policies will influence certain sectors of the economy.
Examples include specific regulations, taxes, local
content laws and media restrictions. Businesses may be
given preferential treatment based on the priorities of
the government. It is a good idea to understand these
priorities and explain to the government how the
company’s policies are consistent with these priorities.
PepsiCo, while entering India gave an assurance to the
government that it would develop processed food
industries in Punjab, along with its core beverages
business. This was a decisive factor in getting the
approval for entry into a crucial emerging market.
Country Risk Assessment
• Economic and social performance
• The country’s goals and policies
• The political, institutional, ideological, physical
and international context.
Economic Performance
• Balance of payments
• Currency movements
• GDP growth
• Inflation
• Savings rates
• Unemployment
• Wage costs
Social Performance
• Distribution of income
• Educational achievements – literacy
percentage and number of average years of
schooling
• Life expectancy
• Migration
• Nutrition standards
• Population growth
• Public health
Goals & Policies
• Fiscal policy
• Foreign policy
• Foreign trade and investment policies
• Industrial policy
• Monetary policy
• Social policies
Political Context
• Mechanisms for transition of power
• Key power blocs
• Extent of popular support for the government
• Degree of consensus in policy making
• The processes through which political
differences are resolved
Institutional Context
• Independence of the judiciary and the executive
• Competence and honesty of bureaucrats and senior
government officials
• Importance of informal power networks outside the
government
• Structure, technology, management practices and
financial strength of business institutions
• Labour conditions, including pattern of unionisation
and collective bargaining practices
Ideological Context
• The rights and duties of the members of
society
• Whether there is a broad consensus
• Serious ideological tensions
Methods for reducing Country Risk
• Keeping control of crucial elements of operations
Maintaining close control of key operations can force the
government into a state of dependence on the firm. This
method may however, not be sustainable beyond a point of
time. In the long run, local people may pick up skills. Also, the
host government may feel that such skills can be purchased
for a price from other sources.
• Proactive approach to planned divestment
One way to prevent government interference is to give an
assurance that ownership will be handed over partially or
completely to local people in a phased manner. This helps the
company to generate goodwill and win the support of the
government.
Methods for reducing Country Risk
• Joint ventures
Joint ventures can minimize expropriation risk.
• Local debt
By raising debt in the host country, the risk of expropriation can be
minimized. However, countries with high political risk often tend to
be ones with poorly developed capital markets or a small base of
equity holders. Consequently, mobilization of capital in the local
markets, may be difficult beyond a point.
Managing Ethical, Legal &
Reputational Risks
ATMARAM CHERUVU
2017-2019 PGDM
Unit 5: Managing Ethical, Legal &
Reputation Risks
• Understanding Legal and Ethical Risks
• Growing importance of Ethics – Corporate
Governance
• Managing Legal Risks faced by Companies
Atmaram Cheruvu
Mobile: +91 9987020900
Understanding Legal & Ethical Risks
• Late 1990’s, 20% of the population in South Africa
tested positive for AIDS. Government allowed import
& production of cheap generic substitutes for
patented drugs. Merck & other leading pharma
MNC’s complained that it is clear violation of IPR.
• Many times doing what is legal is not enough.
Unethical companies face resistance & hostility from
society.
• Both illegal & unethical policies cause huge
reputation risks.
Growing Importance of Ethics
• CIPLA
• Manville
• Johnson & Johnson.
CIPLA
• Like it or not – and the international pharmaceutical industry
doesn’t – an Indian drug company is boldly reverse-
engineering and selling high quality copies of drugs cheaply. It all
began at the turn of the century in Mumbai.
• Providing a turning point in the history of AIDS therapy, on 6th
February 2001, the 80-year-old pharmaceutical
company Cipla (Chemical, Industrial and Pharmaceutical
Laboratories) developed a revolutionary anti-HIV drug ‘cocktail’
made up of three drugs – Nevirapine, Didanosine and Zidovudine.
Then it shocked the world by offering it to poor African countries
and aid groups for $350 a year, prompting several major
pharmaceuticals to lower prices. At less than a dollar a day, that
was one thirtieth of the standard price. Today one in three people
living with HIV in the world are taking a Cipla drug for treatment.
Manville
• Manville, the asbestos company which filed
bankruptcy in 1992. Manville had known for years
that asbestos inhalation resulted in lung diseases.
But it concealed the information from affected
employees and customers. Justice finally caught up
and the company found itself facing 17,000 lawsuits.
Around 80% of the company’s equity was eventually
used to compensate the victims Manville had paid
dearly for fooling itself into believing that it was
cheaper to kill people than admit the dangers
associated with asbestos.
Johnson & Johnson
• Johnson & Johnson which faced a major ethical dilemma In
1982, when its Tylenol capsules, contaminated with cyanide
led to several deaths in the Chicago area. Although the
standard procedure would have been to recall only the
contaminated lot, Vice Chairman David Collins felt the right
thing to do was to recall the entire product line. Ultimately,
the company was absolved of blame. To this day, the
Tylenol recall remains a classic case study in business
ethics. Johnson & Johnson was guided by one of its core
values: “We believe our first responsibility is to the doctors,
nurses and patients, to mothers and fathers, and all others
who use our products and services… We are responsible to
the communities in which we live and work and to the
world community as well.”
Ethics in Action-Questions to ask
• Is the action legal?
• Is it right?
• Who will be affected?
• Does it fit Company’s values?
• How will I feel afterwards?
• How would it look in the newspaper?
• Will it reflect poorly on the company?
Growing Importance of Corporate Governance
• The board is the ultimate authority for decision-
making within a corporation. Unfortunately, many
boards, especially in India act like rubber stamps.
They tend to endorse whatever the CEO decides. So,
the composition of the board is very important.
Luminaries, who have professional expertise in their
respective fields must be invited as external
directors.
• Good corporate governance cannot be enforced only
by systems and procedures alone. Strong core values
are also necessary.
Corporate Governance at Infosys
Managing Legal Risks faced by Companies
• Class action suits.
• Product Liability.
• Managing Product Recalls.
• Safeguarding Intellectual Property.
• Managing anti-trust issues.
Class Action Suit
• A class action lawsuit is brought by or against
someone on behalf of other persons with a similar
grievance. The class is usually a group of plaintiffs
but may also be a group of defendants. For example,
plaintiffs injured by prescription drugs may sue all
the manufacturers of the drug as a class action
lawsuit if they have similar problems. Class action
lawsuits constitute a major risk to companies in
countries like the US. Such suits have the potential to
force companies into bankruptcies through litigation
costs and attorney fees even if they win the suits.
Class Action Suit
To facilitate class action, the person filing the suit must satisfy
the judge about the following:
• The class is sufficiently large so that adding people as actual
parties to a lawsuit is difficult. When there are only a few
people, they can all be asked to appear in court and a class
action suit may not be permitted.
• Without the class action mechanism, the judge may have to
rule on the same issue hundreds of times.
• A few parties submit a representation, which will
essentially involve the same legal and factual issues as the
other members of the class.
• The representative parties will fairly and adequately
protect the interests of the class.
Product Liability
• Product liability arises when a defective product causes
injury to persons or damages property. The liability
generally falls on the manufacturer. A person injured by
a defective product can claim damages without having
to prove that the manufacturer was negligent. The
injured person must only furnish evidence that the
product was defective when sold and the defect caused
the injury. Class action suits ensure that many suppliers
of the same product can be held liable according to
their market share, if it is difficult to pinpoint the
defect on one particular producer. In the US, under the
‘deep pocket’ principle, the company which can pay up
is held liable.
Managing Product Liability Risks
• Quality Control Systems.
• Quality Control Records.
• Design stage control systems.
• Material testing systems.
• Customer Complaints Handling systems.
Managing Product Recall
• Problems relating to defective products must be identified
early. Whether or not to recall the product depends on the
nature of the defects and whether the problems can be
attended to in the field. Recall procedures should be
planned well in advance. Unfortunately, many companies
continue to make ad hoc decisions in this regard.
• A strategic approach to product recall implies a cross-
functional approach spanning across planning, product
development, logistics, information systems and pubic
relations. sound management of product recalls will not
only ensure damage control but may even enhance the
reputation of the company by impressing the general public
about the good intentions of the company
Managing Product Recall
• Product recall manual & Product recall team to be in
place-When a crisis occurs, the team should make a quick
assessment of the situation and decide on the scale of
response – free repairs, selective recall or complete
recall.
• Although delaying the recall of an unsafe product may
increase the size and number of claims against the
company-not to mention potentially endangering
consumers and creating ill will – issuing a recall amounts
to admitting that there is a problem and may open the
door to a flood of lawsuits. The recall response team
should weigh all the factors carefully before making a
decision.”
Safeguarding Intellectual Property
• Since intangible, IP cannot be kept in lock & key. For
example, an invention has to be brought to open for
application in real world.
• Hence, state sets up a mechanism wherein it asks an
inventor to get his invention registered in his name.
Thereafter, the state prevents others from using that
idea and gives an exclusive opportunity to the
inventor, to use the idea. The inventor is free to use
the idea, sell it off or lease the right to use it.
• State also puts in regulations, control & curtailments
on rights for larger social good. Society cannot be
deprived of the benefits of the invention/innovation.
Different Kinds of Intellectual Property
• Creation of new substances, products, devices, technologies,
methods or processes, which are of value. These are protected as
Patents.
• Expression of human intellect in the field of art, literature, music,
films & broadcasts. These are protected as Copyrights.
• A person may create a new shape, configuration, pattern or
ornamentation, which itself can be of value. These are protected as
designs.
• A trademark, in the minds & imagination of the consumers,
becomes the very identity of the particular firm using it.
Appropriating a trademark is equivalent to appropriating firms
goodwill, earned over years. Hence, protected.
• Certain areas or regions acquire a certain reputation for their goods.
Geographical indication is another form of intangible property.
Managing Anti-Trust Issues
• What is competition in a market place?
The process of rivalry between business enterprises for
customers
• Competition the key driver
- Consumers (choice, quality, price)
- Economy ( Productivity, Growth, Wealth Creation )
- Society (Innovation, Welfare)
• Competition is not automatic
• Need for the market regulator

Managing Anti-Trust Issues
Objectives of Competition act
• To prevent practices having an adverse effect on
Competition
• To promote and sustain Competition in markets
• To protect the interests of consumers
• To ensure freedom of trade carried on by other
participants in markets in India.
Every action by organization should consider carefully
not to fall into the eyes of the regulator.
Managing Financial Risks
ATMARAM CHERUVU
2017-2019 PGDM
Unit 6: Managing Financial Risks
• Understanding financial Risks
• Steps in Financial Risk Management
• Role of Derivatives in Risk mitigation
Atmaram Cheruvu
Mobile: +91 9987020900
Understanding Financial Risks
• Financial risk management aims to reduce the
volatility of earnings and boost the confidence of
investors in the company.
 Credit Risk
 Market Risk-Interest rate risk, currency risk,
Commodity risk.
 Liquidity Risk.
Credit Risk
• Credit risk refers to the possibility of default by the borrower.
More generally, it refers to the failure of the counter-party to
honor its side of the contract.
• Credit risk is by far, the biggest risk that financial institutions
take and has been the root cause of many banking failures.
• Credit risk comes in two forms-Traditional Credit (loans) Risk
& Trading Credit Risk.
• The degree of credit risk varies depending on the stage of
financial distress. For example, even if there is no default, the
price of a bond may fall if the credit rating is downgraded.
The next stage is a default by the borrower. Then, there
could be bankruptcy if the borrower declares his inability to
meet his obligations. The last stage is liquidation when
receivers are called in to dispose off the asset.
Credit Risk Management
• The traditional approach to credit risk measurement
consisted of making credit checks on the party before
the deal, setting limits on loans and passing risk to
third parties through factoring and credit insurance.
Today, the approach has become more sophisticated,
thanks to the availability of credit derivatives. Banks
can analyse credit exposure in terms of concentration
by sector, geographical region or a group of clients and
optimise their portfolio accordingly.
*Factoring is a financial transaction and a type of debtor
finance in which a business sells its accounts receivable
(i.e., invoices) to a third party (called a factor) at a
discount.
Market Risk
• Interest rate risk arises when the income of a company
is sensitive to interest rate fluctuations.
• Currency risk is the uncertainty about the value of
foreign currency assets, liabilities and operating
incomes due to fluctuations in exchange rates.
• Commodity risk is the uncertainty about the value of
widely used commodities such as gold, silver, etc.
• Equity risk is the uncertainty about the value of the
ownership stakes, a firm has in other companies, real
estate, etc.
Liquidity Risk
• When there is a mismatch of assets and liabilities,
liquidity problems arise. Say the company has invested
heavily in long-term assets but has several short-term
liabilities. It runs the risk of failing to meet its
liabilities, even though it may be profitable in the long
run. Many small units are profitable if conventional
accounting norms are applied. But, often they have
their funds blocked in receivables and are unable to
pay their suppliers. This working capital squeeze leads
to their closure.
Steps in Financial Risk Management
• Avoidance: The firm can avoid holding financial assets
or liabilities whose values are uncertain.
• Diversification: Instead of concentrating assets in one
place, the firm can distribute them across several
locations or markets.
• Transfer: The risk can be eliminated by transferring the
asset/liability to another party. Alternatively, the
asset/liability can be retained by the company but the
risk can be transferred.
Role of Derivatives in Risk Mitigation
• Derivatives are derived from underlying instruments. Thus
an interest rate future is derived from a bond, treasury bill,
a deposit etc. A stock index future is derived from a stock
index. Similarly, foreign currency futures are derived from
the underlying spot market for that currency.
• Derivatives are a cheap and efficient way of transferring
risk from a party which does not want to retain it, to one
which does not mind holding it.
• The distinguishing characteristic of derivatives is the
leverage they offer. The value of a position, which a
derivative represents is far greater than the down payment
made by the trader. This leverage makes derivatives cost
effective in a positive sense and risky in a negative sense.
• A futures contract is simply an agreement to give or
take delivery of a specified quantity of a commodity of
a particular grade at a definite location on a future
date. The contract is standardised to ensure adequate
liquidity in the market. For instance, all commodity
futures contracts traded on futures exchanges, are
standardised with respect to quantity, grade, delivery
month and place of delivery. Similarly, all currency
futures contracts are standardised with respect to
quantity.
• Futures can be used to hedge foreign exchange,
interest rate, commodity and various other exposures.
• An option is essentially a contract in which the buyer has
the right but not obligation to purchase or sell an
underlying asset at a specified price (strike price). In
return for granting this right to the buyer and for being
prepared to sell or buy the asset at the strike price, the
option seller (writer) receives a fee which is referred to
as the option premium.
• A call option allows the buyer to buy an asset at a pre-
specified strike price while a put option gives the buyer a
right to sell the asset at an agreed upon strike price. An
European option can be exercised only at maturity while
an American option can be exercised at any time from
the date of purchase to the date of maturity.
• Swap is an agreement to exchange one asset or debt for a
similar one. The purpose is to lower risk for both parties.
Most of them are either currency swaps or interest rate
swaps.
• A Forward Rate Agreement (FRA) is an agreement between
two parties in which each party guarantees to the other a
certain rate of interest on a specified date in the future. If
the actual interest rate exceeds this rate, one party, say A, will
receive compensation from the second party, say B. On the
other hand, if the interest rate turns out to be less than the
contracted rate, A will pay compensation to B. Since the
compensation is payable at the beginning of the tenure of the
instrument, it is discounted at the actual rate of' interest
applicable for investment or borrowing as the case may be
Managing Marketing Risks
ATMARAM CHERUVU
2017-2019 PGDM
Unit 7: Managing Marketing Risks
• Understanding Marketing Risks – Challenges

• Building Customer Loyalty – Branding Risks
• Product Development and Pricing Risks –
Supply Chain Risks.
Atmaram Cheruvu
Mobile: +91 9987020900
Understanding Marketing Risks-Challenges
• “Many of the pioneers of Internet business, both dot-
coms and established companies, have competed in ways
that violate nearly every precept of good strategy.
Rather than focus on profits, they have sought to
maximize revenue and market share at all costs, pursuing
customers indiscriminately through discounting, give-
aways, promotions, channel incentives, and heavy
advertising. Rather than concentrate on delivering real
value that earns an attractive price from customers, they
have pursued indirect revenues from sources such as
advertising and click-through fees from Internet
commerce partners”. - Michael E Porter
• To retain their competitive edge, companies have to offer
products that provide value to customers. If a company
does not have a product to sell or if it has a product, which
is inferior to what competitors are offering, it cannot
survive in the long run.
• Each new product launch involves risk. Similarly,
dependence on a few customers also results in risk. Wrong
communication strategies can dilute or harm the image of
a brand. An organization is also exposed to risk when its
distribution channels wield high bargaining power. In short,
marketing risks refer to the uncertainties involved in
designing and implementing the marketing mix.
• Strategies that focus on short-term objectives, may look
attractive but may turn out to be risky in the long run.
• A systematic approach to formulation and implementation
of marketing plans can definitely minimize risks. A good
understanding of supply and demand conditions, an
appreciation of the costs involved and insights into the
customer segment being targeted, are the building blocks
of a successful marketing plan.
• A systematic approach to managing marketing risks builds
discipline into managerial actions. The best marketing plan
can fail in the absence of discipline. Take the issue of
pricing.
Questions that Marketers should constantly ask:
• Which are the customers who are most loyal to us?
• Which customers may buy less if there is a recession?
• Which customers are most likely to switch over to a
cheaper product?
• Which customers can be weaned away?
Building Customer Loyalty-Branding Risks
• The success of any marketing effort ultimately depends on
the ability to create a base of loyal customers. Indeed,
customer loyalty is the key driver of profitability of
businesses in general and online businesses in particular.
Research by Bain & Co. and Mainstream indicates that the
average repeat customer for apparel spends 67% more
during the third year of the relationship than in the first six
months. For online grocers, this figure is as high as 75%. In
fact, an average online apparel shopper is not profitable
until he has shopped at the site at least four times. Loyal
customers are more willing to purchase new product
categories and generate valuable word-of-mouth publicity
that attracts new customers.
Building Customer Loyalty
• The success of any marketing effort ultimately depends on
the ability to create a base of loyal customers. Indeed,
customer loyalty is the key driver of profitability of
businesses in general and online businesses in particular.
Research by Bain & Co. and Mainstream indicates that the
average repeat customer for apparel spends 67% more
during the third year of the relationship than in the first six
months. For online grocers, this figure is as high as 75%. In
fact, an average online apparel shopper is not profitable
until he has shopped at the site at least four times. Loyal
customers are more willing to purchase new product
categories and generate valuable word-of-mouth publicity
that attracts new customers.
Branding Risks
• Today, brands are considered to be among the most
valuable assets of a company. The Coke brand
accounts for 95% of the value of the Coca Cola
Company’s total corporate assets.
• But brands are also vulnerable. A failed advertising
campaign or a perceived drop in quality can erode
customer loyalty in no time. Brands are also
vulnerable to changes in customer tastes. Another
risk, which brands face, is the wrath of the anti
globalization activists.
Strategic Risks in Brand Management
• Advertising Risks-Companies often spend huge amounts of
money on advertising without realizing commensurate
benefits. Very often, advertising is ineffective because it
targets the wrong customers. The right questions to be
asked before a new ad campaign are: Is it making a solid
offer to the customer? Is it giving sound reasons to the
customer to buy from the company?
• Inspiring Trust-A brand evokes distinct associations, stands
for certain personality traits and builds emotional
attachments. Above all, a brand is supposed to inspire
trust. A brand provided a guarantee of reliability and
quality. “Good brands invite trust, earn trust, honour trust
and reward trust.”
• Changing with the Times-Keeping a brand trustworthy
implies maintaining a degree of consistency in what
the brand has to offer. However, in their obsession
with trust and consequently consistency, companies
should not overlook changing customer priorities.
Brands should be revitalized and repositioned from
time to time to retain their sparkle.
• Dealing with Commoditization-The profits, which a
brand can generate depend heavily on the premium it
commands in the market. Commoditisation is the
lowering of the premium that a brand commands.
• Stretching the Brand-The profit potential of a brand is
heavily dependent on the company’s ability to leverage the
name in new categories. The exorbitant costs of launching
an altogether new brand and increasingly competitive
markets make brand extension an important strategic
weapon in the marketer’s armour.
• Discharging Social Responsibility- The success of brands
and the riches they have brought to their companies have
given them a high visibility and put them at the centre of
public attention. So, companies that own powerful brands
are being closely watched by governments, NGOs and
social activists. As a result, the way brands are perceived
to be discharging their social responsibilities has become
an important issue.
Product Development Risks
New Products may fail due to:
• Overestimation of market size.
• Poor product design.
• Wrong positioning.
• Over-pricing.
• Uninspiring advertisements.
• Higher than expected costs of product development.
• Aggressive competitor response.
Countering Product Development Risks
• Strong new-product planning is needed to improve the
probability of success.
• Successful product development requires cross-
functional coordination and involves a consistent
commitment of resources.
• Many companies are revamping their organisational
mechanisms and processes to improve the chances of
success in product development. The use of cross-
functional teams is now a standard practice.
Pricing Risks
• Companies must carefully evaluate the various internal and
external factors involved before choosing a price that will give
them the greatest competitive advantage in the target
markets.
• When the price value equation of a brand gets out of line,
sooner or later, people will notice. And when they do, they
will act.
• A price-cut or hike will affect customers, competitors,
distributors, and suppliers. A price-cut can be risky as
customers may view it negatively. Is the product faulty and
not selling well? Has quality been reduced? Will price come
down further? Similarly, a price increase can also create a
negative customer perception. The company is greedy and
charging what the market will bear.
Pricing Risks
• How does a company deal with price cuts by competitors?
If the company feels price reduction is likely to erode
profits, it might simply decide to hold its current price and
protect its profit margin. Similarly, if it thinks it will not
lose too much market share, it may maintain its price and
wait till it is clear about the impact of the competitor’s
price change. It may undercut the competitor if it feels that
recapturing lost market share later would be too hard. Or,
the company might improve quality and increase price,
moving its brand upmarket.
• In general, responding to competitive pressures by cutting
prices is a strategy which clever marketers avoid. This is a
game, which does not stop with one round of price cuts.
Supply Chain Risks
• Supply chain risks arise because one or more of the
company’s partners may fail to deliver, leading to
delayed delivery or cancelled orders or lost customers.
• Two types of expertise, Information Technology and
Relationship Management are absolutely vital in
mitigating supply chain risks. Information has to flow in
a seamless manner across partners and must be made
available to them online. The type of dedicated
investments, which today’s supply chains demand,
imply that a relationship of trust and reciprocity must
exist among the different entities, Indeed, without
good relations, the effectiveness of the supply chain
will fall drastically.
Supply Chain Risks
• The importance of a well-oiled distribution system
cannot be overemphasized. Often, companies spend
heavily on advertising and promotion without paying
adequate attention to distribution.
• For most e-business operations, the key decision
involved in order fulfilment is whether to build or
outsource distribution infrastructure.
Managing Human Resources Risks
ATMARAM CHERUVU
2017-2019 PGDM
Unit 8: Managing Human Resources Risks
• Understanding Human Resources Risks

• Succession Planning Attracting and Retaining
Employees
Atmaram Cheruvu
Mobile: +91 9987020900
Understanding Human Resources Risks
• In today’s knowledge driven business environment it is
the quality of people that ultimately determines the
competitiveness of an organization. Great companies
attract good people and have mechanisms for retaining
and nurturing them. In such companies, there is never
a leadership vacuum. On the other hand, in poorly
managed companies, good people hesitate to join.
Those who do join, lose motivation, get frustrated
quickly and leave. Due to a shortage of talented
managers, such companies find it difficult to grow fast
and exploit the opportunities in the market place. Over
a period of time, they lose their competitive edge.
Succession Planning
• At a strategic level, succession planning is probably the most
important Human Resources (HR) risk. The consequences of
appointing the wrong successor can be disastrous. Though all CEOs
want to avoid a wrong successor, their track record, in this regard is
disappointing.
• The problems associated with succession planning are particularly
acute in India, where family managed businesses proliferate. Such
companies throw discretion to the winds and often spend more time
on dividing the family silver among the next generation than in
grooming the right person to take over the top job. Family managed
companies would do well to remember that the chosen successor
should have the necessary education, skills and grooming to
appreciate the privileges, responsibilities and challenges involved.
They should also be bold enough to appoint a professional manager
from outside the family, when there is no suitable candidate within.
Succession Planning
• Succession planning may be defined as the process of
identifying and preparing the right people for higher
responsibilities. Though relevant at all levels, it is at the highest
level that transition poses the biggest challenges.
• Succession planning typically involves the following stages:
 Identifying key positions and the time when vacancies might
crop up.
 Determining the skills and performance standards for these
positions.
 Identifying potential candidates for development.
 Developing and coaching the identified candidates.
Succession Planning
Effective succession planning helps the organization in several
ways:
• It encourages senior management to conduct a disciplined
review of the leadership talent available within the organization.
• It facilitates the development of key executives.
• It ensures continuity of leadership and sends the right signals to
employees as well as external stakeholders.
• It guides the promotion policies and helps to ensure that the
right people are promoted at the right time.
• It facilitates a critical review of the selection, appraisal and
management development processes of the organization.
Succession Planning
Why Succession Planning Fails?
• High potential candidates are arbitrarily identified.
• The qualities that a successful business unit head has and
what he should have after becoming CEO are different.
Business unit heads may not have strategic vision or the
ability to communicate effectively with external stakeholders.
• Many executives make excellent No. 2s and act as a fine
complement to their CEOs but fail miserably when they move
into the corner office.
• The designated replacement may be far from ready to take
over.
• Promotions are made keeping in mind the organizational
needs, but totally ignoring the aspirations of the employees.
Succession Planning
• The process lacks transparency and confuses talented
people, who may hence decide to leave.
• Outsiders are indiscriminately hired without explaining
the rationale to insiders.
• When one person leaves or retires, instead of moving
decisively and appointing a successor, the portfolio is
split among two people at the next level, leaving
employees totally confused.
• The program is perceived as being limited to the ‘elite’
core. In many Tata Group companies for example,
employees feel that managers from the Tata
Administrative Services (TAS) will invariably occupy all
the plum posts.
Attracting & Retaining Employees
Improving Employee Commitment
• Benefits and compensation
 Equity
 Competitiveness with respect to comparable companies
 How well the compensation program is communicated to
employees
• Organizational culture, leadership and direction
 Clear direction for the organization
 Personal growth opportunities
 Work satisfaction
 Transparency and openness of the work environment
Attracting & Retaining Employees
• Change Management
 Encouraging employees to challenge conventional wisdom
 Participation of employees while planning changes
 Readiness to change
• Recruitment, training and development
 Ability to hire only top calibre people
 Training
 Performance evaluation & appraisal process
• Work/life balance
 How much importance the company attaches to personal life
 Extent to which the company supports the needs of
employees as individuals
Implementation of ERM
ATMARAM CHERUVU
2017-2019 PGDM
Unit 9: Implementation of Enterprise Risk
Management.
• The Current state of Enterprise Risk
Management
• Integrating Risk Management Activities
• The dynamic interaction of Different Risks
• Developing a Risk Management Policy
• Implementation of Enterprise Risk
Management.
Atmaram Cheruvu
Mobile: +91 9987020900
The Current State of ERM
• Regulators in many countries, especially in the financial
sector are putting pressure on companies to manage
risks more systematically. Regulators are also insisting
on better reporting and disclosure practices.
• Mounting shareholder pressure for better corporate
governance is giving a boost to ERM. Developments in
the financial markets in general and the convergence
of capital and insurance markets in particular are also
facilitating an integrated view of a company’s risks.
The Current State of ERM
• Many well managed companies have begun to look at
ERM as a proactive tool to add value for shareholders,
rather than as a defensive approach to minimise the
negative impact of risks.
• ERM is also being used to achieve a common
understanding of risk across functions and business
units and to aid top management exercise greater
control over the company’s operations.
• ERM is rapidly emerging as a powerful tool that
facilitates better decision making and helps people to
take more risk than they would otherwise do.
Integrating Risk Management Activities
• Integrated risk management is all about the
identification and assessment of the risks of the
company as a whole and formulation and
implementation of a company wide strategy to manage
them.
• ERM combines the best of three different but
complementary approaches. The first is to modify the
company’s operations suitably. The second is to reduce
debt in the capital structure. The third is to use
insurance or financial instruments like derivatives.
Dynamic Interaction of Different Risks
• Attempts to control one type of risk may result in other
types of risk. Hence need for ERM.
• Environmental Risk Management through Industry Self
regulation could lead to allegations of Cartel formation
(anti-trust issues). So, care should be taken to ensure
that self-regulation is perceived to be promoting
consumer welfare and serving the public interest. Most
importantly, the companies involved should effectively
communicate the benefits associated with their self-
regulation initiatives to the public and the government.
• In technology driven industries, the adoption of standards is a
very important activity. Indeed, standards are meant to
reduce risk for both suppliers and users by organizing and
disseminating information and facilitating the compatibility of
products and services in the market. Development of
standards, involves firms coming together and cooperating.
Again can bring anti-trust issues.
• Vertical integration may reduce risk by developing internal
capabilities and retaining proprietary information. However, in
the process, access to a specialised supplier’s technology may
be lost. On the other hand, a decision to outsource may result
in a high degree of vulnerability because of excessive
dependence on the supplier for an important technology.
Thus, vertical integration and technology risks are interrelated.
• Technology and legal risks often go together. Technology
companies often need strong competencies in legal
matters, especially patents. Even if a company is good at
innovating and developing new technologies, without a
well thought-out patent strategy, it would find it extremely
difficult to commercialise its inventions.
• In many mergers and acquisitions (M&A), legal and human
resources risks are involved.
• Environmental and political risks are also closely related.
Inadequate attention to environmental issues often invites
government intervention. This can lead to closure or even
confiscation of assets in extreme cases. On the other hand,
a systematic, proactive approach can keep the government
away.
• Political and ethical risks are also closely connected.
Issues like bribery have strong ethical implications. To
manage political risks, it is often tempting to use such
unethical means.
• A piecemeal approach can miss significant risks or worse
push risks into less visible places and create a misleading
sense of safety. What is required is the application of
consistent risk measurement techniques across various
sources of risk.”
Developing a Risk Management Policy
• A risk policy explains the objectives of risk management and
indicates how the responsibilities in this regard will be
distributed.
• The questions for the organization to resolve are:
 Should the risk be retained or transferred?
 How to provide for the retained risk?
• In general, risks which can be transferred or insured are often
delegatable. Those which cannot, need the direct involvement
of top management. Some of these risks include:
• Risk to the firm’s reputation
• Risk of losing talented employees
• Risk of being caught unaware when a new technology emerges
• Risk due to strong competition
• Companies, based on ERM policy can be divided into three
categories- Classical risk controllers, Efficiency enhancers and
Risk transformers.
• Classical risk controllers invest in risk management processes
and systems in order to minimise losses. They look at risk
management not as a source of opportunity, but as a cost
centre.
• Efficiency enhancers look at risk management from a
strategic perspective. They view risk management as a way
to operate their businesses more efficiently and effectively.
• Risk transformers view risk management primarily as a
business opportunity. They graduate from companies
demanding risk management services to ones which can
provide clients assistance in managing their risks.
• The appropriate risk management model will depend
on the firm and its culture. Firms can view risk in
various ways – as a necessary evil, as a way to reduce
costs and as an opportunity for generating new
business. By viewing risk management as an integral
part of business strategy formulation and
implementation, firms can tap a range of opportunities
that they may otherwise overlook.
• The transition from piecemeal management of risks to ERM
involves considerable investment of time and money. Some of
the important obstacles to the implementation of ERM include
lack of alignment between risk management and planning
processes, lack of role clarity, distortions in information flows
and inadequate understanding of the benefits of ERM.
• To put in place a successful ERM system, companies have to
integrate it with the planning process, build support for the
concept across the organization and appoint the right
champions. ERM should be tightly integrated with capital
allocation, corporate strategic planning and business unit
strategic planning. Where possible, it should also be integrated
with functions like product design, human resources and other
less strategic but nevertheless important managerial processes.
• A suitable organisational structure is vital for implementing
ERM. Making the existing head of risk management or the CFO,
champion of the ERM initiative is not always appropriate. Many
companies have created the Chief Risk Officer (CRO) who can
discharge functions such as informing the board about the
major risks, framing ERM implementation strategies, overseeing
risk reporting and monitoring and educating people about risk
management. Alternately, a committee consisting of top
managers can be used to spearhead the ERM initiative.
• The CRO should be fully aware of the risk tolerances and the risk
management objectives of the board and the nature of risk
exposures faced by the firm. The CRO should obviously be
separated from functions where risk taking is involved.
Preferably, the CRO should be reporting to the board and not to
the CFO.
• An independent risk management function facilitates the
development and ongoing improvement of models, systems,
and processes used to quantify risks. It ensures that risk
management policies and procedures are consistently applied
across all the units in the corporation. It also plays a policing
role to check that policies are being implemented effectively.
And it helps in taking an aggregate view of the different
exposures held by the organization.
Organizational Setup
ATMARAM CHERUVU
2017-2019 PGDM
Unit 10: Organizational Setup & key
responsibilities for Enterprise Risk Management.
• Governing Structure -Role of Board, Role of
committees, Role of RM department, Chief
Risk Officer, Risk Officers/ Specialists, Business
Managers, Department Heads.
• Relationship between Audit and Risk
Management. Relationship between
compliance and Risk Management.
Governance Risk and Compliance. Corporate
Governance.
Atmaram Cheruvu
Mobile: +91 9987020900
ERM Organizational Model
ERM Structure
• The proposed model establishes a Chief Risk Officer
with close reporting ties to the CFO, the CEO, and the
Board—ties that structurally facilitate the risk officer’s
input into risk-related decisions. The CRO may chair or
be a member of various risk governance and approval
committees, ranging from the assets and liabilities
committee (ALCO) to the market risk, credit risk, and
operational risk committees. Those who head the
three major risk management disciplines report
directly to the CRO. A multi-disciplinary approach is
encouraged by dotted-line relationships to IT and to
such control functions as Finance, Internal Audit, and
Legal.
ERM Structure
• The proposed model establishes a Chief Risk Officer
with close reporting ties to the CFO, the CEO, and the
Board—ties that structurally facilitate the risk officer’s
input into risk-related decisions. The CRO may chair or
be a member of various risk governance and approval
committees, ranging from the assets and liabilities
committee (ALCO) to the market risk, credit risk, and
operational risk committees. Those who head the
three major risk management disciplines report
directly to the CRO. A multi-disciplinary approach is
encouraged by dotted-line relationships to IT and to
such control functions as Finance, Internal Audit, and
Legal.
ERM Structure
• The success of ERM depends heavily on such “soft’
factors as people and culture. Much of the responsibility
for managing risk falls to the Chief Risk Officer; however,
cooperation from the company’s business units is also
critical. Since the CRO’s role is consultative, the danger is
that he or she may be in the precarious position of
having considerable responsibility but no real authority.
For the CRO to be truly effective, management must
support him or her in disseminating a risk culture
throughout the organization. In essence, the goal is for
each employee to become a risk manager who can
balance risk and return considerations in making daily
business decisions.
Relationship between Audit & ERM
• While the responsibility for identifying and managing
risks belongs to management, one of the key roles of
internal audit is to provide assurance that those risks
have been properly managed.
• This can be done by conducting a Risk based internal
audit.
• Risk based internal auditing (RBIA) is a methodology
that links internal auditing to an organisation’s overall
risk management framework. RBIA allows internal
audit to provide assurance to the board that risk
management processes are managing risks effectively,
in relation to the risk appetite.
Relationship between Compliance & ERM
• While risk management and compliance are often
appropriately handled by two separate groups within
an organization, the pitfall is that this separation can
lead to a fragmented approach whereby compliance
risk is isolated from other enterprise risks. Risk
professionals must understand the risk of non-
compliance equally as well as other organizational risks
in order to properly shape enterprise strategy.
Similarly, compliance professionals must
understand risk appetite (the amount of risk the
organization is willing to accept to meet its business
goals) in order to make the appropriate decisions vis-a-
vis the compliance function.
Corporate Governance & Risk Management
Thank You
Atmaram Cheruvu
+91 9987020900
cheruvua@yahoo.co.uk
Key Terms
A possibility that an event will occur and

Risk adversely affect the achievement of
objectives
A deficiency that could significantly impact

Key Risk an entity’s ability to achieve its established
objectives regardless of probability.
A condition, which by its existence or nature

Risk Driver increases the probability or likelihood of an
event or loss from occurring.
Defines the maximum tolerance for a specific

Threshold
KRI result that can take place before
Level
escalation
Point at which risk has escalated to the

Trigger degree that management involvement is
required
Key Risk Indicators
“KRIs are parameters which can act as indicators
and which can be seen to be predictive
regarding changes in the risk profile of a
business. This enables timely action to be taken
to deal with issues arising” (Lloyds)
KRIs can be specific (E.g. Number of complaints)

or Environmental (E.g. Regulatory Changes)
KPI vs KRI
KPI KRI
• High-level information on • Early warning signals for
performance of the increase in risk exposures in
organisation various areas of the
• Lead indicators for business
underperforming parts of • Lead indicators for
business emerging risks – external
• Could also show early and internal
indications of emerging • Could also show potential
risks business issues
Risk Interaction Map (Illustration)
• Risks interact with each
Reputational
Entry of new
Pressure of
Complaints
Regulatory
Personnel
Damage
margins
Product
players
other and play ‘cause-
Loss of
Action
Risk
effect’
• Essential to understand
Entry of new
players
their interaction
Pressure on • Opportunity to reduce
margins duplication controls
Loss of
Personnel
• Good news is that
Regulatory
controls too interact and
Action at times influence more
Product than one risk
Complaints
Reputational
Damage
Remember!
Sometimes a risk may also be an indicator (KRI)
of another much larger risk
“Domino Effect”
Example: a fall in Share Price may be a KRI for a

number of other risk
RISK AVOIDANCE RISK ACCEPTANCE
Generic
Strategies
RISK RISK CONTROL

TRANSFERENCE
Steps in Risk Mitigation
Determine Risk Prioritize Risk by Determine most

Appetite and Severity or appropriate
Tolerance Likelihood strategy
Control
• A control is a procedure used to
either prevent a risk from
occurring or detect a risk after it
has occurred.
• Controls can be used to mitigate
and manage the risks
• Can you name a few
Preventative and Detective
controls?
• Compensating Controls are often
used where Primary Controls are
likely to take time to embed
Types and Range of Controls
Entity-wide Process level
Hard Soft
Preventative Detective
Manual System based
Can you give examples of each type of control?

Erm PGDM 2018-20

Transféré par

Informations du document

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Erm PGDM 2018-20

Transféré par

Droits d'auteur :

Formats disponibles

ENTERPRISE RISK MANAGEMENT

Institute of Insurance & Risk

ISO 31000 defines Risk as the

Executive Legislature Judiciary

President of India Rajya Sabha Supreme Court of India

India is the world's largest democracy

• The concept and definition of Enterprise Risk

• Threat of new Technology to Assembled

• Understanding Environmental and Political

• Understanding Marketing Risks – Challenges

• Understanding Human Resources Risks

• Understanding Environmental and Political

• Need for the market regulator

• Understanding Marketing Risks – Challenges

• Understanding Human Resources Risks

A possibility that an event will occur and

A deficiency that could significantly impact

A condition, which by its existence or nature

Defines the maximum tolerance for a specific

Point at which risk has escalated to the

KRIs can be specific (E.g. Number of complaints)

• Risks interact with each

other and play ‘cause-

Example: a fall in Share Price may be a KRI for a

RISK RISK CONTROL

Determine Risk Prioritize Risk by Determine most

Entity-wide Process level

Manual System based

Can you give examples of each type of control?

Vous aimerez peut-être aussi