Definition of Risk Analysis
Risk analysis is a small component of risk management technique, wherein the risk manager conducts a pro-active evaluation of risks associated with a particular project or event or the whole organisation through risk assessment procedures, develops a risk mitigation plan accordingly to manage those identified risks & makes sure that the plan is implemented in the organisation.
- Suppose you want to invest in a stock. What do we expect after such an investment? A positive return. What if the return turns negative? That’s called a risk to the investment.
- Risk can be any negative outcome of any event or transaction or any business transaction. Analysing the risk means identifying the possible issues that may affect the key objectives.
- Risk analysis is not an assured event to happen but just a probability of the occurrence of an adverse event within the entity that may affect an entity’s operations.
- The risk analysis concept can be applied to various events or transactions or situations, or entities. Some of the examples of risk analysis are the chances of success or failure of a business plan, a standard deviation of a portfolio return, volatility in the stock market, etc.
- Risk analysis may be classified either as quantitative risk analysis or qualitative risk analysis. Quantitative risk analysis is based on simulation or deterministic method (i.e. based on some quantities of data). The variables are mostly based on certain logical assumptions. An example of quantitative risk analysis includes the Monte Carlo simulation.
- On the other hand, qualitative risk analysis is based on a textual description of uncertainties prevailing, the impact of such uncertainties & counter measures available for mitigation. The best example of qualitative risk analysis is SWOT Analysis.
Process of Risk Analysis
The main steps in the risk analysis process are described as below:
- Risk Assessment Survey: This is the first step in the risk analysis process. This step involves obtaining sufficient information from the management of the entity for whom the analysis is being done. In case of any back-holding by the management, the objective of risk analysis may not be served. Under this step, specific risks relevant to the situation are analysed. In terms of risk analysis of a stock, data regarding past returns are obtained under this step.
- Identification of Probable Risk: The above step provides inputs for the second step. The survey helps the risk manager to identify various events due to which risk can occur. Risks can be an occurrence of human error or fire or natural calamity or any potential outburst, etc. For a stock, identification of risk is associated with attributes of the company.
- Analyse the risk: After identification of risk in the second step, the risk manager needs to perform an analysis of risk. Here, analysis means assessment of the likelihood of occurrence of the adverse event. This step should provide inputs regarding the possible implications of risk occurrence & the impact on the objectives of the entity. For a stock, this step simply means the percentage of loss to be suffered in case of a downfall in the price of stock & consideration of available hedging instruments to hedge the occurrence of loss.
- Risk Mitigation Plan: This is part & parcel of the above step. Here, a formal plan is formulated to mitigate the risk to the extent possible. Here, recommendations are provided to mitigate the risk for each valuable asset. For a stock, the mitigation plan is choosing a derivative to cover the loss suffered.
- Implement the plan: After the preparation of the risk mitigation plan, it is critically analysed whether the plan will be effective for the said purpose. Measures are taken to reduce the risks. Priority attention is given to high-risk category events. For a stock, this step means buying or selling the derivative to recover the loss in stock.
- Monitor Risks: The job is not done just at the implementation stage. Regular scrutiny is made to ensure that the plan is working well within the set parameters. In case of deviation or in case the plan does not protect from risk, the plan needs to be revised to consider new risks. For a stock, this step means monitoring the returns of a derivative instrument.
Example of Risk Analysis
Lets’ consider that a company needs to purchase a new type of raw material for its new business segment. Should it purchase the raw material from any of the available contacts? Each decision has some impact.
There are few risks, such as purchases are made from unapproved vendors, purchases are made at higher prices than market prices, or supplier provides quality materials. In this example, we have devised a risk analysis plan which identifies the risk, provides mitigations & provide control parameters for mitigation of risks. The details of the matrix are as under:
|Risk Matrix||Process Step I||Process Step II||Process Step III|
|Control Objective||To ensure that purchases are made through an approved vendor||To ensure that purchases are made within a reasonable price and in accordance with T&C||To ensure that, supplier meets with the quality standard of the company|
|Risk of material misstatement||Purchases are made from an unapproved vendor||Purchase is not made within a reasonable price and in accordance with T&C||The supplier did not meet the quality standard of the company|
|Control No.||AP 1||AP 2||AP 3|
|Control Description||The company has a standard category wise procedure for vendor selection- 1. Direct purchase / Diesel Procurement – Vendors are fixed in the system, and no further selection is made.
2. Purchase of Auxiliary, Indirect items – vendor selection procedure should be followed.
|Quotations are invited from at least three vendors, except for cases where there are specific asset/material requirements which a specific/existing vendor can fulfil; further quotations are not invited. The purchase team negotiates on price and T&C with all vendors and finalises the vendor along with the prices and T&C.||Before placing the final order with the newly selected vendor, the purchase team ask for a sample order delivery for a small quantity from the vendor, which is scrutinized in all parameters as per quality standard of the company at the vendor’s place, for which no separate invoicing is done by the vendor. Clearing the Scrutiny stage is the prerequisite for a final order.|
|Person in charge of control||Mr. XYZ||Mr. XYZ||Mr. XYZ|
|Nature of control (Key/Non-Key)||Non-Key||Non-Key||Non-Key|
(H) High, (M) Medium, (L) Low
|Frequency of control||As and when required||As and when||As and when|
|Control type||Automatic/ Manual||Manual||Manual|
(O) Operating,(F) Financial,(C) Compliance
|Control performed by||Purchase Department||Purchase Department||Purchase Department|
|Accuracy / Occurrence||Applicable||Applicable||Not Applicable|
|Valuation||Not Applicable||Applicable||Not Applicable|
|Cut Off||Not Applicable||Not Applicable||Not Applicable|
|Primary COSO||Control Activities||Control Activities||Control Activities|
Types of Risk Analysis
Types of risk analysis include analysis of different genres of risk. A company may face business-related risk, non-business related risk & finance related risk. Each one of these is discussed as below:
- Business Related Risk: This is the normal risk suffered by the owners of an entity. Every business has some inherent risks in it. The risk managers are here the analysers of business who takes care of possible risks. Business related risks can be stock out a situation in the company, non-availability of key resources to run the operations of the entity, increase in competitors, etc.
- NoN-Business Related Risk: These risks are around the business & not directly relation. Due to no direct link with the businesses, such risks are not controllable by an entity. Examples can be political risk, economic downturns for an entire industry, Covid-2019, etc. Such risks are difficult to deal with since it completely depends on the outsiders of the business (such as Government policies, demand cycle, a vaccine for a virus, etc.)
- Financial Related Risk: Finance is the blood for the smooth running of the business. Non-availability of liquidity to expand an entity’s operations, non-availability of potential investors for business, etc., are some of the finance-related risks. These risks can be eliminated but not that easy. It requires the expertise of professional risk managers.
Risk Analysis Table
The risk analysis table is the outcome of the process of risk analysis. We normally provide a risk analysis matrix in which risk is identified for each process & controls are suggested thereat. Let’s consider a blank template for risk matrix for treasury management within the entity:
|Risk Matrix||Process Step I||Process Step II||Process Step III||Process Step IV||Process Step V||Process Step VI|
|Risk of material misstatement||XXXX||XXXX||XXXX||XXXX||XXXX||XXXX|
|Person in charge of control||XXXX||XXXX||XXXX||XXXX||XXXX||XXXX|
|Nature of control (Key/Non-Key)||XXXX||XXXX||XXXX||XXXX||XXXX||XXXX|
(H) High, (M) Medium, (L) Low
|Frequency of control||XXXX||XXXX||XXXX||XXXX||XXXX||XXXX|
(O)Operating,(F) Financial,(C) Compliance
|Control performed by||XXXX||XXXX||XXXX||XXXX||XXXX||XXXX|
|Accuracy / Occurrence||XXXX||XXXX||XXXX||XXXX||XXXX||XXXX|
Here, “xxxx” means a detailed description of each item of the process. The above template is famously used in analysing the risk associated with the internals of an entity & the operating effectiveness of those controls.
Techniques of Risk Analysis
Some of the famous risk analysis techniques are discussed in short as below:
- SWIFT Analysis: SWIFT means Structured What If Technique. Here all “ifs and buts” of an event are identified & analysed for solutions.
- Delphi Technique: It is a method of forecasting framework wherein multiple rounds of questionnaires are sent to a group of experts & results from such outcome are analysed separately.
- Decision Tree Analysis: It provides a solution for different pathways of situations that may occur after each event. Each decision has an outcome. The decision tree analyses the outcome separately.
Benefits of Risk Analysis
- Early identification of risks is possible.
- Early mitigation of those risk is possible with a better mitigation program.
- It provides pro-active disclosure of the situation to the owners of the entity.
- It also identifies the gaps in the existing control mechanism.
- It provides an analysis of the overall impact of those assessed risks on the organisation as a whole & its business.
- It further enhances the communication within the entity.
- The objectives of a business are upheld & help a business survive in critical times as well.
Disadvantages of Risk Analysis
- The risks are not sure to happen. There is an element of probability. The actual risk may or may not crystalise.
- Risk analysis only discloses the situation but does not measure the financial impact of such risk.
- Data is open for manipulations. The first step of risk analysis is a risk assessment survey, wherein the risk manager depends on inputs from the entity itself.
- Incorrect inputs result in incorrect evaluation, which results in incorrect analysis & inefficient risk mitigation measures. This derails the basic objective of risk analysis.
- The analysis is subjective for each person & some sort of professional judgement is involved.
Risk analysis can also be termed as the risk appetite of a person to bear the risk. In the stock market, risk appetite means the amount of loss which a person can bear & may take action after the upper level of patience is breached. Say a person cannot bear a loss of more than 7% in the stock. In such a case, he should take actions for are 6.5% loss itself.
This is a guide to Risk Analysis. Here we also discuss the definition and process of risk analysis along with an example and types. You may also have a look at the following articles to learn more –