1

Seven Oaks College Association for Tourism and Hospitality Executives (ATHE)

ATHE Level 7 Diploma in Strategic Management Unit Name: Risk Management

Barclays Bank A Case Study

Unit Code: 6.4

Assignment -1 TABLE OF CONTENTS

INTODUCTION 03 EXPLANATION OF RISK MANAGEMENT 03 EFFECTS OF RISK MANAGEMENT IN DIFFERENT BUSINESS FUCTIONS.. 06 EVALUATION OF METHOS OF ASSESSING RISK IN BUSINESS.. 07 EVALUATION OF APPROACHED TO MANAGE RISK IN BUSINESS. 08 CONCLUSION... 09 REFERENCES.. 10 BIBLIOGRAPHY 11

INTRODUCTION
The risk management is a process of prioritization where the highest risk is handled first and the lowest one in the descending order the priority is given according to the level of the risk. Intangible risk are identified as risk that has very high chances of occurring but these kinds of risk are ignored by the organisation due to the identification ability which it lacks (Cockford, 1986). Example a knowledge risk materializes when a situation is applied with deficient knowledge. Intangible risk management allows risk management to create immediate value from the identification and reduction of riskes that reduce productivity. Allocation of resources is some of the difficulties faced by the Risk management. This is the idea of opportunity cost. The resources which were used for the risk management could have been allocated for activities which are profitable.

EXPLANATION OF RISK MANAGEMENT

Risk management is a process of prioritization, identification, assessment pursued by the economical use of resources to monitor, mitigate, and control the events which occur unfortunately, or for maximising the opportunities (Cockford, 1986). Risks can come from project failures, financial markets, accidents, credit risk, natural disaster, attack from adversaries which are deliberate or root causes which are unpredictable, or uncertain events,. Goals , definitions and standards , methods vary accordingly to the context industrial processes, engineering, financial portfolios, or health and safety of public. It is common to transfer risk to anther party, or evade the risk or reducing the impact of risk in order to manager the risk. In some cases though accepting the some or whole impact of the risk could also be a way of managing it (Hubbard and Douglas, 2009). some of the aspects of risk management standards have been criticised due to very less effect on deceasing risk. The risk management is quite complicated and hence is criticised due to way it is done. Even if all the measures are taken to avoid the risk, one cannot completely be free of risk. The risk management has been identified with the following principles by ISO (International Standardisation Organisation).

4 Risk management:

Should be vital element of the processes in the organisation. Always be considered in decision making Assumptions and uncertainty should be addressed explicitly. should be structured and systematic Best available information should be the base. be tailor able Accounting human factors. Be inclusive and transparent. Should be responsive to change, dynamic, and iterative. Should be improved continuously Should assessed after a fixed period of time

EFFECTS OF RISK MANAGEMENT IN DEFFERENT BUSINESS FUNCTIONS

Enterprise risk management: Any event or circumstance that can influence the enterprise negatively can be said as risk. The impact of risk can be on the human and the capital resources, on the customers of the company, and the products and services, as well as on the environment, markets, and on society (Hubbard and Douglas, 2009). In financial institution the risk management is considered in the aspects such as the rate of interest risk, management of asset liability, credit risk, operational risk, market risk. Every risk can be pre- formulated in the general case and can be planned to covenant wi th the possible consequences. Risk in process or project can be due to common cause or either due to special cause variation and should be treated appropriately. The concern about the external cases must be re-iterated and must not be equivalent in the above immediate list

Management of risk in mega-projects:

5 Mega-projects (sometimes also called "major programs") are very large scale venture projects, that can cost more than US$1 billion per project. These projects include public buildings, defence systems, information technology, extraction projects, aerospace projects, coastal flood protection schemes, power plants, oil and natural gas extraction projects, waste water projects, high ways, bridges, seaports, railways, tunnels, airports. Megaprojects in terms of environmental impacts and safety, and finance have shown to be risky (Crockford, 1989).

EVALUATION OF METHODS OF ASSESSING RISK IN BUSINESS

1. Identification 2. Assessment of exposure to the threats 3. Determination of risk or the impact of specific attack 4. Method to lessen risk 5. Prioritize Identification: After the context establishment the step which is in the process of risk management is to identify potential risks, the events that cause problems when triggered are the events about risk. Hence risk identification can start with the problem itself or the source of problems.

Analysis of source: The target of risk management are the risk sources which may be external or internal.

Analysis of problem: identified threats are related to risks. Example; the threat of accidents and causalities, the threat related to the abuse of the information that is confidential, the threat of losing money. The threat may be there with different and various entities, mostly with legislative bodies such as the government, shareholders, customers.

When the problem or the source of the problem is known, the events that can lead to a problems or the events that the source may trigger can be investigated.

6 Example: funding of a project can be endangered by the withdrawal of the stake holder, even within a closed network confidential information can be stolen by the employee, people on the aircraft may become immediate causalities due to lightning strike during the take off.

Assessment When the risks are identified they will be assessed according to the damage or loss they may incur on the organisation and to the occurrence of probability (Dorfman, 2007). These can be measures simply, in case of a building which is lost, or may be impossible to know for sure in the case the probability of an event which may occur unlikely. Even long-tern negative impacts can be given by short-term positive improvement. Example: It is usual to widen a highway to make way for increasing traffic. When this highway is widened more traffic comes to fill the available space. Also, areas nearby are developed as result of increased traffic capacity. Thus this leads to demand for more capacity and it becomes an endless cycle. Thus growth can be unsustainable without considering the long terms effects. Determining the rate of occurrence is the fundamental difficulty in risk assessment, because on all kinds of past incidents statistical information is not available (Roehirg, 2006). Thus the primary supply of information is the, available statistics and best learned opinions. The primary risk should be made easy to comprehend and the risk management decision may be prioritised such kind of information should be produced by the risk assessment. Thus, there have been efforts to calculate risks by several theories.

EVALUATION OF APPROACH TO MANAGE RISK IN BUSINESS

Avoidance (eliminate, withdraw from or not become involved) Reduction (optimize mitigate) Sharing (transfer outsource or insure) Retention (accept and budget)

Risk avoidance This is the simplest form of risk management that means dont involve in the activity that brings risk with it for example not buying a property to avoid the legal liability that is always it. Answer to all the risks may seem to avoid them, but that does also losing on the gain that has very good potential which risk may not have allowed. Avoiding entering into a business may avoid loss but also the profits which can be earned.

Hazard prevention Prevention of risks in an emergency refers to the hazard prevention. The elimination of hazards is the first and most effective stage to counter the hazard (Roerig, 2006). The second stage is mitigation if the first stage too long, impractical, or is too costly. If the outsourcer can demonstrate higher capability at managing or reducing risks Outsourcing could be an example of risk reduction. Example, a company out sources its customer support needs to another company, the hard good manufacturing, development of software. So by this without having to worry about finding a physical location for a call centre, or managing the development team, or about the manufacturing process company can concentrate on business development.

Risk sharing Usually risk sharing is a term used to the transfer the burden of loss to third party. In addition with the burden of loss the benefits are also shares according to the agreement made between the parties. Insurance companies are the most popular way of sharing risks (McCrae & Costa, 1997).

Create a risk management plan

8 To measure each risk appropriate counter measures or controls must be selected. Appropriate level of management should approve the mitigated risk ( Cortada & James, 2003). For instance top management should take the decision for a risk concerning the image of organization whereas computer virus risks were decided by separate authority in IT management. For managing the risks effective security controls and plan should be proposed by risk management. Example, by implementing antivirus software a high risk of computer viruses could be mitigated. A schedule for control implementation and responsible persons for those actions should be there in a good management plan. After the completion of the risk assessment phase consist of a risk treatment plan according to the stage, and how each of the identified risks should be handled should be documented. Security controls means the mitigation of risks. Which control objectives and controls from the standard have been selected, and why should be documented in a statement of Applicability

CONCLUSION
Risk management is cost effective minimising the effect of threat realization to the organization by a systematic selection. Due to the practical and financial limitations all risks can never be fully mitigated or avoided. So some level of residual risks should be accepted by all organisations. Risk management is a vital and essential function for any organisation. There must be some strategy or plans to avoid it or to compensate the consequences in case of nay negative occurrence. There are different types risks and it is important for the management to ascertain as many as possible. Some risks can be ascertained easily while for others complex processes are adopted. Also, sometimes it becomes expensive for the organisation to manage risk. But it is a way to make the business safe to some extent as risk cannot be avoid by 100%. Thus, in conclusion it be said that managing risk is important to deal with the unforeseen circumstances that might bring big losses to the organisation.

Assignment -2 TABLE OF CONTENTS

INTRODUCTION. 16 MAIN DRIVERS OF BUSINESS RISK 16 IMPACT OF DIFFERENT TYPES OF RISK 17 AN ANALAYSIS OF LIKELIHOOD OF RISK. 19

10

SUGGESTED RISK MANAGEMENT STRATEGIES.19 APPROACHES TO CRISIS MANAGEMENT. .21 IMPACT OF BUSINESS CONTINUITY. 22 CONCLUSION 23 REFERENCES 23 BIBLIOGRAPHY .23

INTRODUCTION Barclays Is organised within two business cluster it is a universal bank It has the presence in many countries, retail business and investment banking, corporate and investment banking (Barclays.com, 2012). The wealth and investment banking comprises three business units: corporate banking, investment banking, and wealth investment management. Four business units are comprised in retail and business banking cluster; Africa retail and business banking; UK retail and business banking . Within two business cluster Barclays operations are organised. The wealth investment banking and corporate business management and the corporate and investment banking cluster comprises three sections: investment banking and wealth and investment management, corporate banking. The business banking and

11

Retail cluster comprises four units of business: Barclaycard, Africa retail and business banking, UK retail and Business banking and Europe Retail banking. Barclays has 5000 plus branches all over the world and is serving more than millions of customers per day. Barclays has more than 3000 ATMS facilitated for their customers and spread their services to all the parts of United Kingdom. The availability and accessibility in very less time is the first and main goal of the company (Barclays.com, 2012). And their strategy was successful throughout the last decade by their continuous growth throughout the world. Barclays provides numerous number of services to their customers and is larger in size when compare to their competitors.

MAIN DRIVERS OF BUSINESS RISK

Due to impact of globalisation and changes which are occurring in the banking sector due to it are affecting the Barclays organisation with the volatile high interest rates , inflation , high commodity rates and with ever changing exchange rates the nature of risk is increased in financial institutions. These changes have led to drive the business risk among the financial institutions (Christopher and Fee, 2002). The major drivers of losses in the financial and banking sector are caused due to the lending process which directly results in failed repayments by the customers or counter parties. There are mainly four types of risk that a financial institution or company faces they are Credit risk In the banking sector credit risk is the single largest risk. These kinds of risk are part of any banking company because every institution is into lending.

Market risk Market risk contains internal and external factors such as the competition in the industry, political, global markets. And the fluctuation in the value of income, and assets. Liquidity risk When an institution fails to maintain a enough or sufficient liability and they fall due.

12

Group risk The potential impacts which are coming from the groups of the institutions and from their own activities as well. Operational risk it is the risk of occurred due to the failure of internal processes, systems or people or from the events which occur externally. Reputational risk This kind of risk generally occurs due to negative publicity about the organisation thus effecting value of the shareholder of the organisation and the position of its market place.

Impact of different types of risk Example Credit Risk $10 billion loss was announced by UBS in December 2007. UBS is a big Swiss bank who suffered the loss as its value of loan was gone significantly down it has lent the big amounts to the high risk borrowers. Many high risk customers were not able to pay the loans back and the predictions made by complex model was incorrect. This happened to many other banks that could not assess the risk correctly.

Market Risk EXAMPLE American Savings and Loans (S&L) are popular mortgage lenders. These institutions went through major crisis in 80s and 90s as a result of the interest rate risk exposure. The long term loans were fixed rate mortgages but were funded by variable rate deposits. The deposits rate of interest used to vary with market level. As the market rates ascended they rate of interest on deposits become more that the rate of interest paid by mortgages. This led to heavy losses for these S&L and led to their failure.

Operational Risk EXAMPLE

13

Baring Brothers and Co. Ltd was a company that closed down after going into loss due to operational risk. In 1995 it incurred the loss of the 827 millions. This happened due to breakdown of its internal control processes. A trader of company did not reveal the losses for more than 2 years. This was failure of internal control system as he kept authorising his trades and was not supervised. Later on when supervisors came to know about this, losses could not be recovered.

Liquidity risk EXAMPLE Liquidity risk can be seen in the real estate market where properties whose value is more that 850,000 one day, are sold for 550,000 a month later or so. Since there is no demand for asset, it forces owners to sell them at low prices. As they cannot be liquidated and that makes them loose money.

An analysis and likelihood of risk

There are different types of risks faced by banks. Following are the examples of such risks: Borrow might not be able to payback on time or are failed to pay altogether. Investors may ask for their money at faster rate than reserved for. There is fluctuation in the market interest rate influencing the business. Human error in managing data or the computer fraud Banks need to be managing these risks efficiently by actively monitoring and measuring them. They keep the risks controlled by continuously monitoring the portfolio of assets and their exposure to the risk. They keep sending this information to the other bank functions and manage them by themselves or in collaboration with other banks in order to mitigate the potential losses (Hutto & John, 2009). The size of the bank or value of its assets determines the amount of regulatory reserve bank should hold. This reserve is a way to deal with the possible occurrence of loss due to the failure of risk management.

Suggested risk management strategies

14

First of all managing risk involves the determining the internal or external causes that can affect the business negatively. The risk management is a continuous and integrated process that should be implemented in combination with the overall strategy and in all the functions (Mottef & Jhon, 2005). It should keep developing according to the surrounding changes as well as address all the business activities done in past, present and future. Internal and external are the two main areas of risk to be considered:

Internal

To reassure management that the business is aware of, and in control of, current and future business risks

To safeguard business assets and reputation To help improve the business's operating performance and shareholder value To improve efficiency by reducing risk exposure inherent in the business processes

To support the achievement of strategic goals

External

To ensure compliance with regulatory requirements To deliver competitive advantage To reassure stakeholders and interest groups that the business is actively managing risk

The process

The main stages found by the Financial Service Authority in risk management are a follows.

Identifying Assessing Mitigating

15

Monitoring reporting

However, it is significant to mention that reporting is not the last stage of risk management. In fact it is an iterative process that should be kept repeating by the organisations.

Approaches to crisis management

Planning before the actual occurrence of crisis is recommended as there would not be any time left after. There must a procedure to follow which should be well documented. So that, it be consulted quickly in case of need.

1. Start with an Approach Planning is the initial step in dealing with crisis and it should be done before the crisis occur. There must be some options available when crisis occurs and they should be planned and well documented. Now the plans are made with consulting the crisis policy of company and giving a path to follow in different situations. This should help decision makers what to do in case a crisis occur. Although, it is not possible to document all type of crisis, but still the most probable events can be listed. If top management is agreed to the approach, it becomes sound and safe to follow for managers (Christopher and Fee, 2002).

2. Build a Strong Reputation Building a good reputation in advance is always cheapest way of dealing with the crisis. The organisation possessing the good image will better be able to handle crisis as compared to one that doesnt have it (Christopher & Fee, 2002). Goodwill can always be cashed in need. When the crisis occurs stakeholders will never trust on the organisation. Thus it is important for the organisation to invest in goodwill beforehand. Stakeholders perception will be influenced by the past behaviour of organisation. And this statement is true for each group of stakeholders irrespective of their interest in the organisation.

3. Create a Crisis Team

16

There must be someone who will be in charge in the event of crisis. This has to be decided before hand. Idly, a member of top management should be in crisis management team. Since it will be consuming the members most of the time, someone who can step out of his routine jobs and give plenty of time should be included in the crisis team. Team members should be from the following departments:

Legal;

Public Affairs;

Human resources;

Research and Development;

Operations;

Security; and

Logistics.

Impact of breaks of business continuity The cost of the impact on an enterprise of not having a business continuity plan when an event occurs that would require the invocation of the BCP is not known. According to Alexander et. al (2005) when compared to an enterprise that has an effective BCP, it is reasonable to assume that one that hasnt, and which has its operations seriously disrupted by an unexpected event, is likely to: Take longer to respond to the event; Take longer to recover its critical functions; Make more incorrect decisions in the early stages; Have greater problems communicating with its stakeholders.

17

Although these are the things that make up the impact of not having a business continuity plan, the real cost to the enterprise will be confined to those things that are not, or cannot, be insured. Some enterprises do not insure against such things as terrorism or denial of access, and although insurance can cover physical loss, cost of additional working, and lost revenue from business interruption, it does not normally cover the loss of: Customers Business opportunities Reputation Brand value.

Conclusion Risk is inevitable in any business; there are certain kinds of risk management strategies for different kind of risks which occur in the business industry. Risk management is a complex process can be adopted with throughout study of the field. This paper has enabled us to understand the basics of risk management that managers must know. There are different types of risk as well as different approaches to handle it. However, some strategy must be there in advance to follow in case of crisis. This paper has taught about various impacts of risks and way to manage it.