Risk is an everyday hazard that faces banks, funds and insurers. It can usually be mitigated, but it is rarely eliminated completely. There are some cases where a positive “hazard” is a very good thing to have – each business faces a risk or probability of making profits. Millions of people buy lottery tickets each day facing the small risk that they will become instant multimillionaries. Business always encounters some form of risk.
It is good that we recognise that operational risks are present in our company. It is better when we can predict the risk event that will happen. It is best when we have reinforced the general resilience of our system through risk management countermeasures. The business operational risk shock is going to be absorbed by our company, so the company has to respond.
Not all banks have put operational risk firmly on their corporate radar. Few banks seem to have detailed an operational risk map by making provisions for expected operational risk. Basel surveyed 89 banks, and only 33 had designated expected operational risk loss measures.
Therefore, we need a management structure to plan the continuing and increasing system resilience of the company.
Doing risk management, rather than merely talking about it, will separate the banks from the boys for Basel II implementation. The measures of pricing, reserving and expensing for OpRisk are already one significant step ahead of risk managers simply answering:
We are risk-compliant because we have already submitted the Risk Compliance Report.
This reporting for the sake of reporting is a risk-ignorant form of control activity in a mindless ticking of boxes in a questionnaire. Will reporting and complying with the regulations catch out the next Enron?
The above techniques get us closer, may be, to a real-life model of risk management that we call ‘organic’. Basel II reaches for some risk silo integration, but real life is messier. Messy problems can be handled in a project management control structure, such as RAMP.
An investment company, with its people and processes, its clients and their investment needs and preferences, is like a living organism. It can encompass every type of business risk, instead
of just the ones we would like to handle. We see that there are many organic risk stakeholders at play in the market.

Risk management is a sequential series of tasks: analyse, forecast, investigate and mitigate against risk. Risk reporting alone is just fine for appearance – this is where many lax financial companies ran into trouble in recent years. Any reaction to a threat in such firms is likely to be ineffective because the risk management function will be underfunded and understaffed. Lack of training and proper risk management procedures result in a haphazard counter-attack against risk. Organic risk management takes the human and team factors into account to build a risk-managed corporation. This means an active risk outlook, not a passive one.
RAMP is a project methodology that has in-built self-checks to counter bias or project deviation. It should be considered for managing financial projects. This way we can have a real audit check that goes beyond simple numbers on the balance sheet, towards monitoring the fundamental sources of business risk. RAMP provides a design template for implementing a project.

Corporate cover up works most of the times. When it does not, it boosts the impact. Covering up transforms a high-probability low-impact risk into a low-probability high-impact risk. Accounting analysis is generally the prior step before making the investment. Other proposals are to invest where:
1. Accounting standards are strong enough to link reporting to reality. .2 Accounting statements from publicly quoted companies are accurate and timely, and a regulatory framework exists to enforce the accounting principles.
There are other tell-tale signs to spot within the increasing onslaught of corporate PR and white-wash:
Too optimistic sales forecasts – take your risk analytical Kalashknikov and shoot the balance  sheet apart. Does the overall balance sheet “feel” right – too rapid a turnaround?  If the balance sheet is that good – then why are directors dumping their shares?
Do we have a good balance of voices on the board, or are they all in unison trying to get into  some scam?  Were there a few too many “balancing items”?
Which period were the majority of revenues booked and received (no receipt means no  revenue).  What sort of products and services were called revenue-producing?  Are they disposing of a lot of assets from the group?
Is the auditor also employed in another fee-paying activity within the company? Another view for detecting cooked accounting books:
1) Record revenue too fast or too much. 2) Registering false revenue. 3) Increasing income with once-off gains. 4) Shifting expenses back or forwards into another period. 5) Reducing liabilities or completely omitting them.
6) Shifting current revenue forwards into a future period. 7) Shifting future expenses back or forwards into another period.
How long can this go on? It is not acceptable corporate behaviour, but if we are to believe the regulators, it will continue as long as companies grow or change.
In each of the cases involving banks, management seemed to be content with the loss of vigor in the process and the external auditor was apparently satisfied to simple collect a fee. This is totally unacceptable. Further, as the organization evolves by offering new products, changing processes, outsourcing services, complying with the new regulations, or growing through mergers, the controls need to be modified to reflect the changes in risks. In some case, the controls failed with respect to the newer risk exposures that were not identified, or growth put strains on existing control processes that were not suitable for a larger organization.
Risk management means not sleeping on the job.

A US survey concluded that 6 % of business revenue or $400 billion is lost within the UK economy as a result of fraud, and a most of this loss comes from internal staff. Furthermore, KPMG estimated that only 4 % of these fraud incidents were spotted during external audit. The reasons for this huge damage comes from a lack of internal corporate controls and poor stock-control/accounting.
Many shareholder interest groups exist to protect the rights of the smaller investor. Grouped together, they command a huge pension fund and influential voice. Calpers, Teachers, NAPF and PIRC are among many. PIRC (Pensions and Investment Research Consultants) was vocal in its criticism of arrogant boards that do not press forward to embrace corporate governance recommendations0 PIRC has called for more transparent and accountable directorships to
make UK boards more geared towards increasing shareholder value and socially responsible investment.
PIRC is an agency committed to SRI (socially responsible investment). It encourages investors to monitor how companies are managing their stakeholder relationships. One byproduct is FTSE4Good as an index of SRI stocks that such investors can choose from. PIRC gives investors relevant information and SRI advice, particularly on corporate governance, including:
shareholder rights  best practice compliance  suitable board structures  remuneration schemes  investor relations.
PIRC has called for a series of changes to make UK board of directors more effective.
Encouraging more boards to have more non-executive directors than executives.  Making sure non-executives are genuinely independent rather than chums of the chief executive. PIRC says only 20 % of FTSE 100 boards have a majority of independent non-executives.  Independent appraisal of board members.  A widening of the pool of non-executives. Companies could advertise for new recruits.
Better resources for non-execs, including secretaries and researchers as well as access to  independent research and advice.
More contact between non-execs and shareholders.
NAPF (National Association of Pension Funds) operates with a similar mission. Its priority is to ensure an efficiently regulated market for the provision of employer-sponsored pensions. It advocates sound governance of pension fund assets as NAPF represents pension funds that cover about 10 million UK employees. These funds control 20 % of the shares of the London Stock Market. NAPF also opines that independent directors articulate the wishes of their investors, while the non-executive directors fully understand the shareholders’ expectations of them. One role could be for them to exercise effective restraint over the sympathetic remuneration committees that are inclined to pay the top executives too much (“fat cats”).
Fat cats are blamed for skimming off the cream from the corporate milk, so impoverishing their investors. Executives have to be charged with the duties of wealth creation and safeguarding it through risk management, not for sleeping on the job. The risk management directors’ duty is listed in the Basel II banking document that prescribes a healthy environment for business. It states that the function of risk management should go all the way to the top:
The board of directors should be aware of the major aspects of the bank’s operational risks as a risk category that should be managed, and it should approve and periodically review the bank’s operational risk management framework. The framework should provide a firm-wide definition of operational risk and lay down the principles of how operational risk is to be identified, assessed, monitored and controlled/mitigated.
Invest within companies where there is a culture of openness and risk management. The new Basel II banking regulations encourages corporate transparency. One’s conscience is better put at rest than by a superficial report that white-washes the remaining dangers.
We have looked at sensing for top management errors and lack of ethics deep down the company – see AEW: advanced early warning.
Your sixth sense can save you a lot of money!