Updated July 14, 2023
Definition of Risk Analysis
Risk analysis is a small component of risk management technique, wherein the risk manager conducts a pro-active evaluation of risks associated with a particular project or event or the whole organization through risk assessment procedures, develops a risk mitigation plan accordingly to manage those identified risks & makes sure that the program is implemented in the organization.
Explanation
- Suppose you want to invest in a stock. What do we expect after such an investment? A positive return. What if the return turns negative? That’s called a risk to the investment.
- Risk can be any negative outcome of any event, transaction, or business transaction. Analyzing the risk means identifying the possible issues affecting the critical objectives.
- Risk analysis is not an assured event but a probability of an adverse event within the entity that may affect an entity’s operations.
- Risk analysis can be applied to various events, transactions, situations, or entities. Some examples of risk analysis are the chances of success or failure of a business plan, a standard deviation of a portfolio return, volatility in the stock market, etc.
- Risk analysis may be classified either as quantitative risk analysis or qualitative risk analysis. Quantitative risk analysis is based on simulation or deterministic methods (i.e., on some data quantities). The variables are primarily based on certain logical assumptions. An example of quantitative risk analysis includes the Monte Carlo simulation.
- On the other hand, qualitative risk analysis is based on a textual description of uncertainties prevailing, the impact of such uncertainties & countermeasures available for mitigation. The best example of qualitative risk analysis is SWOT Analysis.
Process of Risk Analysis
The main steps in the risk analysis process are described below:
- Risk Assessment Survey: This is the first step in the risk analysis process. This step involves obtaining sufficient information from the entity management for whom the analysis is being done. In case of any back-holding by the administration, the objective of risk analysis may not be served. Under this step, specific risks relevant to the situation are analyzed. Regarding stock risk analysis, data regarding past returns are obtained under this step.
- Identification of Probable Risk: The above step provides inputs for the second step. The survey helps the risk manager to identify various events due to which risk can occur. Risks can be an occurrence of human error or fire or natural calamity or any potential outburst, etc. For a stock, risk identification is associated with the company’s attributes.
- Analyze the risk: After identification of risk in the second step, the risk manager needs to perform an analysis of risk. Here, analysis means assessment of the likelihood of occurrence of the adverse event. This step should provide inputs regarding the possible implications of risk occurrence & the impact on the entity’s objectives. For a stock, this step means the percentage of loss to be suffered in case of a downfall in the stock price & consideration of available hedging instruments to hedge the occurrence of failure.
- Risk Mitigation Plan: This is part & parcel of the above step. Here, a formal plan is formulated to mitigate the risk to the extent possible. Here, recommendations are provided to mitigate the risk for each valuable asset. For a stock, the mitigation plan is choosing a derivative to cover the loss suffered.
- Implement the plan: After preparing the risk mitigation plan, it is critically analyzed whether the program will be effective for the said purpose. Measures are taken to reduce the risks. Priority attention is given to high-risk category events. For a stock, this step means buying or selling the derivative to recover the loss in stock.
- Monitor Risks: The job is not done just at the implementation stage. Regular scrutiny is made to ensure that the plan works well within the set parameters. In case of deviation or the program does not protect from risk, the plan must be revised to consider new risks. For a stock, this step means monitoring the returns of a derivative instrument.
Example of Risk Analysis
Suppose a company needs to purchase a new raw material for its new business segment. Should it purchase the raw material from any of the available contacts? Each decision has some impact.
There are a few risks, such as purchases from unapproved vendors, higher prices than market prices, or suppliers providing quality materials. In this example, we have devised a risk analysis plan which identifies the risk, provides mitigations & provides control parameters for mitigating risks. The details of the matrix are as under:
| Risk Matrix | Process Step I | Process Step II | Process Step III |
| Control Objective | To ensure that purchases are made through an approved vendor | To ensure that purchases are made within a reasonable price and by T&C | To ensure that the supplier meets the quality standard of the company |
| Risk of material misstatement | Purchases are made from an unapproved vendor | Purchase is not made within a reasonable price and by T&C | The supplier did not meet the quality standard of the company |
| Control No. | AP 1 | AP 2 | AP 3 |
| Control Description | The company has a standard category-wise procedure for vendor selection- 1. Direct purchase / Diesel Procurement – Vendors are fixed in the system, and no other choice is made.
2. Purchase of Auxiliary, Indirect items – vendor selection procedure should be followed. |
Quotations are invited from at least three vendors, except for cases where there are specific asset/material requirements that one particular/existing vendor can fulfill; further quotations are not invited. The purchasing team negotiates on price and T&C with all vendors and finalizes the vendor along with the costs and T&C. | Before placing the final order with the newly selected vendor, the purchasing team asks for a sample order delivery for a small quantity from the vendor, which is scrutinized in all parameters as per the quality standard of the company at the vendor’s place for which the vendor does no separate invoicing. Clearing the Scrutiny stage is the prerequisite for a final order. |
| Person in charge of control | Mr. XYZ | Mr. XYZ | Mr. XYZ |
| Nature of control (Key/Non-Key) | Non-Key | Non-Key | Non-Key |
| Risk Category (H) High, (M) Medium, (L) Low |
M | H | L |
| Frequency of control | As and when required | As and when | As and when |
| Control type | Automatic/ Manual | Manual | Manual |
| Preventive/Detective | Preventive | Preventive | Detective |
| Control Classification (O) Operating,(F) Financial,(C) Compliance |
O | O | O |
| Control performed by | Purchase Department | Purchase Department | Purchase Department |
| Accuracy / Occurrence | Applicable | Applicable | Not Applicable |
| Completeness | Applicable | Applicable | Applicable |
| Valuation | Not Applicable | Applicable | Not Applicable |
| Cut Off | Not Applicable | Not Applicable | Not Applicable |
| Primary COSO | Control Activities | Control Activities | Control Activities |
Types of Risk Analysis
Types of risk analysis include analysis of different genres of risk. A company may face business-related, non-business related risk & finance-related risks. Each one of these is discussed below:
- Business Related Risk: This is the average risk suffered by the owners of an entity. Every business has some inherent risks in it. The risk managers are the analyzers of business who take care of possible risks. Business-related risks can be stock out a situation in the company, non-availability of critical resources to run the entity’s operations, an increase in competitors, etc.
- NoN-Business Related Risk: These risks are around the business & not directly related. Due to no direct link with the companies, such risks are not controllable by an entity. Examples include political risk, economic downturns for an entire industry, Covid-2019, etc. Such risks are difficult to deal with since it entirely depends on the outsiders of the business (such as Government policies, demand cycle, a vaccine for a virus, etc.)
- Financial Related Risk: Finance is the blood for the smooth running of the business. Non-availability of liquidity to expand an entity’s operations, non-availability of potential investors for business, etc., are some of the finance-related risks. These risks can be eliminated but not that easy. It requires the expertise of professional risk managers.
Risk Analysis Table
The risk analysis table is the outcome of the process of risk analysis. We usually provide a risk analysis matrix in which risk is identified for each process & controls are suggested thereat. Let’s consider a blank template for the risk matrix for treasury management within the entity:
| Risk Matrix | Process Step I | Process Step II | Process Step III | Process Step IV | Process Step V | Process Step VI |
| Process | XXXX | XXXX | XXXX | XXXX | XXXX | XXXX |
| Control Objective | XXXX | XXXX | XXXX | XXXX | XXXX | XXXX |
| Risk of material misstatement | XXXX | XXXX | XXXX | XXXX | XXXX | XXXX |
| Control No. | XXXX | XXXX | XXXX | XXXX | XXXX | XXXX |
| Control Description | XXXX | XXXX | XXXX | XXXX | XXXX | XXXX |
| Person in charge of control | XXXX | XXXX | XXXX | XXXX | XXXX | XXXX |
| Nature of power (Key/Non-Key) | XXXX | XXXX | XXXX | XXXX | XXXX | XXXX |
| Risk Category (H) High, (M) Medium, (L) Low |
XXXX | XXXX | XXXX | XXXX | XXXX | XXXX |
| Frequency of control | XXXX | XXXX | XXXX | XXXX | XXXX | XXXX |
| Control type | XXXX | XXXX | XXXX | XXXX | XXXX | XXXX |
| Preventive/Detective | XXXX | XXXX | XXXX | XXXX | XXXX | XXXX |
| Control Classification (O)Operating,(F) Financial,(C) Compliance |
XXXX | XXXX | XXXX | XXXX | XXXX | XXXX |
| Control performed by | XXXX | XXXX | XXXX | XXXX | XXXX | XXXX |
| Accuracy / Occurrence | XXXX | XXXX | XXXX | XXXX | XXXX | XXXX |
| Completeness | XXXX | XXXX | XXXX | XXXX | XXXX | XXXX |
| Valuation | XXXX | XXXX | XXXX | XXXX | XXXX | XXXX |
| Cut Off | XXXX | XXXX | XXXX | XXXX | XXXX | XXXX |
| Primary COSO | XXXX | XXXX | XXXX | XXXX | XXXX | XXXX |
Here, “xxxx” means a detailed description of each item of the process. The above template is famously used in analyzing the risk associated with the internals of an entity & the operating effectiveness of those controls.
Techniques of Risk Analysis
Some of the famous risk analysis techniques are discussed in short below:
- SWIFT Analysis: SWIFT means Structured What If Technique. Here all “ifs and buts” of an event are identified & analyzed for solutions.
- Delphi Technique: It is a method of forecasting framework wherein multiple rounds of questionnaires are sent to a group of experts & results from such outcomes are analyzed separately.
- Decision Tree Analysis: It provides a solution for different pathways of situations that may occur after each event. Each decision has an outcome. The decision tree analyses the product separately.
Benefits of Risk Analysis
- Early identification of risks is possible.
- Early mitigation of those risks is possible with a better mitigation program.
- It provides proactive disclosure of the situation to the owners of the entity.
- It also identifies the gaps in the existing control mechanism.
- It provides an analysis of the overall impact of those assessed risks on the organization as a whole & its business.
- It further enhances communication within the entity.
- The objectives of a business are upheld & help a business survive in critical times as well.
Disadvantages of Risk Analysis
- The risks are not sure to happen. There is an element of probability. The actual risk may or may not crystalize.
- Risk analysis only discloses the situation but does not measure the financial impact of such risk.
- Data is open for manipulation. The first step of risk analysis is a risk assessment survey, wherein the risk manager depends on inputs from the entity itself.
- Incorrect inputs result in incorrect evaluation, which results in incorrect analysis & inefficient risk mitigation measures. This derails the primary objective of risk analysis.
- The analysis is subjective for each person & some professional judgment is involved.
Conclusion
Risk analysis can also be termed as the risk appetite of a person to bear the risk. In the stock market, risk appetite means the amount of loss a person can handle & may take action after the upper level of patience is breached. Say a person cannot bear a loss of more than 7% in the stock. He should take action for our 6.5% loss in such a case.
Recommended Articles
This is a guide to Risk Analysis. Here we also discuss the definition and process of risk analysis with examples and types. You may also have a look at the following articles to learn more –
