Good management requires an ongoing process for identifying and assessing risks in terms of likelihood and magnitude of impact. It also includes a risk response strategy and ongoing monitoring. Disclosure on risk management help investors assess the risk-return profile of companies. It can lower the risk premium in markets with information asymmetry and high perceived risks, including emerging markets.
Risk assessment involves analyzing the likelihood and magnitude of inherent and residual risks—those that cannot be avoided—as a basis for determining how the company should manage and mitigate them.
The report should describe:
Risk events: significant risk factors that have the potential to significantly affect the company and its operations and how they might be triggered.
Risk analysis: likelihood and magnitude of the impact of significant risk events on operational and financial performance.
Risk response is the course of action a company chooses to take when a risk event occurs. It should be aligned with the company’s risk appetite and tolerance levels. Risk responses include accept, avoid, limit/mitigate, and transfer.
The report should address:
Risk mitigation for each significant risk;
Disaster-recovery and business-continuity plans.
In this example the South African iron-ore producer uses a heat map to present its risk factors, showing the likelihood and magnitude of impact, and integrates both financial and sustainability risks.
This example show how the Hong Kong Telecom operator describes its main risks, how those risks evolved during the past fiscal year, and the company’s key risk mitigation efforts.
In this example, Antofagasta provides a description of its principal risks using a risk heat map that plots the Chilean mining company’s major risks in terms of magnitude and probability of impact.
