Business risk    System risk^[5]    Event risk  

Process risk is the risk of loss that results from inadequate or inefficient proceses. Many forms of process risk occurs within many business transactions, such as fulfillment, and/or documentation processes. The process risk in fulfillment is negatively related to the supply chain performance. ^[1] For example, a company that does not have an efficient manufacturing process may not efficiently fulfill customer orders which may undermine the performance of the business. Any disruptions in the production process poses the threat of losing current and potential customers. Thus, an increase in process risk is associated with a decrease in the supply chain performance. The latter form of process risk is especially more common within the banking industry. For instance, banks generate a mass amount of documentations. Any informational error or inaccurate input of data within the documents may overall weaken the effectiveness of financial contracts, and this form of risk may also overlap other risk, such as legal risk.^[2]

Business risk

Business risk refers to the risk of loss that an organization is subjected to due to unexpected changes in the competitive environment or to trends that bring damage to the franchise and / or operating economics of a business. In today’s business climate, one of the top business risks in large swathes of the world’s economic-powerhouse cities is the prospect of cyber-attack, as found by a study done by the Regional Risks for Doing Business report, an interview of over 12,000 executives across the world^[3]. This risk tended to be viewed as a greater risk among executives in more advanced economies, particularly the top 19 countries from Europe, North America, India, Indonesia, Japan, Singapore, and the United Arab Emirates.

According to Bromium’s EMEA CTO Fraser Kyne, businesses are spending an estimated USD 118 billion on cybersecurity, globally, but are still suffering from cyber-attacks despite their investments. These cyber-attacks have been described as simple, but they have been very effective because cybersecurity architecture is typically built on a premise that overwhelmingly relies on detecting threats, which means that if it is unable to detect new threats – because of their newness –, it is simply unable to see the threat at all, making it an ineffective defense system. Furthermore, the trends of cyber-threats continuously evolve and adapt to take advantage of weaknesses in systems and procedures, even more so through the rise of global cloud computing and data storage.

Some forms of business risk are less evident, less measurable, and are seemingly-innocuous, but have been known to leave companies vulnerable when they least expect it. An example of this would be poor communication or simply, poor use of words in the plane of context. Eric McNulty, the director of research at the National Preparedness Leadership Initiative warned that “skewering” of corporate-speak is not a light matter, as “our words will determine our future and the futures of our companies, industries, and societies”^[4]. Research over the past decade has also shown that executive candor can affect financial performance; a Forbes research showed that companies excelling in candid communications posted returns that were up to double the average of the market, and that companies that have failed to demonstrate consistent and appropriate candor consistently underperformed the market. In this regard, the business risk is less financial and can even be subject to weight of opinion and implementation, but it can be a dangerous prospect for an organization to ignore the possible implications of leaving certain variables and factors to fate or recklessness. This can be particularly important with how a company words the contents of its website or advertisements, for instance.

The presence of business risk entails the use of risk management techniques, as a measure to mitigate risk exposures and help lower the types of losses the organization is set to face. The objectives of risk management are to minimize, control, and monitor the probability and / or impact of risk.

System risk^[5]

In today’s digital age, many businesses have replaced labor with electronic technology. Technology has become very important, but there are more examples of business failures due to technical mistakes. Now, many companies use specific techniques to manage the entire company system, including employees, design, production and so on. However, if the technology cannot be updated in time, it will differ with the current business development, and it also will increase the possibility of new risks. In general, system risks include system availability, system size, data integrity, unauthorized data usage, and the ability to recover systems in an unexpected situation.

Another example of system risk is to use the inaccurate financial model, which can cause unpredictable losses. Some Institutions that specialize in helping companies assess business and investment opportunities may use unsuitable models or data, so sometimes they may neglect many potential risks. Misuse of the financial model may be a wrong strategic decision because it underestimates the economic value added (EVA) of the costs of risk; it may also be a wrong investment decision because the price assumptions of complex derivatives are inaccurate. Many companies to be reported by economic news because of the inaccuracy of the financial model.

Besides, the risk of procedural errors and lack of planning are also important. An algorithmic small mistake can quickly spread through some models and networks and can cause massive damage before the mistake is discovered. At the beginning of the 21st century, huge expenses were incurred because of the remedy for Y2K^[6]. This is an excellent example of how much damage a small one would bring. Finally, system failure is also a significant risk for the company because it is likely to cause the entire production line to stop.

Security has also gradually become another key risk, especially with the proliferation of e-commerce. In the early 2000s, cyber hackers successfully got hundreds of thousands of users’ credit card information from an Internet music retailer, because retailers simply stored unencrypted credit card information on a web server. It gave the hacker an opportunity to download the user’s personal information by the weaknesses of the software.

Similar events happen almost every day, so requiring companies that use a lot of electronics to pay more attention to data security because data associates with the entire business process and system. While hackers can think of ways to solve protection software, there are many ways to reduce the number of times that the company becomes a target.

External fraud is the risk of accidental financial, material or reputational damage caused by fraudulent practices outside the company. It is a recognized risk category in the global regulatory framework (Basel II standard). The precise definition of external fraud by Basel II is: losses caused by third parties’ intention to defraud, misappropriate property or evade the law.External fraud includes 2 categories that are theft and fraud, and systems security. Theft and fraud includes theft/robbery, forgery, and check kiting. Systems security includes hacking damage and theft of information.

Further Categorization: External fraud events vary by the number of people involved and the "vector" or mechanism of attack. An important distinction concerns the identity of individuals involved in the External Fraud event. We can distinguish：

First Party Fraud (fraud committed by an individual or group on their own account)

Third Party Fraud (fraud committed by means of use of a third person's identity)

Examples of External Fraud by Business Line: Corporate Finance: Loan Fraud, Client Misrepresentation of Information, Theft.Trading and Sales: Cybercrime, Forgery. Retail Banking: Cybercrime, Check Fraud, Theft of Information, Theft of Assets.Commercial Banking: Fraudulent Transfer of Funds, Credit Product Fraud (loans, letters of credit, guarantees)Payment & Settlement: Payment Fraud

Mitigation of external fraud: External fraud is mitigated by strong internal controls, including systems and processes, and is supported by a corporate risk culture embedded in employees. The sound management principles of operational risk also apply to external fraud.

Fraud by suppliers^[8]: External fraud by suppliers includes: Insufficient supply of goods or insufficient supply.Payment for undelivered services and goods. A rebate for a biased supplier.Pay false claims to false suppliers.Checks are only paid in cash, not authorized checks.Purchase items for private use.

The ways to avoid fraud by suppliers: Ensure that employees are properly trained in accounts payable and storage functions.Ensure that supervision takes place in dealing with income and payment expenses.Ensure purchase, receipt and the payment function is isolated so that no one performs all three duties.Ensure that the relationship between your business members and suppliers has guidelines to avoid prejudice and incentives from suppliers (gifts).Ensure audits for all areas of procurement, including petty cash, unreceived items and all invoices.

Event risk

Event risk^[9] usually refers to unpredictable upcoming events that have a negative impact on companies, institutions and security.

• Examples

event risk may arise from the company's own actions, such as restructuring or acquisition. It may also come from outside corporate behavior, such as acquisitions or leveraged buyouts (LBO) events, and may even be completely independent of the company's operations, such as natural disasters or computer viruses.

The September 11, 2001 terrorist attack in New York was a great event risk. It caused huge losses to many large organizations, such as airlines and financial services, and disrupted normal business activities^[10].

• The ways to control even risk

Companies can buy insurance to avoid or reduce losses, such as fires, earthquakes and other natural factors. But other incidents may not be able to buy insurance, such as terrorist attacks, because insurance companies do not provide insurance. Usually, companies can protect themselves from risks through financial services such as act of God bonds, swaps, options and debt collateral. Another way to control event risk is through acquisitions or restructuring, such as mergers or acquisitions or leveraged buyouts. These approaches may require companies to take on new debt and give them higher interest rates, but they may have difficulties repaying some small companies. Companies also face regulatory risks, as new laws may require companies to pay a huge price for changing business models. For example, the new law requires people to ban smoking, and the cigarette sales service industry will face instant bankruptcy.

• Pacchimiriam Adiyappa
• Pacchionian bodies
• Pacchionian glands
• Pac choi
• PAC code
• PACCS
• PACD
• Pac dots
• Pace
• Pace Academy
• Pace Airlines
• PACE Award
• Paceband
• Pace bolwers
• Pace bowler
• Pace (bus)
• Pace Car
• Pace cars
• Pace (Chicago)
• Pace Club Warehouse
• Pace Club Wholesale
• Paceco
• Pace College
• Pace (Company)
• Pace (company)