Criteria for assessing the effectiveness of the risk management system. Criteria for the effectiveness of risk management 59 assessment of the effectiveness of the organization’s risk management system

This article is also available:

Financing

The research was carried out with grant support from the Russian Foundation for Basic Research (Department of Humanities and Social Sciences), project 16–02–00531a.

Dyatlov S.A. , Shugoreva V.A. , Lobanov O.S.

Assessment of management tools for the effectiveness of banking risk management// Modern control technologies. ISSN 2226-9339. — . Article number: 7704. Publication date: 2017-05-30. Access mode: https://site/article/7704/

Introduction

The current situation is characterized by the unfolding of the global financial and economic crisis, the transformation of global and national economic and financial banking systems, and the intensification of hypercompetitive struggle in world markets. Today there is an urgent need to develop a new paradigm, a transition to a new negentropic model of economic development, a new model of risk management in the context of increasing global innovative hypercompetition. The main paradigm of banking risk management experience was that the protective function is primarily a management function, requiring key decisions from top management to protect banks from various financial consequences. However, management was unable to effectively ensure the level of global decision-making so correct as to develop the business and, at the same time, successfully reduce losses from risks. More precise process tuning was required. The old paradigm required rethinking and modernization.

Development of new information banking technologies, widespread adoption of electronic payment systems, active implementation of remote service services, multiple growth of banking transactions, incl. using bank cards is accompanied by an increase in the risks of hacker attacks and an increase in the number of fraudulent schemes to steal funds from customer accounts via the Internet. Thus, on May 12-15, 2017, a large-scale hacker attack was launched (infected with the WannaCry computer ransomware virus) on computers and servers of companies in various countries, including electronic payment systems of large banks in industrialized countries of the world, including China, Russia, the USA, EU countries.

The most important tool for reducing electronic vulnerabilities, risks and overcoming the digital divide in the financial and banking sector is the convergence of information spaces, institutions and services of public and private electronic payment systems. Leading banks began to introduce a three-level line of defense into their electronic banking systems, which involved not only bank managers, but also employees working with clients (first line of defense), bank risk managers (second line of defense) and the internal control service (third line).

The risk management system, like any system, consists of elements. People, processes, tools and models. Building this system requires a clear understanding of the goals that the system must fulfill. The goals of the system are determined by the requirements of the regulator, as well as by the shareholders of a commercial bank. Achieving these goals in itself does not mean that the risk management system is working effectively. Compliance with the requirements of the regulator is an important and necessary part of building a system, without which the existence of a commercial organization is, at a minimum, illegal, but an important role is played by the goals set by shareholders, understanding that the risk management system should protect the bank from unforeseen threats, while at the same time not interfering business to perform basic banking tasks. Building a balanced system of goals is a very complex and extremely important part of building the interaction of elements of a risk management system.

The bank needs to understand what the maximum amount of risk is acceptable for doing business, allowing it to receive the planned income. Moreover, this size can be regularly changed and revised depending on the current market and economic situation. This size is usually called risk appetite or risk appetite.

Risk appetite can be defined as the total maximum level of risk (possible losses) a bank is willing to accept in the process of creating value, achieving established goals, including target profitability, implementing strategic initiatives and fulfilling its mission.

The system of risk appetite limits and the procedure for its functioning must be recorded in the bank’s internal regulatory documents.

If you set the task of assessing the effectiveness of a risk management system, then it is necessary to determine the tools that can be used in this system to achieve the necessary risk appetite indicators.

Purpose of the study– identify and evaluate existing means of managing the effectiveness of banking risk management. Currently, there are many different tools, models, approaches and indicators that, to one degree or another, can assess the current state of risk management in a Russian bank, as well as directly or indirectly influence changes in this state. The object of the study is a joint-stock commercial bank. The subject of the study is the banking risk management system.

Research methods

If we look in more detail at the methods that Russian banks use, then to assess efficiency we will highlight several tools used in banks and which significantly influence the risk management system:

Indicators:

1. Risk Adjusted Return on Capital (RAROC);
2. Key risk indicators.

1. Application of stress testing methods;
2. Self-esteem;
3. Introduction of risk culture.

Each of these indicators or methods is a modern tool for assessing and influencing the risk management system. Banks themselves choose which of these instruments to use in their activities. One of the tasks set within the framework of the study is to identify those tools that require improvement; within the framework of this task, an integral indicator has been proposed and developed, taking into account the features of all tools, as well as those qualities that directly affect the risk management system as a business process.

This integral indicator was calculated by experts using the point-weight approach and the method of expert assessments, which was proposed by S.S. Belikov to assess the quality of the risk management system. To evaluate the tool system S.S. Belikov identified 4 groups of criteria:

• level of documentation base,
• level of interaction between departments and personnel,
• level of organization of the management system,
• level of ensuring uninterrupted operations.

At the same time, the instruments in this study were divided into types of risks. The developed analysis system was based on 6 key criteria:

• effectiveness,
• overall efficiency,
• rationality and expediency,
• reliability and functional adaptability,
• compliance with norms and standards,
• quality of organizational and information support.

Currently, these criteria do not fully cover the properties of tools that directly affect the risk management system. The proposed method is proposed to be supplemented and clarified with the following criteria characteristic of the current stage of development of the banking sector:

• the level of correlation between the indicator and the bank’s financial damage,
• the availability of an automated system that allows you to manage tools and calculations, cost, availability,
• availability of the ability to create a user interface and roles at all levels of personnel in the AS,
• the presence of a transparent reporting and decision-making system,
• rigor of hardware mathematical calculations (level of formalization of calculations),
• the influence of bank size on an indicator or instrument,
• dependence of the instrument on documents and instructions of the Central Bank,
• international practice of using the tool,
• using the instrument at the Central Bank to take into account your risks,
• integration of the indicator to bank personnel (level of coverage),
• taking into account all types of risk.

Now let's look at these tools and evaluate them according to the proposed criteria (points 1...10). The weights were proposed by experts based on a survey of risk managers with at least 3 years of experience in the banking risk management system and are presented in Table 1.

Table 1 – Tool evaluation criteria

Risk-adjusted return on capital (RAROC)

One of the most popular indicators both in foreign banks and in the Russian banking business is return on capital taking into account risk (Risk Adjusted Return on Capital, RAROC). This indicator can be used by banks as part of the Risk Adjusted Performance Management (RAPM) system. RAROC is calculated using the following formula (1):

Essentially, RAROC shows how much a bank, taking into account risk, earns over a period per ruble of capital consumed.

RAROC appeared in the banking industry as a more advanced alternative to the classic return on equity (ROE) indicator. To calculate RAROC, accounting indicators used in calculating ROE and related to the level of risk - expenses for reserves for possible losses and equity (capital) - are replaced with economic indicators that more objectively reflect the risks taken: expected losses (EL) and economic capital ( ECap, EC).

Thanks to this, compared to ROE, RAROC allows for a more detailed analysis of the bank’s activities in terms of the relationship between risk and profitability, since it can be calculated at low levels of segmentation.

RAROC calculation uses both accounting indicators and economic indicators. In this case, it is important to use calculation components that are comparable to each other, taken over the same period of time and obtained on the basis of the same array of borrowers or transactions.

The calculation and analysis of the RAROC indicator creates the prerequisites for more efficient use of the bank's capital through its redistribution to business units that generate the highest profitability taking into account risk.

Firstly, RAROC allows you to have a balanced and targeted influence on business development. Secondly, RAROC allows for more efficient use of the capital buffer (the difference between capital sources and capital requirements). Thirdly, both during a period of excess capital and during a crisis, when there is a shortage of capital, the use of RAROC will help limit/reduce the least efficient areas.

The scores for each criterion and the overall final score for the instrument are presented in Table 2.

Table 2 - Evaluation of the RAROC tool

I 1	I 2	I 3	I 4	I 5	I 6	I 7	I 8	I 9	I 1 0	I 1 1	Total
10	3	2	5	9	0	5	3	3	2	5	4,65

Key risk indicators

Key risk indicators (KRIs), as their name suggests, are indicators of the key risks to which a bank is exposed. They are part of the information that serves as an indicator of the bank's exposure to a particular type of risk.

Key Risk Indicator (KRI) is a quantitative indicator, calculated at a given frequency and used to assess the current level of risk, correlate the current level with an acceptable (threshold) value, identify problem areas and prevent possible losses through the development and implementation of preventive measures.

There are three main types of KIRs:

1. Single KIRs. For example, the number of dissatisfied customers.
2. Mixed KIRs. Contain two or more single KIRs, combined using the appropriate algorithm. For example, the ratio of the total number of customers and the number of dissatisfied customers gives the level of customer dissatisfaction.
3. High-quality CIRs. KIRs such as “audit rating” represent an assessment of the level of risk: “high”, “medium” or “low”.

There are also indicators that focus not on losses, but on business processes. For example, increased bank staff turnover is difficult to attribute to any specific loss because it reflects a process. Such indicators help assess the quality of operations for all types of risk. They tend to be historical too, in that they inform us of what has already happened and do not indicate where we should focus our efforts in the future.

Environmental indicators such as the number of complaints from clients, staff satisfaction with their work, and the number of trainings conducted for department employees are predictive.

In real life, there are thousands of various KIRs corresponding to the main processes, business areas, losses and events occurring in the bank, so the assessment process must be carried out based on historical data and using statistical techniques that identify relationships between data. Thus, as a result of a successfully carried out analysis of KIRs, the most important indicators that are key for this type of risk remain.

In practice, the effective use of indicators involves the simultaneous use of both historical and leading indicators. The more specific they are and the more accurately they reflect the profile of the corresponding risk, the greater the importance of working with indicators. The so-called “sensitivity” of the indicator reflects the effectiveness of its operation. Measuring sensitivity is not easy, so in practice, optimal thresholds for risk indicators are first quantified and then adjusted through modeling.

The scores for each criterion and the overall final score for the instrument are presented in Table 3.

Table 3 – Evaluation of the KIR tool

I 1	I 2	I 3	I 4	I 5	I 6	I 7	I 8	I 9	I 1 0	I 1 1	Total
7	6	7	3	3	3	3	6	4	8	5	5,40

Stress testing

An important tool for assessing the impact of extraordinary events on the financial stability of a bank can be stress testing. This tool allows you to analyze the impact on the bank of particularly large losses, the probability of which is outside the confidence interval on which the bank calculates its economic capital. Stress refers to the establishment of very unfavorable values ​​for macroeconomic factors affecting the bank, in particular values ​​that are more negative than those accepted for the pessimistic scenario of the bank’s business plan.

Stress testing can be carried out based on historical and hypothetical scenarios. Based on the foregoing, we can give the following definition of stress testing - this is an assessment of risk indicators and parameters of portfolios of assets and liabilities under conditions of unlikely, but possible, pessimistic scenarios, in particular, in order to determine the adequacy of the bank’s sources of capital to cover potential losses. It can be carried out both in the context of individual types of risks and aggregated.

Stress testing is used in various areas of risk management to solve the following various problems:

• capital Management,
• liquidity management,
• business planning,
• portfolio management,
• determination of risk appetite.

Stress testing allows you to assess the impact of pessimistic scenarios on all the main indicators of the bank’s activities: financial results and profitability, capital adequacy, liquidity standards, quality of the loan portfolio, etc. The results of stress testing and corresponding recommendations on a regular basis can be presented for face-to-face discussion by the bank’s collegial bodies .

The scores for each criterion and the overall final score for the instrument are presented in Table 4.

Table 4 – Stress testing tool evaluation

I 1	I 2	I 3	I 4	I 5	I 6	I 7	I 8	I 9	I 1 0	I 1 1	Total
3	2	2	4	3	6	0	8	6	3	7	4,25

Self-assessment of risks and controls

Self-assessment of risks and controls is the process of identifying, describing and evaluating potential risks and their associated controls. Although the fundamental principles of self-assessment are fairly well established around the world, ideas about the best approach at the micro level can vary greatly. The self-assessment process is primarily intended to identify and evaluate potential rather than current risks and incidents.

First of all, the self-assessment process is carried out to identify and document a list of the most significant risks and associated controls, increasing business awareness of the bank’s risks by broadcasting the results of the self-assessment. Thus, the main goals of self-assessment are:

• identifying significant risks and weaknesses in control systems, including developing risk indicators and control indicators to monitor risk and developing measures to minimize risk;
• increasing awareness about the level of operational risk and forming a risk profile of the bank and structural divisions;
• generating input data for scenario analysis, monitoring risk indicators and modeling capital requirements to cover operational risk.

According to generally accepted international standards, self-assessment should be carried out at least once a year.

The first stage of self-assessment is to determine the degree of exposure of the bank to a particular risk. Risk exposure may be determined by one or more of the following methods:

• interviewing authorized employees of the business being assessed;
• survey;
• analysis of the database of operational risk incidents (historical data);
• analysis of third party reports (external and internal audit, regulator, consultants, etc.);
• analysis of external data sources, such as the press and reviews of world practices;
• use of data available on the bank’s internal portal;
• conducting brainstorming sessions within the framework of seminars.

One of the most effective is the last method. During the seminars, representatives of structural divisions are involved, including both management staff and specialists. Participants are asked what they consider their risks to be.

In the process of self-assessment, similar to risk assessment, the effectiveness of control procedures is assessed (a 5-item scale is used with a rating from zero to high effectiveness). Together with the overall risk impact assessment, the assessment of the effectiveness of control procedures determines the rating of a given risk.

The scores for each criterion and the overall final score for the instrument are presented in Table 5.

Table 5 – Evaluation of the risk and control self-assessment tool

I 1	I 2	I 3	I 4	I 5	I 6	I 7	I 8	I 9	I 1 0	I 1 1	Total
3	4	8	7	2	6	2	7	4	10	4	5,05

Risk culture

Despite the fact that the concept of risk culture appeared a long time ago, there is no clear and unambiguous definition of this term in banking practice as such. However, already in 2016, the Bank of Russia, in accordance with the risk management policy, recognized risk culture as one of the most important elements of the risk management system. Thus, according to the regulator, risk culture can be defined as a set of values, beliefs, understandings, knowledge, norms of behavior and practices regarding the risks of the organization and their management, shared and accepted by all employees of the organization. It is worth noting that risk culture is based on a person’s values ​​and beliefs, which can only be accepted voluntarily. An important difference from other tools is that an employee cannot be forced to comply with the requirements of the risk culture.

This definition provides a framework for understanding what risk culture means in an organization, but still this definition is poorly formalized. One of the main problems of all organizations that implement approaches to risk culture is the lack of parametric assessment methods that would allow assessing the level of informal principles and beliefs.

For the majority of workers, employees who work in the risk management system, risk managers, seem to be people with specific mathematical knowledge that is inaccessible to the majority. Risk managers' decisions can be confusing, especially to those in business functions. Risk culture proposes to overcome these misunderstandings between risk managers and other employees.

In a developed risk culture, each employee, firstly, knows what the risk manager does and is responsible for; secondly, understands that the risk manager’s decisions are also based on the goals of the organization’s well-being; thirdly, he is motivated to practically apply the solutions of risk management systems.

Risk management, like any other management process, is clearly regulated. Organizational structures, roles, procedures, tools and models must work as a cohesive mechanism. But in today's difficult economic conditions, relying on formal mechanisms is not enough to ensure the sustainability of the bank's risk management system and its adaptability to the constantly changing external and internal environment. Knowledge, values, principles and beliefs in the field of risk management help to reliably close possible gaps and gray areas in regulatory regulation.

In banks, risk management is often dominated by either formal procedures or informal principles and beliefs. The most successful banks develop both.

Thus, the development of a risk culture is a very important stage in the development of the entire risk management system.

In practice, the level of risk culture varies from bank to bank. If the organization has a sufficiently strong risk culture, risk management permeates everything: processes, systems, management decisions, models, etc. In banks with a less developed risk culture, risk management is reduced to formal conclusions and recommendations of risk managers, often who do not have the right to vote when making business decisions.

Thus, the entire risk management toolkit, no matter how perfect it may be, is only as effective as the risk management culture in the organization is developed.

One of the reasons for the slow development of risk culture may be weak support for risk management from the top management of the organization. Understanding the importance of implementing risk management tools, management does not always realize that risk management concerns not only risk managers, but also other employees of the organization.

Another difficult barrier to developing a risk management culture is that people in business often resist attempts to look at their actions from a different angle and predict alternative scenarios. This is why much must be done to properly communicate the role of risk managers as partners and constructive counterbalances in the process of preparing and making business decisions.

Currently, banks are at different stages of risk culture development.

The period following the global financial crisis of 2008–2009 marked the beginning of the global banking industry's transition to a balanced risk culture. The concept of an organization's risk appetite has been developed. The widespread introduction of metrics that combine risk and profitability has made it possible to significantly reduce the degree of conflict between business functions and risk management functions, uniting them with common goals at all levels of the organizational hierarchy.

But the path of the world's largest banks to a balanced risk culture has proven difficult. Some banks overcame difficulties, while others ceased to exist due to shortcomings in their risk culture.

The concept of risk culture in a large bank is more focused on the tasks that are set for employees within the framework of the risk management system. For example, at Sberbank PJSC, risk culture is defined as an established system of employee behavior standards in the organization, aimed at identifying and managing risks. At the same time, a fairly formalized model has been developed, consisting of four areas, which describes this tool and allows you to work with it - risk awareness, response, respect for the client, the bank and oneself, and complete transparency of all processes.

The scores for each criterion and the overall final score for the instrument are presented in Table 6.

Table 6 – Evaluation of the risk culture tool

I 1	I 2	I 3	I 4	I 5	I 6	I 7	I 8	I 9	I 1 0	I 1 1	Total
1	4	7	3	2	6	2	6	6	4	3	3,8

The final table of the effectiveness of tools (1 ... 10) is presented in Table 7.

Table 7 – Summary table of tool effectiveness

Conclusion

For each tool, an integral indicator has been derived, which shows how effective this tool can be and is primarily used to assess and improve the banking risk management system.

The main conclusion that can be drawn from these calculations is that such an instrument as risk culture is the least developed and therefore in demand now in the Russian banking market. Calculations have shown that at the moment formal risk management procedures strongly dominate, and only superficial attention is paid to informal ones. This can be explained by the fact that informal tools are difficult to parameterize and apply any information technologies. But for modern banks that set themselves the task of progressive risk management methods that achieve maximum efficiency, it is necessary to develop both formal management methods and informal ones based on principles and beliefs.

One of the main and promising effects from the development of a banking risk culture is the improvement of the operational risk management system, because It is precisely this type of risk, where the peculiarities of human views and values ​​manifest themselves on both the positive and negative sides, that can be minimized through the development of tools of the same nature of influence.

Bibliography

1. Dyatlov S.A. Global innovative hypercompetition as a factor in the transformation of the world economy // Philosophy of Economics. - 2010. - No. 4. - P. 113-131.
2. Dyatlov S.A. Inflation targeting and the Goodhart effect / World Science: Problems and Innovations: collection of articles of the VIII international scientific and practical conference. In 2 parts. Part 2. - Penza: ICNS "Science and Enlightenment", 2017. - P. 163-167.
3. Dyatlov S. A., Lobanov O. S. Convergence of information spaces as a factor in reducing digital inequality in the Eurasian Economic Union // Regional economics and management: electronic scientific journal. ISSN 1999-2645. - No. 2 (50). Publication date: 2017-04-11.
4. Lobanov O. S. CASE technologies for designing information systems // In the collection: Information technologies in economics, management and education. - Saint Petersburg. – 2010. – P. 298-299.
5. Lobanov O. S. Economic justification for the use of software solutions that implement the budgeting function in organizations // In the collection: Application of the results of diploma design of university students in St. Petersburg in the interests of the socio-economic development of the city. - Saint Petersburg. – 2010. – P. 95-99.
6. Lobanov O. S., Artemyev A. V., Tomsha P. P. Division of information systems into subclasses as the basis for rationalization of the information space // International Scientific Research Journal = Research Journal of International Studies. – 2014. – No. 6-2 (25). – pp. 20-21.
7. Lobanov O. S., Ryabtsev I. V. Modeling business processes in the Casewise environment // In the collection: Development of the Russian economy: innovative future. - Saint Petersburg. – 2007. – P. 83-84.
8. Lobanov O. S., Ryabtsev I. V. Strategic management and its support by means of Carewise using the example of BSC // In the collection: Modernization of the Russian economy and society in the context of national, state and global changes. - Saint Petersburg. – 2008. – P. 92-97.
9. International convergence of capital measurement and capital standards: Refined framework approaches, 2004. – access mode: http://www.cbr.ru/today/ms/bn/basel.pdf.
10. Melnikova E. F., Lobanov O. S., Basha N. V. Prioritization of projects in an engineering company as a tool for making operational management decisions // International Research Journal = Research Journal of International Studies. – 2014. – No. 8-1 (27). – pp. 65-66.
11. Minakov V.F., Lobanov O.S., Artemyev A.V. Clusters of consumers of telecommunication services // International Scientific Research Journal = Research Journal of International Studies. – 2014. – No. 6-1 (25). – P. 60-61.
12. Minakov V.F., Lobanov O.S., Ostroumov A.A. Deployment of cloud infrastructure in the regional information space // Scientific review. – 2014. – No. 11-1. – pp. 103-106.
13. Sazykin B.V. Operational risk management in a commercial bank. – M.: Vershina, 2008. – P. 272.
14. Socio-economic transformation of the economic system of Russia. Collective monograph. St. Petersburg, 1997.
15. Shchugoreva V. A. Criteria and the need to implement an automated operational risk management system in a Russian bank. Examples of solutions // International Research Journal = Research Journal of International Studies. – 2015. – No. 3-3 (34). -WITH. 94-96.
16. Shchugoreva V. A., Basha N. V., Minakov V. F. Conceptual model of the influence of risk culture on the efficiency of bank business management // Economics and management of management systems. – 2016. – T. 19. – No. 1.3. – pp. 352-358.

Structure of an analytical report on risk management

A typical analytical report on risk management on a project consists of three parts.

The first part describes the project itself, including its code, project manager, risk manager, project team, and project sponsor. The following describes the original and actual scope of the project, and also indicates deviations from the scope and their reasons. Then, at the discretion of the report writer, a description of the opportunities that emerged is provided, indicating which of them were used on the project and which were missed.

In the second part, it is necessary to provide extended answers to the following questions:

• What went right and what went wrong?
• What mistakes were made?
• What could have been done better?
• What could have been done differently?
• What “surprises” were not foreseen?
• Did you have to spend the reserve to correct errors?
• Did you have to retreat to reserve positions?
• What lessons can be learned for the future?

The third part consists of reports from individuals who managed specific risks. These reports must indicate whether the risk occurred, and if so, for what reason. It should also indicate how the risk indicators that were monitored changed during the work on the project, and, if the indicators began to approach the risk zone, what prevention methods were used.

Risk management effectiveness criteria

The following table presents the criteria for the success of the risk management process on a project:

25. ISO 10006:2003. Quality management systems. Guidelines for project quality management.

This International Standard is not in itself management according to UP. It provides guidelines by quality UP processes.

The standard provides basic principles and practices that affect the quality of project development and implementation. It groups project processes into two categories: PM processes and processes associated with the project product.

The standard is applicable to projects of varying degrees of complexity, small or large, short or long term, carried out in a variety of environmental conditions, regardless of the type of product or process.

The standard separates the concepts of management processes and project implementation phases. A project can be divided into various interdependent processes and phases as a means of planning and monitoring the implementation of objectives and assessing associated risks.

Phases divide the project life cycle into manageable stages, such as concept and design documentation development, implementation, and commissioning.

In total, the standard identifies 11 process groups:

strategic (determining the direction of the project);

related to resources and personnel;

relating to relationships;

concerning the scope of application;

relating to time;

cost related;

related to the transfer of information;

relating to risks;

related to procurement.

Eight principles of quality management:

1) customer orientation;

2) leadership of the manager;

3) employee involvement;

4) process approach;

5) systematic approach to management;

6) continuous improvement;

7) decision-making based on facts;

8) mutually beneficial relationships with suppliers.

26. PMI. A Guide to the Project Management Body of Knowledge (PMBOK Guide). A Guide to the Project Management Body of Knowledge.

RMBOK Guide is an American national CP standard and is widely used throughout the world. The standard is based on a process model for describing PM activities.

The main goals of developing the Guidelines are the unification of the terminological space and the use of this document as a basic reference guide for certification of project management professionals (RMR).

The Guide defines:

UP structure (part 1). This part contains basic information about the UP, defines basic terms and a general overview of the chapters of the Guide. Particular attention is paid to concepts of the project life cycle, organizational structures and project environments;

The PM standard (Part 2) includes a description of five groups of management processes: 1) initiation, 2) planning, 3) organization of execution, 4) control and 5) completion. Within these process groups, 44 basic management processes and the relationships between them are described;

PM Knowledge Areas (Part 3) consists of nine knowledge areas: management of 1) integration, 2) content, 3) deadlines, 4) cost, 5) quality, 6) human resources, 7) communications, 8) risks, 9) project supplies. This part provides a detailed description for each of the 44 management processes, including a general description of the process, input and output information, and a listing of recommended methods and tools.

IN RMBOK Guide includes a description of the management processes listed below:

· Project integration management;

· Project scope management;

· Project time management;

· Project cost management;

· Project risk management;

· Quality control;

· Human Resource Management;

· Project communications management;

· Project delivery management.

One of the directions of development of the standard RMBOK was its adaptation to industry specifics. Extensions to the standard have now been released for government and construction projects.

27. Projects in Controlled Environments (PRINCE2).

The standard governing the management of individual projects was developed by the Government Department of Commerce in the UK - PRINCE2 . This standard also regulates management processes and control parameters at the level of an individual project. The standard clearly defines the connection between management processes and the requirements for the structure and characteristics of the product created within the project.

The standard is widely used in the public and private sectors in the UK and is increasingly being adopted internationally.

A relatively new area of ​​standardization is the management processes of such objects as program And briefcase projects.

For almost ten years, standards issued in the UK by the Government Department of Commerce have been used in government programs and to certify program managers.

28. Project portfolio management standard. Project Management Institute, USA.

The main goals of developing the standard are to formulate the conceptual space of project portfolio management, define standard processes and their results without reference to industry-specific business characteristics, as well as describe the key roles of portfolio management, areas of responsibility and authority. Great importance is attached to the organization's strategy and the ability to track the achievement of goals through the processes of integrated management of project portfolios, programs and individual projects. The relationship with functional areas of management is revealed: finance, marketing, corporate communications, personnel management.

Portfolio management processes are represented by two groups:

process group portfolio formation;

process group monitoring and control.

29. International requirements for the competence of project managers. IPMA Competence Baseline.

Basic standard developed IPMA, - ICB (IPMA Competence Baseline, version 3 released in 2006). This standard defines the qualification requirements for specialists in the field of PM and is the basis for international certification. In accordance with rules and requirements IPMA In Russia, national requirements for the competence of a project manager and a certification program for project management specialists have been developed. Specialists who have passed certification under this system receive international certificates that are recognized throughout the world.

International requirements for the competence of project managers, as well as the Russian national standard based on them, issued by the Russian association UP SOVNET, define the requirements for the knowledge and qualifications of specialists, as well as for the process of their certification at four levels of qualification in the field of project management:

1) project management specialist;

2) project manager;

3) leading project manager;

4) program director.

International requirements for the competence of PM specialists (ICB) contain three groups of interrelated knowledge elements, including:

1) 20 technical elements of knowledge related to the content of project management;

2) 15 behavioral knowledge elements related to interpersonal relationships between individuals and groups participating in projects, programs and portfolios;

3) 11 contextual knowledge elements related to the issue of interaction between the project team in the context of the project and the organizations that initiated and participated in the project.

30. Standard for project and program management in a P2M organization.

P2M is one of the most authoritative modern standards in the field of project and program management, recommended by experts as international. Its provisions guide the management practices of many national and international corporations.

The original idea of ​​the P2M standard concept is to present projects and programs as fundamental elements of the strategic management of an organization.

The standard includes both sections detailing the general concepts and terminology of project and program management, as well as eleven main segments (areas) of management.

The section on program management provides definitions and a system of relationships between basic concepts. Program management processes involve managing the integration of projects within a program to optimize them. Basic program management apparatus consists of:

From the methodology of managing individual projects;

Integral management (integration of projects and programs with each other and with the environment);

Segment management;

General methodology for program management (development of a mission, definition of value, formation of a team of implementers, participants and stakeholders of the program, development of a system of indicators to track the progress of the program, creation of its architecture and platform).

UP by segment includes the following management areas:

Strategic;

Finance;

Systems;

Organizational structure;

Achieving goals and indicators;

Resources;

Risks;

Information technology;

Relationships between project participants;

Communications;

Project management for improvement.

31. Organizational maturity model in the field of project management ORM3.

At the end of 2003 PMI released an organizational project management maturity model ORM3, which was initially positioned as the international standard in this field.

A-priory PMI, organizational PM is the systematic management of projects, programs and project portfolios aimed at achieving the strategic goals of the company. This is the use of knowledge, skills, tools and techniques in the organization’s project activities to achieve strategic goals through the implementation of projects.

The concept of “organizational management maturity” describes the organization's ability to select and manage projects in such a way as to most effectively support the achievement of the company's strategic goals.

Main purpose ORM3:

Provide a standard for corporate PM that defines the main elements of the corporate PM system at all levels - from strategy and project portfolio to individual projects;

Serve as a tool that allows any organization to determine its own maturity in PM, as well as to develop the direction and specific steps for the development of the corporate PM system.

Standard ORMZ consists of a body of knowledge (in the usual book format), as well as a database and tools in electronic form.

The instrumental component of the standard consists of three interrelated elements:

1) knowledge presents a database of best practices in PM (about 600 practices related to different management objects: project portfolio, program and project, and to different degrees of process description maturity);

2) grade- a tool that helps users, by answering a questionnaire (more than 150 questions), independently assess the current maturity of PM in the organization, determine the main areas of competencies and existing practices;

3) if an organization decides to develop PM practices and move to new, higher levels of PM maturity, then the element improvement, which helps companies choose a strategy and determine the sequence of development of the management system.

32. Certification according to the standards of the International Project Management Association.

International certification of PM specialists - process of determining compliance:

Professional knowledge, experience and skills of the candidate - the established requirements for a PM specialist;

The candidate's activities - the project manager's code of ethics.

Certificate is a confirmation of the experience and professionalism of a specialist in the field of PM by an independent, authoritative body.

Certification system IPMA based on international requirements for the competence of project management specialists (IBC). The certification system is designed to determine the compliance of candidates' professional knowledge, experience and skills with the established requirements for specialists in the field of PM. Certificate program IPMA includes four levels, each of which has its own compliance requirements. Based on the results of certification, a specialist may be assigned, depending on the level of certification, one of the following titles:

1) project director able to manage a portfolio of projects or a program, not just a single project, using appropriate methodology and tools;

2) senior project manager able to manage a complex project and coordinate several subprojects within it;

3) project manager Able to manage a project of limited complexity. This indicates that in addition to his ability to apply knowledge in PM, he also demonstrated an appropriate level of experience;

4) assistant project manager is able to apply knowledge in the field of PM and can be involved in the project as one of the members of the management team, but his general knowledge is insufficient to perform more complex tasks.

Certification is carried out by authorized certification bodies in IPMA member countries. Certification can be carried out both on the basis of the ICB and on the basis of national requirements for the competence of specialists, developed in accordance with the requirements of IPMA. IPMA maintains a common register of certified professionals and ensures that certificates issued in one country are valid in any other country.

33. Certification according to the standards of the American Project Management Institute (PMI).

Certification system PMI based on standard RMBOK. Certification levels:

Professional Project Manager (RMR);

Certified PM Specialist (CAPM).

Professional Project Manager Certification RMR requires theoretical knowledge in the field of PM and confirmation of practical experience in applying this theoretical knowledge. Have a higher education with at least a bachelor's degree and at least 4,500 hours of work in the field of PM in five groups of processes. The candidate must also have at least 35 hours of training in PM. The candidate may list any training in this field regardless of date. In addition, the candidate must sign and abide by the Project Manager's Code of Professional Ethics.

The final stage of obtaining status RMR is to pass an exam-test, 200 questions that need to be answered in 4 astronomical hours. To pass successfully, approximately 2/3 must be correct.

SARM. This certificate is intended for specialists who have knowledge in the field of PM, but do not yet have sufficient practical experience. SARM is a PM practitioner who has demonstrated basic knowledge as well as the ability to apply PM tools and techniques. As a member of the project team, the certified professional typically seeks guidance, mentoring, and approval from more experienced PM practitioners.

To get a degree SARM, The candidate must meet the education and experience requirements of PMI and demonstrate a high level of understanding and knowledge of PM as demonstrated by the Certified PM Specialist examination. The exam is similar in form to the degree exam. RMR, but consists of 150 questions and lasts three hours. And also have a higher education with at least a bachelor’s degree and at least 1,500 hours of work in the field of PM in five groups of processes. The candidate must also have at least 23 hours of training in PM.

Send your good work in the knowledge base is simple. Use the form below

Students, graduate students, young scientists who use the knowledge base in their studies and work will be very grateful to you.

Posted on http://www.allbest.ru/

Introduction

1 Theoretical foundations of risk assessment in the financial and economic activities of an enterprise

2 Analysis of the risk management system at Shell LLC

2.2 Features of risks at Shell LLC

2.3 Risk management at Shell LLC

3 Improving the efficiency of risk management at Shell LLC

3.1 Effectiveness of Shell LLC risk management

3.2 Control of individual risks in the activities of Shell LLC

4 Conclusion and conclusions

List of sources used

Applications

Introduction

There is risk in any financial activity. Researchers are unanimous on this. But until recently, in the financial activities of the country, risk as an economic category was not given due attention. This is apparently explained by the fact that for a long time this category was not considered as an object of theoretical research, but was related to practice. In recent decades, the situation has begun to change: this subject has become the object of close attention, and with the beginning of economic reforms, the object of our researchers. Nevertheless, the definition of risk, its place in financial activity, sources of risk in business, and methods of risk management are interpreted ambiguously by various authors.

Typically, risk is associated only with unfavorable economic consequences of business, leading to losses of resources and profits. And in this sense, eliminating risk is useful and necessary. By studying the sources and factors of risk, you can prevent it, that is, leave the risk zone. But this approach is only for businessmen engaged in routine business.

In fact, the entrepreneur takes risks, usually regardless of possible losses, because of the existence of a powerful incentive, such as increased profits, a kind of specific entrepreneurial approach.

Complete elimination of risk is not the main objective of enterprise risk management, since the costs required for this make it impossible to achieve an acceptable level of profitability of its financial and economic activities. The importance of risk assessment and risk management in business activities is increasing from year to year. Forms and methods of risk management are being improved.

Globalization of markets, clearly expressed global trends in the consolidation of enterprises through mergers and acquisitions, the creation of giant multinational holdings and conglomerates, the integration of Russia into the global economic space and increased competition in all segments of the world market require increased attention from Russian enterprises both to the efficiency of current activities and to improve the quality of market development forecasts, on the basis of which the enterprise development strategy is built. The risk management system is a key link in ensuring the quality of strategic planning of an enterprise and, as a result, ensuring its competitiveness in the market.

In the economic activities of an enterprise, there is always a danger of losses arising from the specifics of certain business operations. The possibility of such losses constitutes a risk. Financial risks are associated with the likelihood of any losses or not receiving something.

Business participants' awareness of their vulnerability to risk led to the development of risk management strategies, which led to stunning growth in those market segments that offered risk protection. All this determines the relevance of the chosen topic.

Risk management is of great importance. The work examines the types of risks, with their characteristics, provides a classification of risk factors, and considers the stages

The purpose of this work is to study the theoretical foundations of risk assessment, analyze risks in the activities of an enterprise and develop measures to reduce them.

Achieving the goal of the work identifies a number of the following tasks:

Study the essence and role of risks in the activities of the enterprise;

Investigate the issue of assessing the risks of an enterprise’s activities at the stage of making a management decision;

Consider the types of risks of the enterprise;

Give a general description of the enterprise;

Conduct an enterprise risk analysis;

Suggest methods for improving risk management systems at the enterprise.

The object of the study is Shell LLC

The subject of the study is the situations, conditions, factors causing the occurrence of risks in the enterprise.

The theoretical and methodological basis of the study was the scientific works of domestic and foreign authors devoted to the problems of risks in the enterprise and their strategic management.

Methods of system, statistical and logical analysis were used as research tools in the work.

The work consists of an introduction, three chapters, a conclusion, a list of references and applications.

1 Theoretical foundations of risk management

1.1 The essence and role of risks in the activities of an enterprise

risk management control

The concepts of “risk” and “uncertainty” have a very long, long history. However, this problem began to be studied seriously only in the 19th and 20th centuries, although even before that many works appeared that examined various aspects of risk. Long ago, with the development of world trade, merchants began to insure their possible losses. In addition to financial forms of risk management, they have long used risk diversification.

The mathematical direction of research was developed by Abraham Moivre, who published several editions of the book “Theories of Chance” (1733). They were introduced to the concept of dispersion. The results of this work have found wide practical application. It has become realistic to determine the probability of a parameter falling within a given tolerance range. An effective solution to this problem was proposed in the works of Thomas Bayes. As a result, it became possible to calculate probability values ​​based on empirical data.

The names of Knight, as well as Mill and Senior, are associated with the emergence of the classical theory of entrepreneurial risks. These authors identified two components in the income structure: interest as a share of invested capital and risk payment. In their opinion, risk is the expectation of loss.

J.M. moved much further along the path of distinguishing between risk and uncertainty. Keynes, who outlined his views in A Treatise on Money (1930) and in the fundamental General Theory of Employment, Interest and Money (1937). In the General Theory he distinguishes two types of proposals for the future:

long- and short-term, considers issues of liquidity of financial instruments and offers recommendations on this matter, highlights reserving as a way to combat risk. He is the first to present a classification of business risks. Keynes justifies that the cost of a product must include costs associated with depreciation, including accelerated depreciation, variations in market conditions, accidents and catastrophes. Even the term “risk costs” is proposed, which is necessary for an entrepreneur to compensate for the deviation of actual revenue from expected revenue.

Keynes identified three types of risks in the economic sphere:

Business risk or borrower risk - this refers to the risk of not receiving an acceptable cash flow;

The lender's risk of not repaying the loan, which Keynes divides into two options: deliberate bankruptcy (excessive trust) and accidental bankruptcy (insufficient collateral);

Inflation risk. At the same time, Keynes concludes that money is always less reliable than real property. The main conclusion from his works was the need to strengthen the role of the state in the economy as a risk damper.

Nobel laureates Milton Friedman and James Buchanan argued that, on the contrary, the risks in the area of ​​resource distribution for the state are an order of magnitude higher than for markets. In his work “If Money Could Talk,” Friedman made an attempt to get closer to a mathematical description of risks and to present a mathematical model of economic phenomena.

Later, serious progress in understanding risk and uncertainty was achieved in the theory of strategic games. Game theory introduced a fundamentally new aspect to the understanding of uncertainty, proving that the source of uncertainty is also the intention of others. John von Neumann (1903-1957) outlined his theory of strategic games in 1926.

Later, together with Oskar Morgenstern, he published the work “Game Theory and Economic Behavior” (1944).

In 1952, Harry Markowitz published the work “Portfolio Construction,” which subsequently had a very powerful impact on the theory and practice of financial activity and in 1990 brought the author the Nobel Prize in Economics. The task was set to use the concept of risk when constructing portfolios for investors who consider the planned profit desirable and its fluctuations undesirable. Risk and volatility become synonymous. Return dispersion is a statistic that measures how much a security's returns fluctuate around an average. By replacing rough, intuitive estimates of uncertainty with statistical calculation, the author presented a meaningful procedure for constructing a so-called efficient portfolio.

The main area of ​​business risks is financial market instruments. The most complex and risky of these are derivatives.

Work on an in-depth study of the risk continues. Currently, the International Institute for Risk Research operates in Toronto, where the latter is studied in relation to managerial and commercial areas of activity, stock exchange and foreign exchange transactions. One of the world's richest people, Warren Buffett, announced a project to create a company that will provide new types of services for assessing, managing and insuring risks in the financial industry.

Economists have now distinguished between risk (that which can be quantified with some degree of certainty) and uncertainty (the inability to know for sure what will happen in the future). Uncertainty is a condition in which it is impossible to conduct any research in order to obtain any quantitative or qualitative characteristics and/or specific results.

Uncertainties are classified differently in the work of J. von Neumann and O. Morgenstein “Game Theory and Economic Behavior” (1994): a combinatorial number of options that is impossible to view in the allotted time even with high-speed computers (a complete search of options is impossible; an example of a large number of strategy options can be chess). Random factors of occurring events as a result of the action of random forces: scattering of hits on a target during shooting, random flows of demands into the service system, random flows of funds into the banking system or enterprise, etc.; strategic uncertainty (game uncertainty essentially) due to the unknown behavior of the enemy (partner - another participant in the game, including a game with nature); In their pure form, such uncertainties are a very rare phenomenon. It is usually more realistic to find mixed versions of them; for example, most games can be considered according to the type of uncertainty.

The concept of risk is used in a number of sciences. Research on risk analysis can be found in the literature on technical sciences, legal issues, psychology, medicine, and philosophy. In each case, risk research is based on the subject of study of this science and, naturally, relies on its own approaches and methods. Such a variety of areas of risk research is explained by the multifaceted nature of this phenomenon.

Of particular interest is a comparison of the classical and neoclassical theories of entrepreneurial risk and their economic applications.

In the classical theory of entrepreneurial risk (J. Mill, N.U. Senior), the latter is identified with the mathematical expectation of losses that may occur as a result of the chosen decision. The risk here is nothing more than the damage that is caused by the implementation of this decision.

This interpretation of the essence of risk caused objections among some economists, which led to the development of a different understanding of the content of risk.

In the 30s our century, economists A. Marshall and A. Pigou developed the foundations of the neoclassical theory of entrepreneurial risk. The basics of this theory are as follows:

An entrepreneur works in conditions of uncertainty;

Entrepreneurial profit is a random variable.

Entrepreneurs in their activities are guided by the following criteria:

The size of the expected profit;

The magnitude of its possible fluctuations.

According to neoclassical theory, given the same amount of potential profit, the entrepreneur chooses the option associated with a lower level of risk. Although the consequences of risk are usually perceived as financial losses or less profit, under favorable conditions it is possible to achieve a higher level of profitability than was calculated in the planning process.

Analysis of numerous attempts to classify financial and investment risks carried out in our country in recent years, as well as the study of foreign experience in determining investment risks, allows us to identify common characteristic approaches to the study of the nature of risk, its sources and manifestations.

D. Fisher shares systematic, i.e. constantly present and uncontrollable, risk and unsystematic, which is controllable and manageable. Since there are different definitions of the concept “risk”, in the most general form, risk is understood as the probability of losses or loss of income compared to the predicted option.

In recent years, both in Russia and abroad, the process of assessing and then managing the risk of an enterprise, as a rule, has been an integral part of the asset-liability management (ALM) system of the enterprise. Risk assessment in such systems was reduced to assessing interest rate risk, market risk and analyzing the profitability of operations. At the same time, the weaknesses of the system were the following factors:

A limited number of standard contracts have been introduced into the business practice of enterprises, which do not always fully meet the changing requirements of the business environment for a given enterprise;

A limited number of methods were used for analytical studies;

A limited number of options for assessing the value of enterprise property were used;

A limited number of intervals and the size of the time intervals were used to perform analytical studies.

Thus, the practice that has developed in Russia in recent years of introducing individual elements of risk management at enterprises comes down mainly to managing credit and market risks. As a result, many enterprises that did not adequately take into account in their activities the influence of other, very significant risk factors, such as macropolitical, regional, industry, etc., suffered significant financial losses due to the impossibility of qualitatively predicting the upcoming crisis and the next one. due to a fall in effective demand and product sales volumes.

The risk map serves as the basis for further formalization of information about risks and for the development of measures to manage and assess the risk of the enterprise. In the process of formalizing risk factors in numerical form, each unique factor or group of factors is assigned weighting coefficients corresponding to the degree of influence of each risk factor on the efficiency of the business process of the enterprise in which the specified risk factor is present. The result of this kind of operation is a numerical integrated risk map of the enterprise, in which risk factors are ranked according to the degree of significance of their influence, both on individual business processes and on the efficiency of the enterprise as a whole. Such a map is the basis for carrying out work related to the development of measures to manage the overall risk of the enterprise.

1.2 Risk assessment of financial and economic activities of enterprises at the stage of making management decisions

In the conditions of market relations, the problem of assessing the risks of the financial and economic activities of enterprises acquires independent theoretical and applied significance as an important component of the theory and practice of management.

Businesses should not avoid risk, but be able to manage it. One of the main rules of financial and economic activity says: “do not avoid risk, but anticipate it, trying to reduce it to the lowest possible level.”

Risk should be understood as a consequence of an action or inaction, as a result of which there is a real possibility of obtaining uncertain results of a different nature, both positively and negatively affecting the financial and economic activities of the enterprise.

When analyzing a company's activities, risk classification is important. Requirements for risk classification can be summarized as follows:

This classification should not contain types and subtypes of risk, that is, risks cannot be grouped into certain groups. This can only be a “virtual” association. Otherwise, risk “erosion” may occur, that is, its significance may decrease, and, as a result, incorrect research and assessment;

Each risk must be identified and assessed separately, and the more precisely the risk is defined, the easier it is to assess;

The proposed classification is not rigid. Each manager, when carrying out financial and economic activities, can independently supplement the given list of risks.

The main objective of the proposed risk assessment methodology is to systematize them and develop an integrated approach to determining the degree of risk affecting the financial and economic activities of the enterprise. The following risk assessment algorithm is proposed for use at Shell LLC, which is shown in Figure 1.

Receiving and processing information

Information is a collection of new information about the world around us. All risk researchers do not pay sufficient attention to assessing the quality of the information with which they assess risk.

The requirements for the quality of information should be as follows:

reliability (correctness) of information - a measure of the proximity of information to the original source or accuracy of information transmission;

objectivity of information - a measure of how information reflects reality; unambiguity;

order of information - the number of transmission links between the primary source and the end user;

completeness of information - a reflection of the exhaustive nature of the compliance of the information received with the purposes of collection;

relevance - the degree of approximation of information to the essence of the issue or the degree of correspondence of information to the task;

relevance of information (significance) -- importance of information for risk assessment; cost of information.

Picture 1- Flowchart of a comprehensive risk assessment at Shell LLC

It is proposed to establish a relationship between risk and the quality of information used to assess it. It is suggested that the likelihood of the risk of making a poor-quality (unprofitable) decision depends on the quality and volume of information used. This assumption is taken from neoclassical risk theory. According to this theory, if there are several options for making a decision (with equal profitability), the decision with the lowest probability of risk (fluctuation) is chosen. It can be assumed that even if there are several options with the same profit, a decision is chosen that is based on better information, that is, there is a connection between risk and information.

Figure 2 shows the expected relationship between the probability of risk of making a poor-quality (unprofitable) decision and the volume/quality of information at Shell LLC.

Figure 2 - Relationship between risk and information at Shell LLC

A high probability of risk occurrence corresponds to a minimum of quality information.

Table 1 below allows you to analyze any information and clearly verify its quality.

Table 1 - Assessment of information used at Shell LLC

This table allows you to analyze any information and clearly verify its quality. Numbers 1--10 at the top of the table indicate the quality of information: the better the information, the higher the number it is assigned. The result of the analysis can be the final value of information quality, which is found as an arithmetic mean.
The sources and methods of obtaining information are the following:

Documented information is the most valuable type of information;

The press and printed publications are traditionally the most capacious and widely used method of obtaining information; partner operator data; use of indirect signs (co-process method). Not a single process occurs in a vacuum, in isolation from the environment. This leads to the fact that it will always be accompanied by some independent processes, the manifestations of which can be detected;

agent methods - paid systematic execution of tasks by a person in your interests.

Fixing risks

When assessing financial and economic activities, it is proposed to record risks, that is, limit the number of existing risks using the principle of “reasonable sufficiency”. This principle is based on taking into account the most significant and common risks for assessing the financial and economic activities of an enterprise. It is recommended to use the following types of risks: regional, natural, political, legislative, transport, property, organizational, personal, marketing, production, settlement, investment, currency, credit, financial.

Drawing up an algorithm for the decision to be made

This stage in assessing the risks of financial and economic activity is intended for the gradual division of the planned solution into a certain number of smaller and simpler solutions. This action is called drawing up a solution algorithm.

Qualitative risk assessment

Qualitative risk assessment implies: identifying the risks inherent in the implementation of the proposed solution; determination of the quantitative structure of risks; identification of the most risky areas in the developed decision algorithm.

To carry out this procedure, it is proposed to use a qualitative analysis table. This table shows the algorithm of actions when making a decision in rows, and previously fixed risks in columns. So, when deciding to place new base stations at one of the communications enterprises, the risk assessment may look like this, see Table 2

After compiling this table, a qualitative analysis of the risks inherent in the implementation of this solution is carried out.

The main goal of this assessment stage is to identify the main types of risks affecting financial and economic activities. The advantage of this approach is that already at the initial stage of analysis, the head of the enterprise can clearly assess the degree of riskiness based on the quantitative composition of the risks and already at this stage refuse to implement a certain decision.

Table 2 - Qualitative risk assessment using the example of Shell LLC

Quantitative risk assessment

It is proposed to base the quantitative risk assessment on the methodology used when conducting audits, namely: risk assessment based on control points of financial and economic activities. The use of this method, as well as the results of qualitative analysis, make it possible to conduct a comprehensive assessment of the risks of the financial and economic activities of enterprises.

Quantitative risk assessment is carried out on the basis of data obtained during their qualitative assessment, that is, only those risks that are present during the implementation of a specific operation of the decision-making algorithm will be assessed.

For each recorded risk, a risk assessment table is compiled based on data obtained from statistical, scientific, periodic sources, as well as on the personal experience of managers. These risk assessment tables are compiled in such a way as to most fully identify the constituent risk factors. Using this approach, high efficiency of qualitative assessment of the financial and economic activities of an enterprise is achieved. The problem of subjectivity in assessment can be eliminated by using the Delphi method.

In the tables compiled, the values ​​that most closely correspond to the questions posed are selected. In some cases, it is proposed to independently determine the risk value on a ten-point scale. After selecting the risk value, if its level exceeds 0.8, an arbitrary mark (+) is made in the corresponding column. The final stage of filling out the columns of the table is to indicate the value of the quality of the information on the basis of which the decision was made. At the end of the table, the final quantitative assessment is summed up as the arithmetic mean of all indicators of risk components. As an illustration, we offer a part of the organizational risk assessment table, filled out in a real situation in Table 3

Decision-making

Decision making is the final and most critical procedure in risk assessment.

When developing a strategy of behavior and in “the process of making a specific decision, it is advisable to distinguish and highlight certain areas (risk zones) depending on the level of possible (expected) losses in financial and economic activities.”

Thus, based on a generalization of the research results of many authors on the problem of quantitative assessment of risks in the financial and economic activities of enterprises, an empirical risk scale has been developed and proposed, which can be used in its quantitative assessment in the table

Table 3 - Summary table of organizational risk assessment (fragment) using the example of Shell LLC

Decision making consists of three stages:

Stage 1 - preliminary decision making

A preliminary decision is made on the basis of the arithmetic mean value of a particular type of risk and the quality of information separately for each operation of the decision-making algorithm

Stage 2 - analysis of critical values

At this stage of the assessment, an analysis is carried out of those risk components whose values ​​exceed a critical value (in our case, this value is 0.8). The need for this action is to identify and highlight those components for which the probability of risk is very high, which can lead to the loss of all invested funds and bankruptcy of the enterprise.

Table 4 - Empirical risk scale using the example of Shell LLC

Stage 3 - making a final decision

The final decision is made based on the results of the preliminary decision and analysis of critical values. As mentioned earlier, when making decisions under conditions of uncertainty, special attention should be paid to the quality of information. In this regard, it is proposed to use risk information table 5 for decision making.

Table 5 - Risk-information table for decision making at Shell LLC

This table is compiled based on the final results obtained during testing of the proposed method at Shell LLC.

1.3 Classification and types of risks of oil and gas enterprises

Risks are divided into:

Economic;

Socio-political;

Fiscal and monetary.

Insurance risk combines those mentioned above - this is the risk of changes in current and future system conditions.

E.S. Ozerov offers a general classification of risks in the following interpretation: Table 6

Table 6 - General classification of risks

Types of risks		Domestic
1.Physical	Environmental pollution	Hidden defects
	Technical disasters	Fires and accidents at facilities
	Natural disasters	Flaws in equipment and technology
2. Legal	Policy instability	Document errors
	Imperfection of laws	Non-fulfillment of contracts
	Flaws of government regulation	Legal costs
	Conflicts with countries	Prohibitions on diversification
3.Economic	Market saturation	Marketing miscalculations
	Lack of resources	Operating losses
	Unaccounted inflation	Low liquidity
	Economic downturn	Losses due to personnel
4. Financial	Unavailability of loans	Financing failures
	Currency instability	Currency losses
	State debt	Loss of creditworthiness
5. Social	Attitude towards investors	Problems with neighbors
	Social conflicts	Labor conflicts
	Crime in the region	Crimes on site

The proposed classification takes into account both external and internal risks. Disclosure of these risks will make it possible to take into account their impact when managing oil enterprises and solve economic problems with minimal losses.

For oil and gas market entities, the sources and consequences of risks are varied. External risks are caused by the manifestation of external factors (environment, interstate relations, financial risks, etc.). Internal factors are risks that arise during the creation of an object at the micro level.

Let's consider the types of risks that oil and gas enterprises bear.

During the development of a methodology for identifying (assessing) risks in the oil and gas industry, experts identified the following types of risks:

Industry risks (risks associated with possible changes in prices for oil and petroleum products, industry competition, and geological exploration activities);

Country and regional risks (political risks, risks associated with foreign assets);

Financial risks (credit risk, currency risk, interest rate risk, inflation risk);

Legal risks (risks associated with changes in currency regulation, changes in tax legislation);

Environmental risks (environmental pollution);

Risk of shortage of highly qualified human resources;

Industry risks

In the process of carrying out economic activities, they use the infrastructure of monopoly service providers for the transportation of gas, oil and petroleum products. Companies have no control over the infrastructure of these monopoly suppliers and the level of tariffs charged. It should be noted that the tariffs are regulated by the regulatory authorities of the Russian Federation, however, despite this, tariffs are increased annually, which leads to increased costs for the Companies. In addition, lack of control over the infrastructure of service providers can lead to failures in the enterprise’s logistics system.

To reduce the impact of these risks, the enterprise:

Carries out long-term planning of commodity flows, timely reservation of volumes of pumping oil and petroleum products and the necessary rolling stock;

Conducts optimal redistribution of commodity flows by mode of transport;

Takes measures to use alternative and own sources of electricity generation.

These measures make it possible to reduce the risks associated with the use of services and the purchase of goods from monopoly suppliers to an acceptable level and ensure the uninterrupted operation of the enterprise.

Risks associated with possible changes in prices for oil and petroleum products

The financial performance of the enterprise is directly related to the level of prices for crude oil and petroleum products. The company does not have the ability to control prices for its products, which depend on fluctuations in the balance of supply and demand in the global and domestic markets, the volume of consumption in these markets, as well as the actions of regulatory authorities. The main consequence of lower prices for oil and petroleum products is the deterioration of the financial performance of the enterprise. In order to reduce the negative impact of the above risks in the enterprise:

Comprehensive measures have been developed to reduce the cost of mining;

A flexible system for the distribution of commodity flows has been introduced, allowing for the prompt and timely redistribution of commodity flows in the event of a significant price difference for oil and petroleum products between the external and domestic markets;

There is a business planning system in place, which is based on a scenario approach to determining key performance indicators of an enterprise depending on the level of oil prices on the world market. This approach makes it possible to reduce costs, including by reducing or deferring investment programs to future periods. These measures make it possible to reduce risks to an acceptable level and ensure that the enterprise fulfills its obligations. It should be noted that, in accordance with the analytical reports of the Ministry of Economic Development based on the results of 2009, since April 2009 there has been a tendency towards an increase in the value of exports, which is due to the recovery in oil prices (from 43.5 dollars per barrel in the first quarter to 74. 1 dollar per barrel - in the fourth quarter).

Risks associated with industry competition

In the Russian oil and gas industry, there is intense competition between leading Russian oil and gas companies in the main areas of production and economic activity, including:

Acquisition of licenses for the right to use subsoil for the purpose of hydrocarbon production at auctions organized by Russian government bodies;

Acquisition of other companies that own licenses for the right to use subsoil for the purpose of hydrocarbon production or existing assets associated with the production of hydrocarbons;

Implementation of foreign projects;

Attracting leading independent service companies;

Purchase of high-tech equipment;

Acquisition of existing retail distribution network enterprises; and land plots for new construction;

Expansion of sales markets and sales volumes.

The management's implementation of a portfolio of strategic projects aimed at development in key areas of activity ensures the gradual strengthening of the Company's position in the competitive environment of the oil and gas industry, ensuring a reduction in risks associated with industry competition.

Risks associated with geological exploration activities

The Company’s key strategic objective is to increase the hydrocarbon resource base in quantitative and qualitative terms to ensure the required level of production, which, in turn, largely depends on the successful implementation of geological exploration activities. The main risk associated with geological exploration activities is the failure to confirm planned levels of hydrocarbon reserves. An important factor is the conduct of geological exploration work in various geographical regions, including areas with unfavorable climatic conditions, which often leads to the risk of increased costs.

Country and regional risks

Political risk

Currently, the political situation in Russia is stable, which is characterized by the stability of the federal and regional branches of government. In general, the political situation in the country is assessed as stable and it is believed that at the moment there are no risks of negative changes.

Risks associated with foreign assets

Entering new regions is associated both with the possibility of obtaining additional benefits and with the risks of underestimating the economic and political situation in the countries in which the Company’s assets are located, which may subsequently lead to the loss of assets or failure to achieve planned performance indicators. At the moment, the level of risks associated with foreign assets is assessed as acceptable, but cannot guarantee the absence of negative changes, since the described risks are beyond the control of the Companies.

Financial risks

The Company's policy in the field of risk management is aimed at identifying and analyzing the risks faced by the Company, establishing appropriate limits and controls, monitoring risks and compliance with established limits. The risk management policy is regularly reviewed in order to correctly reflect current market conditions and the group's activities in these conditions. Financial risk management in the Company is carried out by the Company’s employees in accordance with the areas of their professional activities.

The Financial Risk Management Committee determines a unified approach to financial risk management in the Company. This approach is based on reducing the impact of risks and the likelihood of their occurrence by implementing appropriate measures and control procedures. The activities of the Company’s employees and the Financial Risk Management Committee help reduce potential financial damage to the Company and achieve its goals.

Credit risk

The Company's management pays increased attention to the credit risk management process. The Companies have implemented a number of measures that allow for both effective monitoring of risk status and risk management, including: assessing the creditworthiness of counterparties, setting individual limits depending on the financial condition of the counterparty, monitoring advance payments, measures for working with business receivables - directions, etc.

These actions allow the management of the Companies to be confident that at the moment there are no significant risks of loss exceeding the amount of accrued reserves. Companies place temporarily available funds on deposit in a number of Russian banks. The Companies have a policy in accordance with which the creditworthiness of banks in which deposits are placed is regularly assessed and banks are ranked by degree of reliability.

Currency risk

The bulk of gross revenue comes from export operations for the sale of gas, oil and petroleum products. Accordingly, fluctuations in exchange rates between currencies and the ruble have an impact on the results of the financial and economic activities of the Companies, which is a risk-forming factor. The Company's currency risk is significantly reduced due to the presence of costs that are denominated in foreign currency. A significant portion of the Company's loans is raised on the international credit market in US dollars. Current service obligations for these loans are also denominated in dollars. The currency structure of revenues and liabilities acts as a hedging mechanism, where multidirectional factors compensate each other. The balanced structure of claims and obligations in currency minimizes the impact of currency risk factors on the results of the financial and economic activities of the Companies. In terms of the unbalanced share of the Company's claims and obligations, hedging of these risks is applied, and in each specific situation it uses internal tools and reserves to effectively manage currency risk and guarantee the Company's fulfillment of its obligations.

Interest rate risk

As a large borrower, the Company is exposed to risks associated with changes in interest rates. The main source of borrowing is the international financial market. The majority of the debt portfolio consists of loans and borrowings denominated in US dollars. The interest rate for servicing a portion of existing loans (the share is not fixed and may change) is based on interbank lending rates (LIBOR). An increase in these interest rates may lead to an increase in the cost of servicing the Company's debt. An increase in the cost of loans for Companies may have a negative impact on solvency and liquidity indicators. However, at present, the LIBOR rate is at a relatively low historical level and has a medium-term tendency to stabilize, which, combined with the relatively small share of loans based on LIBOR, suggests a low level of influence of interest rate risk on the Company.

Inflation risk

Inflation risk is taken into account when drawing up the financial plans of the Companies. Existing and projected inflation levels are far from critical values ​​for the Companies and the industry as a whole; based on this, the impact of inflation factors on the financial stability of the Companies in the future does not seem significant.

Risk associated with changes in currency regulation

Companies are participants in foreign economic relations. Part of the assets and liabilities of the Companies is denominated in foreign currency, therefore, changes by the state in the mechanisms of currency regulation, in general, may affect the financial and economic activities of the Company. At the same time, at present, the currency legislation of the Russian Federation has been significantly liberalized. This is due to the general policy of the state aimed at ensuring the free convertibility of the ruble. The carried out liberalization of currency regulation reduces the risks of negative consequences for the Company’s activities associated with subsequent changes in currency legislation.

Risk associated with changes in tax legislation

Companies are one of the taxpayers whose activities are based on the principles of good faith and openness of information to the tax authorities. Companies bear the burden of paying value added tax, income tax, mineral extraction tax, property tax, and land tax. The results of the tax reform can be assessed positively: the taxation system is structured, the mechanisms and rules for collecting taxes are simplified, and tax rates are reduced. The practice of considering cases in the Constitutional Court of the Russian Federation shows that the provisions of the fundamental law affect the tax rights of business entities and protect taxpayers from unreasonable and sudden increase in the tax burden. Since the tax period for 2009, the cut-off price for the mineral extraction tax has been increased from 9 to 15 US dollars per barrel, the depreciation bonus for new fixed assets has been increased, and the period for writing off the cost of a license has been reduced to two years. Starting from the tax period for 2009, depreciation periods for certain types of equipment and structures in the oil and gas industry (including oil production wells) have been reduced; since 2010, depreciation periods for drilling equipment and some types of structures in the oil and gas industry have been reduced. The mentioned factors allow us to conclude that the tax system of the Russian Federation is becoming more stable, and the activities of business entities in the Russian Federation, from the point of view of tax consequences, are becoming more predictable. At the same time, we cannot exclude the possibility that the state will increase the tax burden of payers caused by changes in certain elements of taxation, the abolition of tax benefits, increased duties, etc.

Legal risks

Companies base their activities on strict compliance with civil, tax, customs and currency legislation. Companies cannot guarantee the absence of negative changes in Russian legislation in the long term, since most risk factors are beyond the control of the Companies. Reducing the negative impact of this category of risks is achieved through monitoring and timely response to changes made in various areas of legislation, as well as through active interaction with legislative and executive authorities, and public organizations in matters of interpretation and improvement of legislative norms.

Risks associated with changes in currency regulation

The establishment of restrictions by the state that reduce the possibility of converting ruble income into foreign currency and reverse conversion of rubles due to mandatory repatriation and conversion requirements may have an adverse effect on the results of operations of the Companies. Currently, the currency legislation of the Russian Federation has been significantly liberalized, which significantly reduces the risks of negative consequences for the activities of the Companies.

Risks associated with changes in tax legislation

All companies are taxpayers who pay federal, regional and local taxes, in particular mineral extraction tax, value added tax, corporate income tax, unified social tax, corporate property tax, and land tax. At present, the process of reforming Russian tax law can be considered completed. The legislative body has been codified. The general part of the Tax Code, in force since 1999, enshrines the basic principles of taxation and the introduction of new taxes; the operation of these principles and the focus on protecting the property interests of taxpayers are implemented in law enforcement practice. A special part of the Tax Code establishes taxes that form the tax burden of the issuer and defines the elements of taxation. Over the past 10 years, the value added tax rate has been reduced by 2%, the profit tax rate by 15%, a regressive scale of rates for the unified social tax has been established, sales tax and other mandatory payments have been abolished.

Environmental risks

The production activities of oil and gas companies involve a potential risk of environmental damage or pollution, which, as a consequence, may lead to civil liability and the need to carry out work to eliminate such damage.

The company is fully aware of its responsibility to society for creating safe working conditions and maintaining a favorable environment, constantly monitors its activities to ensure compliance with relevant environmental standards, and implements environmental protection programs.

The company's policy in the field of environmental protection is aimed at ensuring compliance with the requirements of current environmental legislation by investing significant funds in environmental protection measures, including the use of technologies that minimize the negative impact on the environment.

Risk of shortage of highly qualified human resources

The problem of the shortage of highly qualified personnel remains relevant regardless of the economic situation. As the economy recovers, the industry will increasingly need highly skilled professionals, a shortage of which could lead to project delays or cancellations, lower productivity levels and increased operating costs. In Russia, some of Russia's leading engineers, senior managers and other specialists are approaching retirement age. However, there is no absolute certainty that among the younger generation there will be a sufficient number of specialists capable of taking their places. At the same time, educational institutions are producing a record number of such specialists. However, it must be taken into account that they will require many years of practical training during their professional careers to ensure that their level of training meets the needs of the industry.

Possible measures to manage this risk:

To avoid duplication of functions and inefficiencies, companies must define, coordinate, and centrally manage HR processes. This will allow HR specialists to concentrate on the problems of working with personnel;

Creating an attractive image of the industry for young professionals;

Effective use of the experience of the older generation of employees. Professional development of employees at both local and regional levels, combined with investment in the formation of corporate culture and training of staff in foreign languages. This will help avoid language barriers and misunderstandings while bridging cultural differences between expatriate managers and local employees.

Chapter 2. Analysis of the risk management system at Shell LLC

2.1 General characteristics of Shell LLC

All enterprises involved in the exploration and production of oil and gas, refining and marketing of oil and petroleum products, naturally, are associated with funds, and quite considerable ones at that. Both the seller and the buyer strive to protect their interests and eliminate all possible risks.

Since the oil and gas industry is all assets, one should learn to manage risks, taking into account the diversity of the “material wealth” system.

Shell has been operating in the oil and gas industry in Russia since 1983, and in 1992 registered the Shell Oil company for the sale of lubricants. Shell in Russia follows the general policy of the state, contributing to the solution of pressing social problems. In the educational field, Shell provides support to universities and participates in a program for training Russian students at UK universities.

Currently, Shell is one of the largest foreign investors in the Russian economy. Today, Shell companies and joint ventures operate in Russia in various business areas: exploration, production and transportation of oil and gas, marketing of lubricants, chemicals and petroleum products, motor and industrial oils, as well as in the construction and operation of a network of gas stations.

Today Shell is a large global company engaged in the supply and retail trade of petroleum products. Shell LLC operates in the field of sales of petroleum products. The form of ownership of the company is a limited liability company. The largest shareholders (participants) are Shell Oversiz Holding Ltd. (100%) (UK). Shell is one of the leaders in the extraction, marketing and production of oil and gas. This is due to the fact that specialists with extensive experience and experience were attracted, who are valued in the oil and gas industry market. This reduces the risk of bankruptcy during the operation of the enterprise.

Shell's activities are governed by the Shell General Business Principles standards. These include a commitment to fundamental rights alongside the legitimate role of business. Shell is committed to operating with integrity, even when our exploration of oil and gas takes us to difficult locations and politically sensitive countries. Shell regularly pays taxes and duties.

List of documents provided by the company to interested parties:

Certificate of state registration;

A document granting the right to use a trademark registered in the prescribed manner;

Certificate of conformity of services provided by the enterprise for the production, processing and sale of oil and petroleum products in accordance with standards and legal requirements;

Tariffs and prices for the provision of services for the production and sale of petroleum products;

A book of complaints and suggestions, numbered, laced and sealed;

Description of the procedure for considering complaints and claims;

Similar documents

The concept, role and economic content of risks in the financial and economic activities of an enterprise. Classification and methods of assessing commercial risks, risk management system. Assessment of risks in the activities of the enterprise JSC "Galantus" and ways to reduce them.

course work, added 10/28/2014


Development of measures to reduce risks at the enterprise. The concept of risk and its economic content. Analysis of business risks of TPPUP "Seafood Service". Ways to improve the efficiency of the risk management mechanism. Creation of a risk management department.

thesis, added 06/26/2010


Theoretical foundations of the concept, signs and classification of risks. Basic methods of risk management. Analysis of the financial condition of the enterprise taking into account the risk factor. Selecting measures to reduce risks. Evaluating the effectiveness of proposed activities.

course work, added 12/23/2014


Identification and assessment of risks affecting the shareholder value and investment attractiveness of IDGC of Siberia, JSC. Core business risk management policy. An approach to determining decision threshold levels for risk management.

thesis, added 10/15/2015


Determining the specifics of innovation risks. Methods for reducing the risks of innovation. Examination of an idea, commercial proposal or project as a whole. Risk assessment of an innovation project and development of a risk management mechanism.

course work, added 03/22/2016


Main types of innovation risks. Main stages and methods of risk management. Risk analysis methods. Comprehensive characteristics of innovations. Justification and selection of the project. Examination of an innovative project and development of a risk management mechanism.

course work, added 02/20/2015


The main problems of risk management in the context of globalization of the economic space. Causes and features of risk occurrence. General scheme for project risk management, their quantitative analysis and ranking. Fundamentals of investment risk assessment.

abstract, added 04/25/2012


Origins and economic essence of risks, their indicators and assessment methods. Types of losses and the place of financial risk in the typology of business risks of a commercial enterprise. Ways and importance of commercial risk management in financial management.

course work, added 10/07/2010


The essence of risks in commerce. Types of risks in commercial transactions. Basic methods for determining the degree of risk. Basic ways to manage commercial risks. Loss prevention, self-insurance, insurance, diversification and risk hedging.

presentation, added 10/26/2016


The essence and concept of industry risk: role in the development of the economy and its industries, stages of management. Analysis of methodological approaches to assessing industry risks. Main directions for improving the assessment and management of industry risks in industry.

The modern business world is dynamic. After two years of intertemporal time (2014-2015), the features of a new reality for the prospects for business development in Russia are gradually emerging. In conditions of a shrinking market and a weak ruble, enterprises are forced to form and fully develop their export potential, which will require additional management restructuring. In this regard, the risk management system that enterprises will have to create one way or another can become a resource of attractiveness for investors and a factor of success in foreign and domestic markets.

The essence of risk management

This article echoes the materials of the article on the topic of organizational aspects. Risk management is proposed to be understood as a set of targeted procedures for identifying, assessing and reducing risk to the values ​​established by the strategic choice, implying a multi-stage implementation process. The economic goal of management is to reduce or compensate for damage to the organization when adverse consequences of decisions occur.

In conditions of uncertainty in the economic activity of an enterprise, risk management is a complex of regulation of strategic, tactical, project and operational-production relations. An integrated approach has a number of advantages (the corresponding diagram is located below), and from the perspective of management functions, almost the entire arsenal of management tools is used, including components of financial management, logistics, economics, accounting, sales, etc. The set of procedures is aimed at:

• forecasting risk events and their identification;
• justification for risk avoidance;
• justification of risk acceptability;
• minimizing risk using the available range of tools;
• eliminating the causes and consequences of risk events;
• adaptation of companies that survived the crisis to new business conditions;
• bankruptcy protection.

A framework for demonstrating the benefits of an integrated approach to risk management

Activity uncertainty is weakly correlated with the scale of activity. Indeed, regular management, which can be deployed in large enterprises, gives a significant head start in comparison with empirical management methods in small businesses. But, firstly, the cost of management increases sharply, and secondly, the sheer number of risk factors becomes significantly larger. Therefore, we can say with confidence that one of the conditions for successful activity is the implementation by the management of the business, regardless of its size, of anti-risk measures. Another question is how systematic is risk management?

The objects of management are the risk itself, economic relations accompanying probable adverse events and risky investments. Subjects of management can be considered both in the broad and narrow sense of the word. From a common position, they are all members of the organization’s team, including managers and employees. In a narrow sense, subjects are specially authorized managers, employees and divisions of the company. The goals and objectives of risk management are related to the stages of business development and its passage through life cycle stages. The diagram of changes in the composition of management goals at the stages of the organization’s activities and the corresponding tasks are shown in the diagram below.

Dynamics of goals and composition of risk management tasks by stages of company development

Concept and content of risk management systems

The risk management system (RMS) as a set of interrelated elements, on the one hand, contains two subsystems: control and managed. In addition, the RMS acts as a component of a higher-ranking system - general corporate management and is guided by the requirements of the organization's strategy. On the other hand, the system includes a technological management complex and a complex of organizational means and structures. Pay attention to the diagram of the “RMS Buildings” presented below. It displays the main elements of the risk management system.

Scheme “RMS Building” in the relationship of technological and organizational aspects

The enterprise risk management system is an element of the internal control and risk management mechanism, which is part of general corporate management, a technological tool and tools that ensure the effectiveness of risk management. This system provides the organizational prerequisites, principles and structures for the design, implementation and improvement of the organization's risk management business processes. Thus, the RMS creates an infrastructure for risk management on a regular basis.

Ensuring that the level of uncertainty is minimized regarding the achievability of the tasks set for management, the development and practical development of risk management processes is the main goal of the RMS. These objectives consider the results to be achieved in accordance with the development strategy in programs at the tactical and operational levels. The RMS serves the regulated management of assessed risks, as well as maintaining the company’s integral risk at the level of the preferred acceptable risk. A diagram of the relationship between integral risk management and stakeholders is posted below.

Scheme for resolving the conflict of leading business persons through integral risk management

The risk management system, especially in large companies, is called the corporate risk management system (CRMS). In addition to simply expanding the abbreviation, this usually entails increased requirements for the level of regulation of activities within the system. From the standpoint of solving the main tasks in the CRMS, the following stages are carried out sequentially.

1. Diagnostics of RMS at the level of business units and the entire company.
2. Development of basic CRMS structures (organizational, informational, financial, etc.).
3. Creation of regulatory and methodological support for CRMS.
4. Structuring of databases on identified risks and risk events.
5. Development of monitoring and reporting mechanisms for emerging events.
6. Identification, identification and assessment of risks, drawing up a plan to minimize and compensate them.
7. Formation of a risk map.
8. Integration of the map update procedure into the business planning process.
9. Analysis and assessment of the facts of response to risk events.

Specifics of risk management standardization

Risk management systems at domestic enterprises are built on the basis of Western standards that are rather poorly adapted to our realities. I am not considering the experience of banks and insurance companies here. It seems that in this sector of the economy the point of no return has been passed and the pace of development of risk management and the risk management systems that support them can be considered satisfactory. Are you interested in what Russian companies, primarily those in the manufacturing sector, can rely on in order to quickly increase their risk management potential? To do this, we need to touch on the history of the development of a systematic approach to risk management in the world and in our country.

Scheme of the world history of the development of standards in the field of risk management

Composition of current national and international standards in the field of risk management

Above is a diagram of the history of standardization and the composition of current standards in the field of risk management in the world. It is obvious that in order for a Russian enterprise to satisfy the needs of investors and inspire confidence in the international arena, the approach to building a CRMS must be at least close to international standards. And in order to satisfy the requirements of exchange trading platforms, international and Russian corporate legislation, the system itself must be transparent and understandable to a competent stakeholder.

The COSO ERM risk management model is not a standard and represents a deep methodological development. Therefore, it is difficult to ignore the COSO cube and not emphasize its main postulates. Below are two diagrams that give an overview of this concept. In the model:

• the basic concepts of the internal control system are defined;
• the main components of the risk management process are described in detail;
• an integrated risk management model is presented in a cubic visual form;
• the principles of this management system have been developed;
• the functions and responsibilities of participants in the risk management process are formulated;
• the management process itself is described;
• recommendations were given to external and internal stakeholders to ensure the successful functioning of the RMS in companies.

Key Components of the COSO ERM Risk Management Model

The company is always left face to face with its risks and defends itself internally from threats and the consequences of their implementation. Regulatory bodies also take their place at the “distant approaches to the battle front.” And business certainly needs the support of regulators. Another thing is that domestic standards are a copy of their Western counterparts. At the same time, you need to understand that the actual practice of the general mass of firms in developed countries has gone far ahead due to a longer history and a different level of management culture. However, as a basis, the resources provided by regulators are useful for starting the implementation of CRMS.

Scheme of the composition of regulators that determine the requirements for the RMS

Algorithm for building a CRMS in a company

You and I remember the axiom that management and its components are in conjunction with the company's strategy. It defines the principles of management activities and the main emphasis points. The specificity of risk management is that the local risk management strategy is subject to serious adjustments in the middle of the management process. To build an RMS, the company’s experience in the practical application of financial and economic theory, tax and civil law, external regulatory assets and standards is important.

Internal and external supports for building an RMS in a company

The construction of a risk management system according to the model proposed below is based on the experience of Russian companies with a focus on the COSO methodology. This model implies the following stages of the algorithm.

1. Environmental analysis. First of all, they analyze the elements of the external environment (the activities of the Central Bank of the Russian Federation, the State Duma, the Ministry of Finance, the Federal Tax Service, etc.), the business environment, market conditions, and business resources. All this creates external risk factors.
2. Establishment of customer risk management processes. The success of CRMS implementation depends on this. Very often in Russian companies the customer is the financial service, which is associated with the dominant role of financial risks in the company’s functioning. In some cases, the customer is the general director, and it is especially valuable if his initiatives are supported by the position of the main shareholders.
3. Determination of the organizational structure of the control subsystem. The system can be managed by a specially designated specialist or the head of a separate division, who coordinates various areas: risk investments, insurance operations, venture investments. This organizational structure is called a concentrated model. The second option for organizing a RMS could be a distributed risk management model.
4. Development of regulatory documentation for the system: risk management policies, regulations (concepts) for risk management, risk declarations. The policy serves as the main CRMS document; it is publicly available on the corporate portal.
5. Development and adjustment of a corporate risk map. Here, activities to identify, identify and assess the company’s risks are cyclically implemented.
6. Development of a risk management strategy. In the strategy, in addition to the principles for choosing methods for working with risks and mechanisms for financing them, a special place is occupied by performance indicators of the RMS and the distribution of areas of responsibility between the management company and business units.
7. The actual implementation of the risk minimization and compensation program.
8. Development of a process for operational risk management.
9. Regular CRMS audit.
10. Implementation of procedures for informing about changes in CRMS.
11. Creation and development of control and monitoring systems.
12. Implementation of procedures for storing and archiving information generated in the system.

Principles for implementing the RMS

The operating principles of the RMS in the company also determine the processes of its implementation and development. These principles are subject to compliance by managers, specialists responsible for the implementation of system procedures and all employees of the company.

1. The principle of goal orientation. Goals are stated in the company’s strategic documents: development strategies, strategic action plans, corporate maps, business plans.
2. The principle of balancing risks and profits. The RMS should promote a balance between risk and profitability of the business, taking into account the requirements of legislative acts and the provisions of internal regulations.
3. The principle of accounting for uncertainty. Uncertainty is present in any business activity and is an integral part of the company's decisions. The RMS serves to systematize information about the sources (factors) of uncertainty and helps reduce it.
4. Systematic principle. A systematic approach allows you to timely and fully identify, identify and assess risks, reduce their negative consequences or compensate for the impact on business results.
5. The principle of quality information. The functioning of the RMS requires timely, secure and accurate information. When making decisions, however, it is necessary to take into account the limitations and assumptions of information sources, the possible subjectivity of the experts’ position and the features of the methods used for assessing and modeling risk situations.
6. The principle of assigning responsibility for risk management. The concept of “risk owner” is introduced; this status is assigned to one of the company’s managers. He is given responsibility for the relevant management procedures within the limits of the assigned powers and functional composition.
7. The principle of efficiency. The RMS must provide a reasonable and economically justified combination of management effectiveness and costs for its organization and production.
8. The principle of continuity. The RMS operates under conditions of regularity (cyclicity) of the main processes and their continuity. The system's processes begin at the time of development of the company's strategy and cover all areas of its activities.
9. The principle of integration. The decision-making system at all levels of management must include the subject area of ​​the RMS. Decisions are made and approved taking into account the circumstances and the likelihood of adverse consequences associated with their adoption.
10. The principle of expansion. RMS involves identifying, assessing and resolving all possible threats to activity, not limited only to financial and insurable risks. For the last three principles, diagrams of their main elements are presented below.

Composition of procedures for the principle of continuity of the RMS

Diagram of the main elements of the RMS extension principle

Assessing the company for risk management

What should a company do if it is just thinking about implementing an RMS or if the elements of the system are already present, but it is not clear how and in what direction to move further? In this case, experts recommend performing an analysis of the risk management system at the enterprise in order to determine its strengths and weaknesses and ways for further development.

It would be very useful for current and potential stakeholders in the company's activities and in investing in it to learn about the real state of affairs from the perspective of regular risk management. In 2015, the KPMG consulting group conducted a study “Risk Management Practices in Russia”, in which 48 respondents were asked about conducting RMS diagnostics. The results of the answers are presented in the diagram below.

Results of a survey of 48 Russian companies on RMS diagnostics.

In the system of sequential risk management functions, the most important role is played by assessment of the effectiveness of the risk management system.

Management efficiency represents the ratio of the total result of management activities to the cost of resources spent on its achievement.

The effectiveness of management activities is significantly influenced by a number of factors, the entirety of which can be conditionally divided into two main groups.

The first group includes factors that have a direct impact on the efficiency of administration, such as:

♦ management potential of the organization, i.e. the totality of all resources available to the management system;

♦ total costs for the maintenance and operation of the management system are determined by the nature, method of organization, technology and volume of work to implement management functions;

♦ control effect, i.e. the totality of all economic, social and other benefits that an organization receives in the process of carrying out management activities.

All of the above indicators can be defined as the main factors of management effectiveness.

The second group consists of secondary factors that have an indirect impact on the effectiveness of the management system. These factors include:

♦ qualifications of managers and performers;

♦ capital-labor ratio of the management system, i.e. the degree and quality of provision of administrative workers with auxiliary means (computers, office equipment, etc.);

♦ socio-psychological conditions in the work team;

♦ organizational culture.

As part of the management efficiency criteria, general and specific indicators can be distinguished. General indicators characterize the final results of the organization's activities, and specific indicators characterize the efficiency of using individual types of resources.

To assess the effectiveness of management of commercial enterprises, it is most advisable to use such general indicators as profit and profitability.

The total amount of profit received by an enterprise for a certain period usually consists of profit from sales of products (works, services), profit from other sales and profit from non-sales operations.

Profit from the sale of products, services or work performed is determined as the difference between the total amount of revenue from the sale of products (excluding value added tax and excise taxes) and the amount of production and sales costs included in the cost price.

Profit from other sales is defined as the difference between the amount received from the sale of property or other material assets of the enterprise and their residual value.

Profit from non-sales operations is calculated as the difference between income and expenses on operations not related to the sale of the enterprise's products or its property.

Income from non-operating operations includes:

♦ income from the enterprise’s financial investments in securities;

♦ income from rental property;

♦ balance of received and paid fines;

♦ positive exchange rate differences on foreign currency accounts and transactions in foreign currency;

♦ receipt of amounts to repay accounts receivable written off at a loss in previous years;

♦ profit of previous years, identified and received in the reporting year;

♦ amounts received from buyers for recalculations for products sold last year;

♦ interest received on the company’s accounts with credit institutions.

Non-operating expenses of an enterprise are formed as a result of the summation of:

♦ shortages and losses from loss of material assets and funds;

♦ negative exchange rate balances on foreign currency accounts and transactions in foreign currency;

♦ losses of previous years identified in the reporting year;

♦ writing off accounts receivable;

♦ uncompensated losses from natural disasters;

♦ costs for canceled orders;

♦ legal costs;

♦ costs of maintaining mothballed production facilities.

The balance sheet profit received by the enterprise is distributed between the state and the enterprise. After the income tax is paid into the appropriate budgets, the enterprise has funds at its disposal, which form its net profit. The net profit of the enterprise is directed to the accumulation fund, consumption fund and reserve fund.

Based on the order of profit formation, its factor analysis is carried out. The main goal of factor analysis is to assess the dynamics of balance sheet and net profit indicators, to identify the degree of influence on the financial results of a number of factors, which include:

♦ increase or decrease in production costs;

♦ growth or decline in sales volumes;

♦ improving the quality and expanding the range of products;

♦ identifying reserves for increasing profits.

The most important indicator characterizing the management efficiency of a commercial enterprise is its profitability. Profitability is defined as the profit received from each ruble of funds spent.

The system of profitability indicators is based on the composition of the enterprise’s property and the business operations carried out by the enterprise. From this point of view, there are:

1) profitability of the enterprise’s property - is defined as the ratio of net profit to the average value of the enterprise’s assets;

2) profitability of non-current assets - represents the ratio of net profit to the average value of non-current assets;

3) profitability of current assets - calculated as the ratio of net profit to the average value of current assets;

4) return on investment - the ratio of profit from investment projects to long-term costs of their implementation;

5) return on equity - the ratio of net profit to the amount of equity capital;

6) profitability of borrowed funds - is defined as the ratio of fees for using loans to the total amount of long-term and short-term loans;

7) profitability of products sold - the ratio of net profit to revenue from product sales.

Using the profitability indicators listed above, you can evaluate not only the overall efficiency of the organization’s management system, but also the effectiveness of using individual types of resources (assets) of the enterprise.

It is much more difficult to evaluate the effectiveness of the management of non-profit organizations. From the point of view of assessing the effectiveness of their functioning, all non-profit organizations can be divided into two main groups:

1) organizations whose performance results can be assessed using economic indicators;

2) organizations whose performance results are expressed in non-economic values, such as reducing the level of morbidity or crime, increasing the level of education, improving the environmental situation, etc.

To assess the effectiveness of organizations included in the first group, the same methods can be used as for assessing the effectiveness of commercial organizations.

It is much more difficult to assess the effectiveness of the functioning of organizations that are part of the second group. Currently, there are almost no methods for converting non-economic indicators into economic indicators.

Even in those industries where such techniques are available, they do not find wide practical application. For example, a methodology for calculating the economic damage caused to nature due to pollution of water sources by industrial discharges has long been developed. At the same time, when assessing the effectiveness of projects for the construction of new treatment facilities, the damage prevented is not taken into account. Thus, it turns out that most environmental programs are unprofitable from an economic point of view.

Consequently, the main direction in the development of methods for assessing the economic efficiency of non-profit organizations and programs should be the development of methods for converting non-economic indicators into economic ones. This will make it possible to more objectively and fully take into account the influence of various factors on the performance of a particular organization or project.