24 - Risk Governance

Question 1

What are the key steps of risk management by a financial provider?

Answer 1

• Risk identification
• Risk classification
• Risk measurement
• Risk control
• Risk financing
• Risk monitoring
• Cycle back

Question 2

What does risk identification concern?

Answer 2

• Recognise risks that will threaten the assets & income of the organisation by establishing context:
  - > Business objectives
  - > Company structures & finances
  - > Who are the key stakeholders?
  - > What is the area of business?
  - > External environment
• Systematic or diversifiable?
• Preliminary identification of possible risk control processes
• Identify exploitable risks to gain competitive advantage

Question 3

What is risk classification concerned with?

Answer 3

• Classifying risks helps with calculating cost of risk & the value of diversification
• Management allocates the risk to an “owner” who is responsible for the control processes of the risk

Question 4

What is risk measurement concerned with?

Answer 4

• Estimation of the probability of the risk event occurring and its severity
• Gives the basis for evaluating/selecting risk control methods:
  o Decline risks
  o Transfer risks
  o Mitigate risks
  o Retain risks with or without controls

Question 5

What is risk control concerned with?

Answer 5

• Deciding whether to fully/partially accept each identified risk
• Identifying possible mitigation options for risks where needed
• Risk control measures aim to mitigate risks or their consequences by:
  o Reducing probability of risk occurring
  o Limiting severity of the effects of occurring risks
  o Limiting consequences of the risks that occur eg. adequate insurance

Question 6

What is risk financing concerned with?

Answer 6

• Determining the likely cost of each risk (including cost of mitigations, expected losses & cost of capital arising from retained risks)
• Ensuring the organisation has sufficient financial resources available to continue its objectives after loss event occurs

Question 7

What is risk monitoring concerned with?

Answer 7

• Identify new risks or changes in the nature of existing risks
• Determine if the exposure to risk and/or risk appetite of the organisation has changed over time
• Report on risks that have actually occurred and how they were managed
• Assess whether the existing risk management process is effective

Question 8

What are the benefits of a risk management process for a provider?

Answer 8

• Avoid surprises
• Improve stability & quality of the business
• Improve their growth & returns by:
  o Exploiting risk opportunities
  o Better management/allocation of capital
• Identify opportunities from:
  o Natural synergies
  o Risk arbitrage
• Give stakeholders in their business confidence that the business is being well managed

Question 9

Risk management strategies that balance risk, growth and consistency should ideally:

Answer 9

• Incorporate all risks, both financial & non-financial
• Evaluate all relevant strategies for managing risks, both financial & non-financial
• Consider all relevant constraints including political, social, regulatory & competitive
• Exploit the:
  o Hedges & portfolio effects among the risks
  o Financial & operational efficiencies within strategies

Question 10

What is systematic risk?

Answer 10

• Risk that affects the whole financial market or system

- It cannot avoided through diversification

Question 11

What is diversifiable risk?

Answer 11

• Arises from an individual component of a financial market or system
• Only non-diversifiable risks are rewarded within the scope of most financial systems
• Rational investor should not take on any diversifiable risk

Question 12

What are the main characteristics of ERM?

Answer 12

• Centralisation
• Board implementation & key objective of the board
• Evolving process

Question 13

What does the centralisation aspect of ERM concern?

Answer 13

• Portfolio approach (assesses all the risks across the company wrt their cumulative effect & correlations)
• Central Risk Function (single department responsible for risk assessment/objectives/monitoring lead by expertise & knowledge of CRO)
• Documentation (details of all risks & potential risks kept in one evolving source document)
• Reporting (one person, the CRO is responsible for reporting on overall risks to the company board)

Question 14

Advantages of portfolio approach:

Answer 14

• Assesses all the risks across the company wrt their cumulative effect & correlations
• Can lead to greater efficiencies in terms of:
  o Insurance purchased
  o Investment strategy
  o Capital requirements

Question 15

Advantages of central risk function (CRF):

Answer 15

• Clearly defined risk objectives
• Without CRF, dilution of knowledge b/w different departments is likely
• More accurate/efficient reporting of risks from:
  o Staff to CRO
  o CRO to the board
  o The Board back to all departments & employees
• Less likelihood of gaps in analysis
• Central auditing of risks => less risk of over-confidence & anchoring
• Improvement of risk culture or an organisation

Question 16

What is the documentation aspect of CRF concerned with?

Answer 16

• Risk policy is set out and risks are listed & defined (using checklists & risk register) in consistent language (taxonomy of risks)
• Responsibility of CRF to keep the documentation updated when new risks are identified or treatment of risks change

Question 17

What is the reporting aspect of CRF concerned with?

Answer 17

• Risks must be reported to the board st. there is clarity in the understanding of:
  o Key risks prioritised by CRO
  o Developments in the organisation’s risk profile
• Employees should
  o Be adequately trained in ERM
  o Understand importance of reporting potential risks & monitoring current risks

Question 18

What is the board implementation component concerned with in ERM?

Answer 18

• Crucial for the board to completely buy into the concept
• Should be a key objective for the board
• ERM agenda item every meeting
• Appoint CRO (who may be on the board)

Question 19

What is the evolving process component of ERM concerned with?

Answer 19

• Board should implement a thorough process
• Risk continually being monitored & revised
• Not a once off exercise

Question 20

Challenges of ERM:

Answer 20

• Considerable initial effort required
• The Board must sell the idea to managers and staff
• Must be a part of corporate culture

Question 21

How might business units of a single organisation operate?

Answer 21

• Carry out the same activity but in different locations
• Carry out different activities at the same location
• Carry out different activities at different locations
• Operate in different countries
• Operate in different markets
• Be separate companies in a group, which each have their own business unit

Question 22

How may a parent company manage risks b/w business units alternatively to ERM?

Answer 22

• Determine the overall risk appetite of the company
• Divide the risk appetite b/w the different units
• Likely that this method does not allow for diversification benefits
• Hence a preferable approach is risk management at the enterprise level

Question 23

Who are the stakeholders of risk governance?

Answer 23

• Directors / senior management
• Risk managers and any Chief Risk Officer
• All other employees
• Customers
• Shareholders
• Credit rating agencies
• Regulators.