25. Risk governance Flashcards
List six stages in the risk management control cycle.
Which is considered to be the hardest of these stages?
- Risk identification
- Risk classification
- Risk measurement
- Risk control
- Risk financing
- RIsk monitoring
Risk identification is hardest because risks the business is exposed to are numerous and their identification needs to be comprehensive. Biggest risks are unidentified ones, as they will not be appropriately managed.
The risk identification stage of the process is more than just recognising the risks to which the organisation is exposed.
Outline the other aspects that should be identified or determined at this stage?
4
- Whether each risk is systematic or diversifiable
- Possible risk control processes that could be put in place for each risk
- Opportunities to exploit risks to gain a competitive advantage
- the organisation’s risk appetite or risk tolerance
Explain the purpose of the risk classification part of the process, i.e. grouping the identified risks into categories
Classifying risks into groups aids the calculation of the cost of the risk and the value of diversification.
It also enables a risk ‘owner’ to be allocated from the management team.
What two quantities will be estimated under the risk measurement stage of the cycle?
- The probability of a risk event occurring
- The likely severity
How does knowing the probability and likely severity aid in risk management?
- Knowing whether a risk is high, medium, or low probability and severity helps in prioritization of risks.
- Determines what risk control measures should be adopted
What is risk control?
Deciding whether to:
* Reject
* Fully accept
* Partially accept
Risk control measures mitigate risk or consequences of risk events by:
* Reducing probability of risk occurring
* Limiting severity of the risk if it does occur
* Reducing the consequences of risks that do occur
What is risk financing?
- Determination of the likely cost of a risk:
- i.e. E[Loss] + cost of risk mitigation measures + cost of capital for retained risks
- Ensuring that the organization has sufficient financial resources.
- Continuing objectives after a loss event has occurred.
What is risk monitoring?
- Regular review and reassessment of existing risks.
- Identification of new or previously omitted risks.
What are the benefits of risk mitigation to a provider?
SAMOSAS
- Stability and quality of business improved.
- Avoid surprises.
- Management and allocation of capital improved (better growth and returns).
- Opportunities exploited for profit.
- Synergies identified (and relative opportunities taken).
- Arbitrage opportunities identified.
- Stakeholders in the business given confidence
What are the objectives of the risk management process?
- Incorporate all risks, both financial and non-financial
- Evaluate all relevant strategies for managing risk, both financial and non-financial
- Consider all relevant constraints, including political, social, regulatory and competitive
- Exploit hedges and portfolio effects among the risks.
- Exploit financial and operational efficiencies within the strategies.
What is an example of a portfolio effect (or portfolio hedge) in a life insurance context?
- A life insurer sells life assurance contracts (exposed to mortality risk).
- A life insurer sells immediate annuity contracts (exposed to longevity risk).
- The two risks have offsetting effects.
What is the difference between risk and uncertainty?
Uncertainty → Outcome is unpredictable.
Risk → Consequence of an action taken:
* Involves some uncertainty BUT
* There may be some certainty about some component of the risk.
What is systematic risk?
- Affects the entire financial market.
- Not just specific participants.
- Not possible to diversify away.
What is a diversifiable risk?
- Arises from an individual component of a financial market.
- Eliminated by diversification → Investor is not rewarded for taking on
What risk does a fall in the domestic market represent?
- Investment fund constrained to invest domestically → Systematic risk.
- Worldwide investment fund → Diversifiable risk
What does it mean to manage risk at a business unit level and what are the key disadvantages of this approach?
- Parent company determines overall risk appetite and distributes it among business units.
- Each business unit manages risk within its allocated risk appetite.
- No allowance for diversification or pooling of risk.
- Group is not making the best use of available capital
What does it mean to manage risk at an enterprise level?
Enterprise Risk Management (ERM) → Risk is managed at the group or enterprise level.
All risks are considered as a whole, leading to:
* Diversification.
* Pooling of risk.
* Economies of scale.
* Capital efficiency.
* Insights into risk in different parts of the business.
* Better understanding of risk, allowing for value creation by exploiting risks as opportunities.
What are the roles of the various stakeholders in risk governance?
- Employees → Identify risks and suggest controls.
- Chief Risk Officer (CRO) →
1. Allocates risk budget after considering diversification.
2. Monitors group risk exposure.
3. Documents risk events. - Risk managers →
1. Utilize allocated risk budget at the business unit level.
*2.Collect, monitor, and report risk data. - Customers → Observe and report risks faced when using products.
- Shareholders → Drive risk governance and development of risk appetite.
- Regulators & Credit Rating Agencies → Ensure quality of risk governance and impose minimum standards.
Does a fall in the domestic equity market represent systematic risk or diversifiable risk
- To an investment fund that only invests demestically => risk cannot be diversified away and is systematic
- To a world-wide investment fund => can be diversified by other markets
What does it mean to manage risk at the business unit level and what are the key disadvantages of this approach?
- The parent company sets an overall risk appetite
- This overall risk appetite is then allocated across various business units
- Each business unit manages its risks within the assigned limits
- A key disadvantage is that this approach ignores the benefits of diversification and pooling of risk.
- It may lead to suboptimal use of the group’s available capital.
