25. Risk governance Flashcards
List six stages in the risk management control cycle.
Which is considered to be the hardest of these stages?
- Risk identification
- Risk classification
- Risk measurement
- Risk control
- Risk financing
- RIsk monitoring
Risk identification is hardest because risks the business is exposed to are numerous and their identification needs to be comprehensive. Biggest risks are unidentified ones, as they will not be appropriately managed.
The risk identification stage of the process is more than just recognising the risks to which the organisation is exposed.
Outline the other aspects that should be identified or determined at this stage?
4
- Whether each risk is systematic or diversifiable
- Possible risk control processes that could be put in place for each risk
- Opportunities to exploit risks to gain a competitive advantage
- the organisation’s risk appetite or risk tolerance
Explain the purpose of the risk classification part of the process, i.e. grouping the identified risks into categories
Classifying risks into groups aids the calculation of the cost of the risk AND the value of diversification.
It also enables a risk ‘owner’ to be allocated from the management team.
What two quantities will be estimated under the risk measurement stage of the cycle?
- The probability of a risk event occurring
- The likely severity
How does knowing the probability and likely severity aid in risk management?
- Knowing whether a risk is high, medium, or low probability and severity helps in prioritization of risks and
- Determining what risk control measures should be adopted
What is risk control?
Risk control involves deciding whether to:
* Reject
* Fully accept
* Partially accept
each identified risk
Risk control measures are identified to mitigate risk or consequences of risk events by:
* Reducing probability of risk occurring
* Limiting severity of the risk if it does occur
* Reducing the consequences of risks that do occur (e.g. insurance)
What is risk financing?
- Determination of the likely cost of a risk:
- i.e. E[Loss] + cost of risk mitigation measures (e.g. insurance premiums) + cost of capital for retained risks
- And ensuring that the organization has sufficient financial resources available to
- Continue objectives after a loss event has occurred.
What is risk monitoring?
- Regular review and reassessment of existing risks.
- Identification of new or previously omitted risks.
What are the benefits of risk management to a provider?
SAVIOURS
- Strategic decision making improved (integration of risk into processes)
- Avoid surprises
- Volatility of profits reduced (improved financial stability/quality of business)
- Improved profits via capital efficiency (management and allocation of capital)
- Opportunities exploited for profit
- Understand interdependencies (concentration of risk, diversification benefits, natural synergies) and aggregate risk exposure
- React quickly to emerging risks
- Stakeholders in the business given confidence
What are the objectives of the risk management process?
5
- Incorporate all risks, both financial and non-financial
- Evaluate all relevant strategies for managing risk, both financial and non-financial
- Consider all relevant constraints, including political, social, regulatory and competitive
- Exploit the hedges and portfolio effects among the risks.
- Exploit financial and operational efficiencies within the strategies.
What is an example of a portfolio effect (or portfolio hedge) in a life insurance context?
- A life insurer sells life assurance contracts (exposed to mortality risk).
- A life insurer sells immediate annuity contracts (exposed to longevity risk).
- The two risks have offsetting effects.
What is systematic risk?
- Risk that affects the entire financial market and system
- Not just specific participants.
- Not possible to diversify away.
What is a diversifiable risk?
- Risk that arises from an individual component of a financial market and system
- Investor is not rewarded for taking on diversifiable risk => Risk can be eliminated by diversification
Does a fall in the domestic equity market represent systematic risk or diversifiable risk
- It depends on the context
- Investment fund constrained to invest domestically → risk cannot be diversified away and is Systematic risk.
- Worldwide investment fund -> can invest in many markets -> Diversifiable risk
What does it mean to manage risk at a business unit level and what are the key disadvantages of this approach?
- Parent company determines overall risk appetite and divide it among business units
- Each business unit manages risk within its allocated risk appetite.
- No allowance for diversification or pooling of risk.
- Group is not making the best use of available capital
- +BU feels sense of responsibility/direct involvement in risk management
- +BU managers may understand risk better and how to deal with them
What does it mean to manage risk at an enterprise level? List six benefits of managinging risk at entreprise level
Enterprise Risk Management (ERM) → Risks are managed at the group or enterprise level rather than by each BU, with all risks being considered as a whole
Benefits:
- Diversification - including being able to identify undiversified areas of risk
- Pooling of risk.
- Economies of scale.
- Capital efficiency as capital can be better targeted
- Insights into risk in different parts of the business including identification of unacceptable concetrations
- Better understanding of risk, allowing for value creation by exploiting risks as opportunities.
What are the roles of the various stakeholders in risk governance?
6
- Employees → Identify risks and suggest controls.
- Chief Risk Officer (CRO) →
1. Allocates risk budget to BU after allowing for diversification.
2. Monitors group risk exposure.
3. Documents risk events. - Risk managers →
1. Make full use of allocated risk budget at the business unit level.
2.Collect, monitor, and report risk data. - Customers → Can be encouraged to observe and report risks faced when using products.
- Shareholders → Drive risk governance through development of risk appetite.
- Regulators & Credit Rating Agencies → Ensure quality of risk governance and impose minimum standards.
Does a fall in the domestic equity market represent systematic risk or diversifiable risk
- To an investment fund that only invests domestically => risk cannot be diversified away and is systematic
- To a world-wide investment fund => can be diversified by other markets
What does it mean to manage risk at the business unit level and what are the key disadvantages of this approach?
- The parent company sets an overall risk appetite
- This overall risk appetite is then allocated across various business units
- Each business unit manages its risks within the assigned limits
- A key disadvantage is that this approach ignores the benefits of diversification and pooling of risk.
- It may lead to suboptimal use of the group’s available capital.
What is the difference between risk and uncertainty?
- Risk arises as the consequence of uncertain outcomes
- Uncertainty cannot be modelled, but it is often possible to model risk
How can company diversify risk at ERM using its BU?
6
- carry out the same activity but in different locations
- carry out different activities at the same location
- carry out different activities at different locations
- operate in different countries
- operate in different markets
- be separate companies in a group, which each have their own business units.
