9.6 Introduction to Risk Management Flashcards
Risk exposure
the quantification of sensitivity to a certain risk
For example, banks have assets and liabilities that are sensitive to interest rate risk.
It is possible to measure a bank’s exposure to interest rate risk by modeling the impact of a 1% change in the yield curve on its net income.
Risk exposures are dynamic, so they must be continuously monitored.
The risk management process
involves setting an optimal level of risk exposure, measuring the actual level of risk exposure, and making any necessary adjustments to reach the target level
the objective of risk management is to minimize the uncertainty of the impact of unpredictable events.
A risk management framework
the infrastructure, process, and analytics needed to effectively manage an organization’s risk exposures
A risk management framework should include the following key factors:
Risk governance
Risk identification and measurement
Risk infrastructure
Policies and processes
Risk monitoring, mitigation, and management
Communication
Strategic analysis or integration
Risk governance
This is the top-level system of structures, rights, and obligations.
It is normally done at the board level, led by a risk management committee that is tasked with overseeing the company’s risk exposures and providing an enterprise-wide perspective on risk management.
Risk identification and measurement
This makes up the main quantitative core elements of risk management.
All of an organization’s potential risk exposures should be assessed qualitatively and quantified as accurately as possible.
Risk drivers should be identified to help model changes in risk exposures under various scenarios, including periods of extreme market stress.
Risk infrastructure
This includes the people and systems needed to assess and quantify risk exposures.
Improvements in technology have allowed for greater sophistication and precision in modeling risk.
The appropriate amount of risk infrastructure will vary among companies depending on their size and the nature of their activities.
Policies and processes
The overall vision for risk management is established by the risk management committee.
This vision is implemented with policies and processes that govern day-to-day operations.
Risk management policies and processes should be integrated into business activities.
Risk monitoring, mitigation, and management
This is the most important part of the risk framework and also the most difficult. It is an active process that must be continuously reviewed.
Responsibilities of governing body (i.e., risk management committee) include:
Providing risk oversight
Determining organizational goals, direction, and priorities
Specifying risk appetite or tolerance (i.e., which risks and levels of exposure are acceptable)
Enterprise-focused risk management (ERM)
takes a holistic view of the firm
is more likely to add value than narrower, less integrated approaches to risk management
ERM can be applied to individuals as well. For example, investors can factor human capital considerations into investment decisions.
An analysis of risk tolerance should seek to identify the following:
- Internal shortfalls that would result in failure to achieve critically important objectives. Specific metrics may include the percentage drop in revenue that would trigger debt covenants or the amount of cash flow needed to fund key capital projects.
- Risk drivers, or external uncertainties to which the organization is exposed (e.g., exchange rates, commodity prices, interest rates).
Factors that should not be allowed to influence assessments of risk tolerance include:
short-term reporting pressures, company size, and management compensation.
Risk budgeting
an effort to quantify and allocate allowable risk for both business and portfolio management
It is the process of implementing risk tolerance in the everyday decisions that affect a company’s actual risk exposures.
Single-dimension measures of risk budgeting
include standard deviation, beta, value at risk, and scenario loss
Financial risks
usually stem from changes in market prices and rates
Non-Financial risks
arise from a variety of sources beyond the financial markets
types of financial risks
Market risk
Credit risk
liquidity risk
types of non-financial risks
Settlement risk
Legal risk
Compliance risk
Model risk
Tail risk
Operational risk
Solvency risk
Risks unique to individuals
Metrics
refers to the quantitative measure of risk exposure.
Probability is the most basic metric
The following metrics are used to measure the risks of derivatives:
Delta (sensitivity of the derivative price to the underlying asset)
Gamma (sensitivity of delta to the underlying asset)
Vega (sensitivity of the derivative price to the volatility of the underlying asset)
Rho (sensitivity of the derivative price to changes in interest rates)
Value at risk (VaR)
specifies the minimum loss over a given time period at a given probability
VaR measure includes three elements: a probability, a time period, and a minimum possible loss stated in units of currency.
–> For example, a given bank could be expected to lose at least $2 million in one day 5% of the time. Unfortunately, there are many ways to model the loss, so diverse estimates for VaR could occur for a given company. VaR is based on an assumed probability distribution (usually the normal distribution) that may not reflect reality.
Four broad categories:
Risk Prevention and Avoidance
Risk Acceptance: Self-Insurance and Diversification
Risk Transfer
Risk Shifting
Risk management in the case of individuals is best described as concerned with:
a) hedging risk exposures.
b) maximizing utility while bearing a tolerable level of risk.
c) maximizing utility while avoiding exposure to undesirable risks.
b) maximizing utility while bearing a tolerable level of risk.
Which of the following may be controlled by an investor?
a) Risk
b) Raw returns
c) Risk-adjusted returns
a) Risk
Which of the following best describes activities that are supported by a risk management infrastructure?
a) Risk tolerance, budgeting, and reporting
b) Risk tolerance, measurement, and monitoring
c) Risk identification, measurement, and monitoring
c) Risk identification, measurement, and monitoring
Risk governance:
a) aligns risk management activities with the goals of the overall enterprise.
b) defines the qualitative assessment and evaluation of potential sources of risk in an organization.
c) delegates responsibility for risk management to all levels of the organization’s hierarchy.
a) aligns risk management activities with the goals of the overall enterprise.
A firm’s risk management committee would be expected to do all of the following except:
a) approving the governing body’s proposed risk policies.
b) deliberating the governing body’s risk policies at the operational level.
c) providing top decision-makers with a forum for considering risk management issues.
a) approving the governing body’s proposed risk policies.
The risk management committee is a part of the risk governance structure at the operational level—as such, it does not approve the governing body’s policies.
Once an enterprise’s risk tolerance is determined, the role of risk management is to:
a) analyze risk drivers.
b) align risk exposures with risk appetite.
c) identify the extent to which the enterprise is willing to fail in meeting its objectives.
b) align risk exposures with risk appetite.
When risk tolerance has been determined, the risk framework should be geared toward measuring, managing, and complying with the risk tolerance, or aligning risk exposure with risk tolerance.
The risk tolerance decision begins by looking at what shortfalls within an organization would cause it to fail to achieve some critical goals and what are the organization’s risk drivers.
An example of a non-financial risk is:
a) market risk.
b) liquidity risk.
c) settlement risk.
c) settlement risk.
An organization choosing to accept a risk exposure may:
a) buy insurance.
b) enter into a derivative contract.
c) establish a reserve fund to cover losses.
c) establish a reserve fund to cover losses.
Risk acceptance is similar to self-insurance. An organization choosing to self-insure may set up a reserve fund to cover losses. Buying insurance is a form of risk transfer and using derivatives is a form of risk-shifting, not risk acceptance.
Among other things, an organization’s risk tolerance should most likely reflect its:
a) perception of market stability.
b) size.
c) competitive position.
c) competitive position.
A good risk governance process would most likely:
a) provide guidance on the size of the largest acceptable loss for the organization.
b) provide different risk targets for each unit within the organization.
c) be a bottom-up process that reflects the current risk exposures of all parts of the organization.
a) provide guidance on the size of the largest acceptable loss for the organization.
The German firm IHK AG has entered into a three-month forward currency contract to purchase USD35 million versus euros from US firm GED Corp. to hedge a future payment obligation. The US dollar appreciates 5% in the coming three months. IHK should most likely focus on:
a) market risk.
b) liquidity risk.
c) counterparty risk.
c) counterparty risk.
IHK’s potential risk is settlement risk, which is a type of counterparty risk. Settlement risk deals with the settling of payments that occur just before a default. If IHK wires the euros to GED and GED then declares bankruptcy, IHK will not be able to get the money back.
Risk budgeting most likely:
a) limits the cost of hedging a portfolio.
b) can be defined by a measure such as beta or scenario loss.
c focuses on the appetite for risk and what exposures are acceptable.
b) can be defined by a measure such as beta or scenario loss.
Risk budgeting quantifies and allocates the tolerable risk according to specific metrics. A risk budget can be multidimensional or a simple, one-dimensional risk measure, such as standard deviation, beta, value at risk, or scenario loss, among others.
An example of risk transfer combined with self-insurance is most likely:
a) a bond portfolio hedged with an interest rate option.
b) an insurance policy with a deductible.
c a bank that establishes a loan loss reserve fund.
b) an insurance policy with a deductible.
Risk transfer is accomplished through an insurance policy. A deductible in an insurance policy means the insured is bearing some of the risk of loss and thereby (partially) self-insuring. Hedging with derivatives accomplishes risk shifting, not risk transfer
Which of the following pairs of risks are most closely related?
a) Model risk and tail risk
b) Liquidity risk and operational risk
c) Credit risk and solvency risk
a) Model risk and tail risk
Model risk is the risk of using the wrong model to analyze an investment or the risk of using the right model for the analysis but using it incorrectly. Tail risk, although it involves unlikely but substantial losses, typically results from using inappropriate modeling assumptions such as assuming that returns are normally distributed