9.6 Introduction to Risk Management

Question 1

Risk exposure

Answer 1

the quantification of sensitivity to a certain risk

For example, banks have assets and liabilities that are sensitive to interest rate risk.

It is possible to measure a bank’s exposure to interest rate risk by modeling the impact of a 1% change in the yield curve on its net income.

Risk exposures are dynamic, so they must be continuously monitored.

Question 2

The risk management process

Answer 2

involves setting an optimal level of risk exposure, measuring the actual level of risk exposure, and making any necessary adjustments to reach the target level

the objective of risk management is to minimize the uncertainty of the impact of unpredictable events.

Question 3

A risk management framework

Answer 3

the infrastructure, process, and analytics needed to effectively manage an organization’s risk exposures

Question 4

A risk management framework should include the following key factors:

Answer 4

Risk governance

Risk identification and measurement

Risk infrastructure

Policies and processes

Risk monitoring, mitigation, and management

Communication

Strategic analysis or integration

Question 5

Risk governance

Answer 5

This is the top-level system of structures, rights, and obligations.

It is normally done at the board level, led by a risk management committee that is tasked with overseeing the company’s risk exposures and providing an enterprise-wide perspective on risk management.

Question 6

Risk identification and measurement

Answer 6

This makes up the main quantitative core elements of risk management.

All of an organization’s potential risk exposures should be assessed qualitatively and quantified as accurately as possible.

Risk drivers should be identified to help model changes in risk exposures under various scenarios, including periods of extreme market stress.

Question 7

Risk infrastructure

Answer 7

This includes the people and systems needed to assess and quantify risk exposures.

Improvements in technology have allowed for greater sophistication and precision in modeling risk.

The appropriate amount of risk infrastructure will vary among companies depending on their size and the nature of their activities.

Question 8

Policies and processes

Answer 8

The overall vision for risk management is established by the risk management committee.

This vision is implemented with policies and processes that govern day-to-day operations.

Risk management policies and processes should be integrated into business activities.

Question 9

Risk monitoring, mitigation, and management

Answer 9

This is the most important part of the risk framework and also the most difficult. It is an active process that must be continuously reviewed.

Question 10

Responsibilities of governing body (i.e., risk management committee) include:

Answer 10

Providing risk oversight

Determining organizational goals, direction, and priorities

Specifying risk appetite or tolerance (i.e., which risks and levels of exposure are acceptable)

Question 11

Enterprise-focused risk management (ERM)

Answer 11

takes a holistic view of the firm

is more likely to add value than narrower, less integrated approaches to risk management

ERM can be applied to individuals as well. For example, investors can factor human capital considerations into investment decisions.

Question 12

An analysis of risk tolerance should seek to identify the following:

Answer 12

1. Internal shortfalls that would result in failure to achieve critically important objectives. Specific metrics may include the percentage drop in revenue that would trigger debt covenants or the amount of cash flow needed to fund key capital projects.
2. Risk drivers, or external uncertainties to which the organization is exposed (e.g., exchange rates, commodity prices, interest rates).

Question 13

Factors that should not be allowed to influence assessments of risk tolerance include:

Answer 13

short-term reporting pressures, company size, and management compensation.

Question 14

Risk budgeting

Answer 14

an effort to quantify and allocate allowable risk for both business and portfolio management

It is the process of implementing risk tolerance in the everyday decisions that affect a company’s actual risk exposures.

Question 15

Single-dimension measures of risk budgeting

Answer 15

include standard deviation, beta, value at risk, and scenario loss

Question 16

Financial risks

Answer 16

usually stem from changes in market prices and rates

Question 17

Non-Financial risks

Answer 17

arise from a variety of sources beyond the financial markets

Question 18

types of financial risks

Answer 18

Market risk

Credit risk

liquidity risk

Question 19

types of non-financial risks

Answer 19

Settlement risk

Legal risk

Compliance risk

Model risk

Tail risk

Operational risk

Solvency risk

Risks unique to individuals

Question 20

Metrics

Answer 20

refers to the quantitative measure of risk exposure.

Probability is the most basic metric

Question 21

The following metrics are used to measure the risks of derivatives:

Answer 21

Delta (sensitivity of the derivative price to the underlying asset)

Gamma (sensitivity of delta to the underlying asset)

Vega (sensitivity of the derivative price to the volatility of the underlying asset)

Rho (sensitivity of the derivative price to changes in interest rates)

Question 22

Value at risk (VaR)

Answer 22

specifies the minimum loss over a given time period at a given probability

VaR measure includes three elements: a probability, a time period, and a minimum possible loss stated in units of currency.

–> For example, a given bank could be expected to lose at least $2 million in one day 5% of the time. Unfortunately, there are many ways to model the loss, so diverse estimates for VaR could occur for a given company. VaR is based on an assumed probability distribution (usually the normal distribution) that may not reflect reality.

Question 23

Four broad categories:

Answer 23

Risk Prevention and Avoidance

Risk Acceptance: Self-Insurance and Diversification

Risk Transfer

Risk Shifting

Question 24

Risk management in the case of individuals is best described as concerned with:

a) hedging risk exposures.

b) maximizing utility while bearing a tolerable level of risk.

c) maximizing utility while avoiding exposure to undesirable risks.

Answer 24

b) maximizing utility while bearing a tolerable level of risk.

Question 25

Which of the following may be controlled by an investor?

a) Risk

b) Raw returns

c) Risk-adjusted returns

Answer 25

a) Risk

Question 26

Which of the following best describes activities that are supported by a risk management infrastructure?

a) Risk tolerance, budgeting, and reporting

b) Risk tolerance, measurement, and monitoring

c) Risk identification, measurement, and monitoring

Answer 26

c) Risk identification, measurement, and monitoring

Question 27

Risk governance:

a) aligns risk management activities with the goals of the overall enterprise.

b) defines the qualitative assessment and evaluation of potential sources of risk in an organization.

c) delegates responsibility for risk management to all levels of the organization’s hierarchy.

Answer 27

a) aligns risk management activities with the goals of the overall enterprise.

Question 28

A firm’s risk management committee would be expected to do all of the following except:

a) approving the governing body’s proposed risk policies.

b) deliberating the governing body’s risk policies at the operational level.

c) providing top decision-makers with a forum for considering risk management issues.

Answer 28

a) approving the governing body’s proposed risk policies.

The risk management committee is a part of the risk governance structure at the operational level—as such, it does not approve the governing body’s policies.

Question 29

Once an enterprise’s risk tolerance is determined, the role of risk management is to:

a) analyze risk drivers.

b) align risk exposures with risk appetite.

c) identify the extent to which the enterprise is willing to fail in meeting its objectives.

Answer 29

b) align risk exposures with risk appetite.

When risk tolerance has been determined, the risk framework should be geared toward measuring, managing, and complying with the risk tolerance, or aligning risk exposure with risk tolerance.

The risk tolerance decision begins by looking at what shortfalls within an organization would cause it to fail to achieve some critical goals and what are the organization’s risk drivers.

Question 30

An example of a non-financial risk is:

a) market risk.

b) liquidity risk.

c) settlement risk.

Answer 30

c) settlement risk.

Question 31

An organization choosing to accept a risk exposure may:

a) buy insurance.

b) enter into a derivative contract.

c) establish a reserve fund to cover losses.

Answer 31

c) establish a reserve fund to cover losses.

Risk acceptance is similar to self-insurance. An organization choosing to self-insure may set up a reserve fund to cover losses. Buying insurance is a form of risk transfer and using derivatives is a form of risk-shifting, not risk acceptance.

Question 32

Among other things, an organization’s risk tolerance should most likely reflect its:

a) perception of market stability.

b) size.

c) competitive position.

Answer 32

c) competitive position.

Question 33

A good risk governance process would most likely:

a) provide guidance on the size of the largest acceptable loss for the organization.

b) provide different risk targets for each unit within the organization.

c) be a bottom-up process that reflects the current risk exposures of all parts of the organization.

Answer 33

a) provide guidance on the size of the largest acceptable loss for the organization.

Question 34

The German firm IHK AG has entered into a three-month forward currency contract to purchase USD35 million versus euros from US firm GED Corp. to hedge a future payment obligation. The US dollar appreciates 5% in the coming three months. IHK should most likely focus on:

a) market risk.

b) liquidity risk.

c) counterparty risk.

Answer 34

c) counterparty risk.

IHK’s potential risk is settlement risk, which is a type of counterparty risk. Settlement risk deals with the settling of payments that occur just before a default. If IHK wires the euros to GED and GED then declares bankruptcy, IHK will not be able to get the money back.

Question 35

Risk budgeting most likely:

a) limits the cost of hedging a portfolio.

b) can be defined by a measure such as beta or scenario loss.

c focuses on the appetite for risk and what exposures are acceptable.

Answer 35

b) can be defined by a measure such as beta or scenario loss.

Risk budgeting quantifies and allocates the tolerable risk according to specific metrics. A risk budget can be multidimensional or a simple, one-dimensional risk measure, such as standard deviation, beta, value at risk, or scenario loss, among others.

Question 36

An example of risk transfer combined with self-insurance is most likely:

a) a bond portfolio hedged with an interest rate option.

b) an insurance policy with a deductible.

c a bank that establishes a loan loss reserve fund.

Answer 36

b) an insurance policy with a deductible.

Risk transfer is accomplished through an insurance policy. A deductible in an insurance policy means the insured is bearing some of the risk of loss and thereby (partially) self-insuring. Hedging with derivatives accomplishes risk shifting, not risk transfer

Question 37

Which of the following pairs of risks are most closely related?

a) Model risk and tail risk

b) Liquidity risk and operational risk

c) Credit risk and solvency risk

Answer 37

a) Model risk and tail risk

Model risk is the risk of using the wrong model to analyze an investment or the risk of using the right model for the analysis but using it incorrectly. Tail risk, although it involves unlikely but substantial losses, typically results from using inappropriate modeling assumptions such as assuming that returns are normally distributed