C24 Risk Governance

Question 1

Steps of risk management under ACC

Answer 1

It will be seen that these steps follow the approach of the actuarial control cycle.
The key steps are as follows:
 identification (of risks that threaten the income or assets of an organisation, and of
possible controls)
 classification (into groups, including allocation of ‘ownership’)
 measurement (probability and severity)
 control (mitigation to reduce the probability / severity / financial and other
consequences of a loss)
 financing (determining the likely cost of each risk, including the cost effectiveness of
risk control options, and the availability of capital to cover retained risk)
 monitoring (regular review and re-assessment of risks together with an overall
business review to identify new / previously omitted risks).

Question 2

Describe risk identification stage of the process

Answer 2

• Risk identification is the recognition of risks that can threaten the income or assets of the provider.
• Determine whether risk is systematic or diversifiable
• Do preliminary identification of risk control processes, reduce occurrence or impact of event

Question 3

What is essential for gaining a competitive advantage over other providers?

Answer 3

Identifying opportunities to exploit risks

This involves understanding market dynamics and assessing potential gains from taking calculated risks.

This is fundamental to the business model of these companies, as they manage and price risk to generate revenue.

Question 4

Purpose of risk classification stage of the process

Answer 4

Classifying risks into groups aids in
1. Calculation of cost of risks
2. Value of diversification

Question 5

Describe the risk measurement stage of the process

Answer 5

Risk measurement is:
1. Estimation of the probability of risk event occurring
2. Its likely severity

It gives:
1. The basis for evaluating and selecting the risk control methods
2. Whether the risk should be declined, transferred, mitigated or retained with or without controls

Question 6

Describe risk control

Answer 6

Risk control involves:
1. Deciding whether to reject, fully accept, or partially accept each identified risk
2. Identify different possible mitigation options for each risk that requires mitigation

Question 7

Four ways in which risk control measures can mitigate risks or their consequences

Answer 7

Risk control is the implementation of systems that aim to mitigate risks or consequences of risk events by:

1. Reducing the probability of a risk occurring.
2. Limiting financial consequences of a risk (i.e. losses if risk occurs and cost of risk mitigation, e.g. insurance)
3. Limit severity of a risk that does occur, in particular reducing probability of catastrophic loss
4. Reduce consequences of a risk that does occur, e.g. by ensuring business continuity following a risk event

Risk control measures should give a measurable reduction in either the likelihood of loss or the expected cost of that loss

Question 8

What is Risk financing

Answer 8

Risk financing involves:
- determining the likely cost of each risk (including the cost of any mitigations and the expected losses and cost of capital arising from retained risk)

• ensuring the organisation has sufficient financial resources available to continue its objectives after a loss event occurs.

Question 9

Describe the monitoring stage of the risk management process.

Answer 9

Risk monitoring is process of ensuring that risks continue to be managed
- review and re-assessment of all the risks previously
identified
- identify new or previously omitted risks

It is important to establish a clear management responsibility for each risk in order that monitoring and control procedures can be effective.

Question 10

Objective of risk monitoring

Answer 10

The objectives of risk monitoring might be to:
● determine if the exposure to risk and/or the risk appetite of the organisation has changed over time
● identify new risks or changes in the nature of existing risks
● report on risks that have actually occurred and how they were managed
● assess whether the existing risk management process is effective

Question 11

Nine things a provider aim to achieve through an effective risk management process

or Benefits of risk mgmt process

Answer 11

Through an effective risk management process a provider of financial benefits will be able to:
ARFGG AO IC
- Avoid surprises
- React more quickly to emerging risks
- Improve financial stability (ie earning volatility) and quality of their business
- Improve their growth and returns by exploiting risk opportunities
- Improve their growth and returns through better management and allocation of capital
- Identify their aggregate risk exposure and assess interdependencies (ie concentration of risk, diversification benefits, natural synergies)
- Identify opportunities arising from risk arbitrage
- Integrate risk into business processes ( eg pricing) and strategic decision making (eg. produce development, M&A)
- Give stakeholders in their business confidence that the business is well managed.

Question 12

List five things an effective risk management process should involve to achieve its aims

Answer 12

The risk management process should:
 incorporate all risks, both financial and non-financial
 evaluate all relevant strategies for managing risk, both financial and non-financial
 consider all relevant constraints, including political, social, regulatory and competitive
 exploit the hedges and portfolio effects among the risks
 exploit the financial and operational efficiencies within the strategies.

Question 13

Define Systematic risk

Answer 13

Systematic risk is risk that
- affects an entire financial market or system, and not just specific participants
- is not possible to avoid systematic risk through diversification.

Question 14

Define Diversifiable risk

Answer 14

Diversifiable risk arises from an individual component of a financial market or system.

Question 15

Using an equity investment fund as an example, describe how whether a risk is systematic or diversifiable depends on the context.

Answer 15

Fall in domestic equity market – systemic or diversifiable? It depends on the context

• To an investment fund that is constrained only to invest in the domestic market, this risk cannot be diversified away and is systemic
• To a world-wide investment fund that can invest in many markets, the risk is diversifiable

Question 16

Explain, giving examples, how a company might comprise a number of business units.

Answer 16

All but the simplest businesses comprise a number of business units. These units might:
 carry out the same activity but in different locations
 carry out different activities at the same location
 carry out different activities at different locations
 operate in different countries
 operate in different markets
 be separate companies in a group, which each have their own business units.

The largest multinational companies may comprise business units that carry out completely unrelated activities.

Question 17

Discuss the management of risk at the business unit level

Answer 17

Managing Risk at Business Unit Level

• Parent company would determine its overall risk appetite and then divide it amongst the business units
• Each business unit would then manage its risks within the allocated risk appetite
• The key disadvantages of this approach are that it makes no allowance for the benefits of diversification or pooling of risk

Question 18

Discuss the management of risk at the enterprise level

Answer 18

Enterprise Level Risk Management

• Establishing group risk management as a major activity at the enterprise level.
• Imposing similar risk assessment procedures on various business units.
• Allowing for pooling of risk, diversification achievable, and economies of scale.
• Considering the risks of the enterprise as a whole, rather than individual risks in isolation.
• Giving insight into areas with undiversified risk exposures where risks need to be transferred or capital set against them.
• Enabling the company to take advantage of opportunities to enhance value by understanding their risks better.
• Not just about reducing risk, but also about putting the company in a better position to take advantage of strategic risk-based opportunities.

Question 19

Discuss how the employees of an organisation should be involved in risk governance

Answer 19

Staff Stakeholders in Risk Governance
* All staff members are stakeholders in risk governance.
* Employees should identify and mitigate business-exposure risks.
* Staff reports on risk should be noted and rewarded through appraisal system.

Question 20

Describe the Chief Risk Officer Role in Large Companies

Answer 20

Chief Risk Officer Role in Large Companies
* Allocating risk budget to business units.
* Monitoring group exposure to risks.
* Documenting materialized risks and their impact
* Typically at enterprise level.

Question 21

Describe the role of a risk manager

Answer 21

Business units typically have a risk manager.
- The risk manager role may be combined with another position based on unit size.

Responsibilities include:
- Utilizing the allocated risk budget fully.
- Data collection for risk assessment.
- Monitoring risks actively.
- Reporting on risks

Question 22

Other stakeholders may have a strong interest in risk governance within an organisation.

Answer 22

Stakeholders in Risk Governance
- shareholders, regulators, and credit rating agencies.

Role of Shareholders
- Shareholders can influence risk governance.
- They may drive the development of the risk appetite statement.

Interest of Regulators and Credit Rating Agencies
- Concerned with the quality of risk governance.
- They may impose minimum standards for risk governance.