Ch 25: Risk governance Flashcards
List the 6 stages in the risk management control cycle.
Which is considered to be the hardest?
1) Risk identification
2) Risk classification
3) Risk measurement
4) Risk control
5) Risk financing
5) Risk monitoring
Risk identification is seen as the hardest aspect because the risks to which an organisation is exposed are numerous and their identification needs to be comprehensive. The biggest risks are unidentified ones, as they will not have been appropriately managed.
The risk identification stage of the process is more than just recognizing the risks to which an organisation is exposed.
Outline the other aspects that should be identified or determined at this stage.
The following should be determined/identified:
1) Whether each risk is systematic or diversifiable.
2) Possible risk control processes that could be put in place for each risk.
3) Opportunities to exploit risks to gain competitive advantage.
4) The organization’s risk appetite or risk tolerance.
Explain the purpose of the risk classification part of the process, i.e. grouping the identified risks into categories.
Classifying risks into groups aids the calculation of the cost of the risk and the value of diversification.
It also enables a risk ‘owner’ to be allocated from the management team.
What two quantities will be estimated under the risk measurement stage of the cycle?
How does this help with risk management?
The two quantities estimated are:
1) The probability of the risk event occurring
2) The likely severity
Knowing whether a risk is high, medium or low probability and severity helps in the prioritization of risks and what control measures (and to what extent) should be adopted.
What is risk control?
Risk control involves deciding whether to:
- reject
- fully accept
- partially accept
each identified risk
Risk control measures are identified to mitigate the risks or consequences of risk events by:
1) Reducing the probability of a risk occurring
2) Limiting the severity (financial or otherwise) of the effects of a risk that does occur.
3) Reducing the consequences of a risk that does occur.
What is risk financing?
Risk financing is the determination of the likely cost of a risk and making sure that the organization has sufficient financial resources available to withstand the risk event occurring and continue to meet business objectives.
The likely cost of a risk includes:
- expected losses
- cost of risk mitigation measures such as insurance premiums
- cost of capital that has to be held against retained risk
List 7 perceived benefits of risk management to the provider
SAMOSAS
- Stability and quality of business improved
- Avoid surprises
- Management and allocation of capital improved
- Opportunities exploited for profit
- Synergies identified (and related opportunities taken)
- Arbitrage opportunities identified
- Stakeholders in the business given confidence
List 5 objectives of the risk management process
1) Incorporate all risks, both financial and non-financial
2) Evaluate all relevant strategies for managing risk, both financial and non-financial
3) Consider all relevant constraints, including political, social, regulatory and competitive
4) Exploit the hedges and portfolio effects among the risks
5) Exploit the financial and operational efficiencies within the strategies
Give an example of a portfolio effect (or portfolio hedge) in a life insurance context
A life insurer may sell both life assurance contracts and immediate annuity contracts. The two risks have an offsetting effect. The life assurance is subject to mortality risk (mortality higher than expected), whilst the annuity is subject to longevity risk (mortality lower than expected).
Explain the difference between risk and uncertainty
“Uncertainty” means that an outcome is unpredictable.
” Risk” is a consequence of an action that is taken which involves some element of uncertainty, but there may be some certainty about some components of risk.
For example, the provider of a whole life assurance is exposed to mortality risk. There is certainty that the policyholder will die, but the timing is uncertain.
Systematic risk
Risk that effects an entire financial market or system, and not just specified participants. It is not possible to avoid systematic risk through diversification.
Diversifiable risk
Risk that arises from an individual component of a financial market or system. An investor is unlikely to be rewarded for taking on diversifiable risk since it can be eliminated by diversification.
Does a fall in the domestic equity market represent systematic risk or diversifiable risk?
It depends on the context.
To an investor that is constrained only to invest in the domestic equity market, this risk cannot be diversified away and is systematic.
To a worldwide investment fund that can invest in many markets (and many different countries with different economies), the risk is diversifiable.
What does it mean to manage risk at the business unit level and what are the key disadvantages of this approach?
The parent company would determine its overall risk appetite and then divide it among the business units.
Each business unit would then manage its risk within the allocated risk appetite.
The key disadvantages of this approach are that it makes no allowance for the benefits of diversification, pooling of risks, and the law of large numbers. The group is unlikely to be making best use of its available capital.
What does it mean to manage risk at the enterprise level?
List 6 benefits of risk management at the enterprise level.
Enterprise risk management means that risks are managed at the enterprise or group level rather than by each business unit separately, with all risks being considered as a whole.
Benefits include:
1) Diversification, including being able to identify undiversified areas of risk.
2) Pooling of risks.
3) Economies of scale in terms of the risk management process.
4) Capital efficiency as capital can be targeted.
5) Providing insight into risk in different parts of business, including identification of unacceptable concentrations.
6) Understanding the risks better and so adding value by exploiting risk as an opportunity.
