CH24 - Risk governance Flashcards
Risk management
Risk management can be described as the process of ensuring that the risks to which an organisation is exposed are the risks to which it thinks it is exposed and to which it is prepared to be exposed. The key aim of risk management is to protect an organisation against adverse experience that could result in it being unable to meet its liabilities.
Key steps for the management of risks (6)
- Risk identification
- Risk classification
- Risk measurement
- Risk control
- Risk financing
- Risk monitoring
Risk identification
Risk identification is the recognition of the risks that can threaten the income and assets of an organisation. This is the hardest aspect of risk management.
Another part of the risk identification process is to determine to what extent the organisation is prepared to be exposed to each risk. This is called risk appetite or risk tolerance level.
Why risk identification is the hardest aspect of risk management
- The risks to which an organisation is exposed are numerous
- Risk identification needs to be comprehensive
It is not surprising that the biggest risks to an organisation are those that are not identified, particularly when they relate to events that have not occurred before.
Risk classification
Classifying risks into groups aids the calculation of the cost of risk and the value of diversification.
It also enables the risk ‘owner’ to be allocated from the management team. The risk owner would normally be responsible for the control processes for the risk.
Risk measurement
Risk measurement is the estimation of the probability of a risk event occuring and its likely severity.
This would normally be carried out before and after application of any risk controls, and the cost of the risk controls would be included in the assessment.
Treatments of risk under risk measurement (4)
Risk measurement gives the basis for evaluating and selecting methods of risk control and whether the risk should be:
- declined
- transferred
- mitigated
- retained with or without controls
Risk control
Risk control is about determining and implementing methods of risk mitigation.
Risk control involves deciding whether to reject, fully accept or partially accept each identified risk. This stage also involves identifying diffenent possible mitigation options for each risk that requires mitigation.
Risk control measures (4)
Risk control measures are systems that aim to mitigate tne risks or the consequences of risk events by:
1. Reducing the probability of a risk occuring
An example would be control and checking procedures to prevent payments being made by a company n fraudulent claims.
Another example would be introducing good safety procedures within a company to reduce the risk of fire starting.
2. Limiting the financial consequences of a risk
The financial consequences comprise the losses if the risk event occurs, together with the costs of mitigation techniques used, such as insurance premiums.
For example, a company could ensure that it has adequate insurance in place to meet the costs of a fire that does occur.
3. Limiting the severity of the effects of a risk that does occur
In particular, reducing significantly the probability of catastrophic loss. Insurance would be a common way of achieving this.
Another example would be having sprinkler systems and adequate fire extinguishers, so that a fire that does occur can quickly be put out, thus avoiding full loss.
4. Reducing the consequences of a risk that does occur.
For example by insuring the survival of the organisation and its continued ability to trade. This might be by having a business continuity plan that can speedily be put into place.
Determination of risk appetite
The organisation’s risk appetite is another key feature in the decision on the approach to take control individual risks. Risk appetite is likely to have both quantitative and qualitative components.
The qualitative aspect of risk appetite includes risk preferences of the organisation.
Risk financing
Risk financing involves:
- Determining the likely cost of each risk (including the cost of any mitigations and the expected losses and cost of capital arising from retained risk)
- Ensuring the organisation has sufficient financial resources available to continue its objectives after a loss event occurs.
Risk monitoring
Having decided that all or part of a risk should be retained, with or without controls, the risks should be monitored.
Risk monitoring is the regular review and re-assessment of all risks previously identified, coupled with an overall business overview to identify new or previously omitted risks. It is important to establish a clear management responsibility for each risk in order that monitoring and control procedures can be effective.
Objectives of risk monitoring (4)
Risk monitoring is the process of ensuring that risks continue to be managed. The objectives of risk monitoring might be to:
- Determine if the exposure to risk and/or the risk appetite of the organisation has changed over time.
- Identify new risks or changes in the nature of existing risks
- Report on risks that have actually occurred and how they were managed
- Assess whether the existing risk management process is effective
Benefits of risk management process (7)
Through the effective risk management process a provider of financial benefits will be able to:
- avoid surprises
- improve the stability and quality of their business
- improve their growth and returns by exploiting risk opportunities
- improve their growth amd returns through better management and allocation of capital
- identify opportunities arising from natural synergies
- identify opportunities arising from risk arbitrage
- give stakeholders in their business confidence that the business is well managed.
Examples of natural synergies in life insurance and general insurance
An insurer’s portfolio may contain various risks that naturally offset (or hedge) each other, at least to some extent.
For example:
- A life insurance company may sell some products (eg term assurance) that expose it to mortality risk and others (eg annuities) that expose it to longevity risk
- A general insurer may find that good weather increases claims on its domestic property policies as there are more subsiquent claims, but reduces claims on its motor policies as there are fewer accidents.