Ch25: Risk governance Flashcards
Risk management definition
The process of ensuring that the risks to which an organization is exposed are the risks to which it thinks it is exposed and to which it is prepared to be exposed.
Key aim: Protect organization against adverse experience that could result in it being unable to meet its liabilities.
Risk management process steps (6)
- Risk identification (Recognition of risks that threaten organization)
- Risk classification (Group risks into categories; aids calculation of cost of risk)
- Risk measurement (Estimation of probability and severity of risk event)
- Risk control (Determining and implementing methods of risk mitigation)
- Risk financing (Determining cost of each risk (mitigations, expected losses, cost of capital to
hold against risk; and ensuring adequate financial resources to continue business after loss
event occurs) - Risk monitoring (Regular review and re-assessment of all risks previously identified, plus overall
business review to identify new or previously omitted risks)
Four ways risk control measures aim to mitigate risks.
- Reducing the probability of the risk event occurring
- Limiting the financial consequences of a risk (losses if risk event occurs as well as cost of
mitigation technique’; e.g. reinsurance) - Limiting the severity of the effects of a risk that does occur (Reduce the probability of a
catastrophic loss e.g. sprinkler systems) - Reducing the consequences after the risk occurs (Ensure the survival of organization;
business continuity plan)
Four risk monitoring objectives
- Determine if the exposure to risk or risk appetite of the organization has changed over time
- Identify new risks or changes in the nature of existing risks
- Report on risks that have actually occurred and how they were managed
- Assess whether the existing risk management process is effective
Benefits of a risk management process (8)
- Avoid surprises
- Improve stability and quality of business
- Improve growth and returns through better management and allocation of capital
- Improve growth and returns by exploiting risk opportunities
- Identify opportunities arising from natural synergies
- Identify opportunities arising from risk arbitrage
- Give stakeholders confidence business is well managed
- Competitive advantages
Risk vs uncertainty
- Risk refers to the situation where all possible outcomes and their probabilities are known or at least can be estimated. Risk can usually be managed and there is a choice whether to take it or not.
- Uncertainty refers to the situation where all possible outcomes and/or their probabilities are unknown. Can not be measured or controlled and typically there is no choice whether it is faced.
Systematic vs diversifiable risk
Systematic risk: Risk that affects an entire financial market or system, impossible to avoid systematic risk through diversification.
Diversifiable risk: Arises from an individual component of a financial market or system. A rational investor should not take on any diversifiable risks as these are not rewarded within the scope of most financial markets. In practice investors have different estimates of risks and returns, as a result they will hold a less-well diversified portfolio if they believe it offers a higher expected return than the market to compensate them for the diversifiable risk they take on.
Key features of enterprise risk management (4)
- Consistency across business units
- Holistic (considers risks of enterprise as a whole, rather than in isolation, thus allowing for
diversification, hedging risks across business) - Seeking opportunities to enhance value
- Accountability at a single point
Outline how different employees are involved in risk governance
- All employees are stakeholders in risk governance
- Board of directors responsible for setting overall risk appetite for company
- All providers of financial products should have a designated Chief Risk Officer (CRO) at
enterprise level. - CRO is responsible for allocating the risk budget to business units after allowing for
diversification and for monitoring the group exposure to risks and documenting the risks that
have materialized and affected the group. - Business units will often have a risk manager
- At business unit level, the responsibility is to make full use of the allocated risk budget, as well
as data collection, monitoring and reporting. - All employees should be looking out for risks to which the business is exposed
- They should suggest ways in which these risks can be mitigated or controlled
- Reports on risk from staff should be noted and rewarded through the normal appraisal system.
Role of CRO
- Give advice to board on risk
- Assessing the overall risks being run by the business (taking into account hidden risks and
correlations) - Making comparisons of the overall risks being run by the business and its risk appetite.
- Acting as a central focus point for staff to report new and enhanced risks.
- Giving guidance to line managers about the identification and management of risks, making
suggestions for risk responses. - Monitoring progress on risk management
- Pulling the whole picture together.
Providers need to look to find optimal set of strategies that balance needs for return, growth and consistency. Risk management process should: (5)
- Incorporate all risks, financial and non-financial
- Evaluate all relevant strategies for managing risks
- Consider al relevant restraints (political, social, regulatory and competitive)
- Exploit hedges and portfolio effects among the risks
- Exploit financial and operational efficiencies within the strategies