Ch25: Risk Governance

Question 1

Define risk management and its aim

Answer 1

Risk management can be described as the process of ensuring that the risks to which an organisation is exposed are the risks:
* to which it thinks it is exposed
* to which it is prepared to be exposed.

Key aim of risk management:
To protect an organisation against adverse experience that could result in it being unable to meet its liabilities

Question 2

Key steps of risk governance

Answer 2

• risk identification
• risk classification
• risk measurement
• risk control
• risk financing
• risk monitoring

Question 3

Risk identification:
Define
Give two reasons for it
why is the hardest part

Answer 3

• Recognise the risk that can threaten the income and assets of organisation (if this is jeopardised than can’t meet liabilities). The business compiles a risk register that is regularly updated.

Reasons for risk ID:
* to ID threats to business objecties and reduce them
* to ID opportunities to exploit risk to gain competitive advantage and make profit

why it is the hardest part:
* It need to be comprehensive: because the biggest risk to a company is one not identified
* There are many risks

Question 4

Risk Classification:
why is is done

Answer 4

Helps with :
* calculation of cost of risk
* calculate the value of diversification
* allocating a risk owner from management team - responsible for the control process of risk and helps in monitoring

Question 5

Risk Measurement:
Define
when is it done
what is included
why is it done

Answer 5

• Define : an estimation of the severity and probalilty of risk
• Why it’s done: it is a basis for evaluating and a selecting a risk control method .
  i.e : Decline, transfere, mitigate, retain with/without controls\
• When : before and after implementing controls
• what is included: cost of risk + cost of controls

e.g high severity, low probability would be transfere
high probability, low severity would retained with controls

Question 6

Risk Control:
Define
Aim
What is considered

Answer 6

• Define:
• Determing and implimenting methods of risk mitigation. If multiple options exist, need to be compared and choose one
• Involves rejecting , accepting or partially accepting risks involved.
• Involves having trigger point where management action will be taken.
• Aim: to reduce probability / severity/financial consequence of loss/risk event
• what is considered: risk appetite. setting risk appetite is important part of the risk governance

Question 7

How does risk control reduce the consequnces of risk event

Answer 7

• Reduce probability
• Limit financial consequence: making use of reinsurance
• Limiting severity of risk: e.g sprinklers for a fir
• Reducing consequences of risk : e.g not being able to operate because building burnt down

Question 8

Risk financing

Answer 8

• Determing:
• cost of mitigation : control, reinsurnace
• expected losses
• cost of capital to back/ cover losses from retained risk

Question 9

Risk Monitoring:
Define
Objectives/Why

Answer 9

Define: Regular review and re-assessment of risks
together with an overall business review to
identify new / previously omitted risks

Why:
* Determine if exposure or risk appetite has changed
* ID new risk or changes in nature of risk
* Report on risks that have occured and how they were managed
* Assess effectiveness of risk management process
* Assess the accuracy of underlying assumptions

Question 10

Benefits of a risk management process

Answer 10

Helps to :
* Avoid suprises
* Improve stability and quality of business
* Improve growth and returns:
- by exploiting risk opportunities
- through better management and alloaction of capital
* ID opportunities arising:
- natural synergies
- risk abitrage
* stakeholder confidence: that the business is well managed

Question 11

Risk management process should:

Answer 11

* Incorporate all risks, both
financial and non-financial
* Evaluate all relevant strategies
for managing risk
* Consider all relevant constraints - political, social, regulatory,
competitive
* Exploit hedges and portfolio effects among the risks
* Exploit financial and operational efficiencies within the strategies

Question 12

Risk arbitrage

Answer 12

Risk arbitrage - situations where provider may have different view on price of risk relative to another party

action/example:
Accept risk for higher premium than what you perceive the cost to be
Transfer risk for lower premium than what you perceive the cost to be

Question 13

Upside risk

Answer 13

Risk should not be considered as only relating to adverse outcomes. Risk can be positive if the
outcome is better than expected.

Question 14

SYSTEMATIC RISK vs DIVERSIFIABLE RISK

Answer 14

Systematic risk - affects entire market/ system. Can’t be diversified away
Diversifiable risk - affects a component of the marke/system. Can be eliminated by diversification

Whether diversifiable or systematic risk depends on context :
if restricted to local market then system if not then diversifiable.

Question 15

Business Units

Answer 15

Divisions of a business as a result of different:
* Function/ activities
* Locations
* Markets they operate in
* Separate companies under one group.

Question 16

Risk management at business unit level:
What is looks like
Disadvantages
How they make “allowance for diversification”

Answer 16

What it looks like:
* Parent company determines overall risk
appetite and allocates to business units
* Risk capital allocated to business unit according to risk retained
* Business units managed individually based on allocated risk appetit.

Disadvantages:
* Inefficient use of capital: more risk capital needed
* Diversification and pooling of risks not allowed for

Crude way to allow for diversification:
* allocating risk appetite so that sum is > 100%
* it works because risks are unlikely to be perfectly correlated. i.e happen at the same time.

Question 17

Risk management at enterprise level:
What is looks like
Advantages

Answer 17

• Done at entity/entprise level
• Consistent risk assessment across business units.

Advantages :
* Allowances for pooling of risk and diversification
* Required risk capital is minimised
* Better budgeting for risk
* Better understanding of risks and can put itself in a position to take advantage of risk-based opportunities
* Give insight on :
- Undiversified risk exposure
- Risk transfer needs (from undiversified)
- Risk capital requirements

Question 18

Stakeholders in Risk Governance

Answer 18

Internal:
1. Senior management / board directors : they set the risk appetite
2. Chief Risk officer : At enterpise level. Responsible for:
-allocating risk budget to business units after allowing for diversification.
-monitoring groups exposure to risk
-documenting risks that have happened
3. Risk manager : Business unit level. Responsible for making full use of risk budget, monitoring and reporting
4. Employees: Help with risk ID . Suggest controls. Rewarded through appraisal system.

External :

1. Customers: can be encourage to report risk they Id when visiting premises or using product.
2. Shareholders: Influence risk governance in risk appetite setting
3. Credit rating Agencies: (same a regulator)
4. Regulators: nterested in quality of risk governance and impose minimum standards

Risk manager: if they dont make full use of risk bufget it may nullify some of th ediversification effects at enterprise level