CH25 - Risk identification & classification Flashcards
Identifying all the risks in an organisation is a difficult task and requires good knowledge of (3)
- The circumstances of the organisation concerned
- The features of the business environment in which it operates
- The general business and regulatory environment
This is equivalent to needing to consider the external environment when following the actuarial control cycle.
Who should be involved in identifying the risks that could arise within an organisation
It is important that everyone involved in an organisation is involved in risk identification, not just management and not just those employees who work in a dedicated risk management team.
This is because those who work directly within the business and who use the processes on a regular basis are often most likely to be able to spot potential risk areas.
It is also useful to involve individuals who are external to the organisation. In particular, experts may be used to assist with those risks that are more difficult to identify.
Techniques available to ensure that all relevant risks have been identified (4)
- Use risk classification to ensure that all types of risk have been considered
- Use techniques from project management
- Use risk checklists, for example as used for regulatory purposes
- Use the experience of staff who have joined from similar organisation, and of consultants with broad experience of the industry concerned.
Risk checklists
Where there is a risk-based capital requirement regime, such as Solvency II in Europe, there may be lists of risks that regulators believe are relevant to the business.
For example, the standard formula for calculating capital requirements covers many risks relevant to financial product providers.
Identification and analysis of risks in project management
The steps necessary to achieve an effective identification and analysis of the risks facing a project can be summarised as follows:
- Make a high-level preliminary risk analysis to confirm that the project does not have such a high-risk profile that it is not worth analysing further - in which case, the project should not proceed.
- Hold a brainstorming session of project experts and senior internal and external people who are used to thinking strategically about the long term.
- Carry out a desktop analysis to supplement the results from the brainstorming session, by identifying further risks and mitigation options, e.g. by researching similar projects undertaken by the sponsor or others in the past.
- Obtain the considered options of experts who are familiar with the details of the project and the outline plans for financing it.
- Carefully set out all the identified risks in a risk register or a risk matrix, with cross-references to other risks where there is inter dependency.
The aim of brainstorming sessions (5)
- Identify project risks, both likely and unlikely, and their upsides and downsides
- Discuss these risks and their inter dependency
- Attempt to place a broad initial evaluation on each risk, considering both frequency of occurrence and probable consequences if it does occur
- Generate initial mitigation options
- Discuss these options briefly
Risk matrix
A risk matrix is very useful tool for the risk analyst because it is a reminder to consider particular types or risk, which may not have been sufficiently considered.
It may be linked to the use of risk checklists, and also provides a convenient categorisation for risks.
The rows in a risk matrix represent the stage of the project at which the risk arises. The columns represent the causes (or types) of risk.
Both the columns and the rows would be further subdivided.
Risk mitigation in project management
For each major risk, consideration would be given to identifying the main options for mitigating the risk. There options are the same as those that apply to businesses in general.
Risk classification
The phrase ‘risk classification’ can mean different things in different contexts.
In the wider risk management context, risk classification refers to allocating identified risks into higher level categories, in order to aid the other stages of the risk management control cycle.
Risk categories (6)
Broad classification of the risks that impact the providers of products and schemes that provide benefits on future contingent events.
It can be used as a structure when considering any other type of organisation. The risk categories are: 1. market risk 2. credit risk 3. liquidity risk 4. business risk 5. operational risk 6. external risk
This is a useful starting point for identifying risks for any organisation, not just for financial product providers.
A clear understanding of the business undertaken by a provider and the organisational structure is a prerequisite to assessing the significance of each risk and how the outcome of the risk translates into a financial impact on the balance sheet and cashflow requirements.
Market risk
Essentially market risks are the risks related to changes in investment market values of other features correlated with investment markets, such as interest and inflation rates.
Market risk can be divided into (3)
- The consequences of changes on asset values (this is the most obvious implication)
- The consequence of investment market value changes on liabilities
- The consequences of a provider not matching asset and liability cashflows
Asset value changes can result from (2)
- Changes in the market values of equities and property. These risks can be systematic if they occur across the whole market under consideration, or may be specific to particular markets and can therefore be diversified by holding a range of assets and asset classes.
- Changes in interest and inflation rates. These primarily affect the value of fixed-interest and index-linked securities, although there is usually some effect on equities and property too,
Liability value changes
Liability value changes might arise because promises to stakeholders, policyholders or benefit scheme members are directly related to investment market values or interest rates.
Alternatively, a change in interest or inflation rates might affect the level of provisions a provider needs to establish for future liabilities. For example, a reduction in interest rates may reduce the discount rate used to assess the liabilities and therefore increase the provisions that a benefit scheme is required to hold to meet its liabilities.
Two causes of liability value changes are changes to (2)
- The liability amount, e.g. inflation-linked annuities or unit-linked benefits.
- The liability value as the interest rate used in the valuation changes.