Chapter 25 - Risk governance Flashcards
Define Enterprise Risk Management (ERM).
Identify potential risk events and opportunities
Involves managing risk to be within company’s risk appetite
It is applied in strategy setting across the enterprise.
Try provide reasonable assurance regarding the achievement of entity objectives..
A process effected by an entity’s board of directors, management and other personnel.
List the main aims of ERM?
(See also list on first page of section 2)
Align risk appetite and strategy
Enhance risk response decisions
Reduce adverse operational surprises and losses
Identify and manage multiple cross-enterprise risks
Seize risk opportunities
Improve deployment of capital
Discuss the key steps involved in the risk management process/cycle (notes)?
Risk identification
- Recognise risks that can threaten assets of an organisation, or possibly increase liabilities
- Needs to be comprehensive
- Also identify as systematic or diversifiable
- Identify possible control processes
- Identify opportunities to exploit risks and gain a competitive advantage over other providers
- Risk appetite is set by board and management
Risk classification
- Group identified risks into categories
- Aids diversification and calculation of cost of risk
- Allows allocation of different risks to areas or management teams in the business
Risk measurement
- Estimation of the probability of the risk event occurring multiplied by its estimated severity
- Also include cost of possible risk controls
Risk control
- Determining and implementing methods of risk mitigation
- Risk controls can be selected based on possible size of risk, such as rejecting, transferring, mitigating (reducing), or retaining risk
- Mitigate risk by reducing probability of event or limiting financial or other consequences of risk
- Can involve taking action when certain trigger points are reached which indicate risk has occurred
- Numerous control options should be compared with the aim of identifying the optimal solution
Risk financing
- Determine likely cost of each risk, including the cost of any mitigation systems
- Ensure solvency after risk event occurs with high probability
Risk monitoring
- Regular review and re-assessment of risks and risk mitigation systems
- Identify and mitigate previously unidentified or new risks
- Establish clear management responsibilities
- Identify why experience is different to what was expected (if this is the case)
List the benefits of the risk management process (notes).
Avoid unwanted surprises
Improve the stability and quality of business
Improve returns and company growth by
- exploiting risk opportunities
- better management and allocation of capital
Identify opportunities arising from natural synergies
- This is when risks offset or compliment each other and reduce the overall risk
Identify opportunities from risk arbitrage
- This is when a company’s “view” on the cost of a risk or risk management system is lower than another’s and leading to possible mispricings
Give stakeholders confidence that the business is well managed and can handle adverse consequences efficiently.
Avoid interference from regulator/state
What considerations should be made when utilising the risk management process/cycle?
All risks should be incorporated
- Both financial and non-financial
All relevant strategies should be evaluated
- For both financial and non-financial risks
All relevant constraints should be considered
- Political constraints
- Social constraints
- Regulatory constraints
- Competitive constraints
When setting strategies
- Hedges and risk synergies should be exploited where possible
- Financial and operational efficiencies should be exploited where possible
Compare managing risk at the business and enterprise level.
Business unit level
- Managing risk at the business unit level of the company requires that the company divides its overall risk appetite up among the business units.
- Just as each business unit then has its own management team to run the business, the team also manages the risk within the appetite they have been allocated.
Business unit level - Positives
- Relatively easy and cheap to implement
- Should be easy to understand
Business unit level - Negatives
- Makes no allowance for diversification of risks across units
- Unlikely to lead to most efficient use of capital
Enterprise level
- The group risk management function is established as a major activity at the enterprise level.
- Models/analysis/results from the risk exposures at the business unit level are then combined into an assessment model at the enterprise level.
Enterprise level - Positives
- Explicit allowance for diversification across business units
- Better overall understanding of enterprise’s risk position
Enterprise level - Negatives
- Expensive / complex to establish
- Sometimes difficult to communicate
Read through pp. 15-21
Topics are:
Internal stakeholders
- Should be all members of staff
- 3 lines of defence
1) Line management staff in business units
2) CRO, risk management team and compliance team
3) Board and audit function
ERM and the board
Line management
CRO and central risk function
Relationship between first two lines of defence
Incorporating risk management into business management processes
External stakeholders
Define risk management
Identifying/understanding risks an organisation is exposed to and ensuring it is prepared to deal with them.