Chapter 25: Risk Governance

Question 1

List the 6 stages in the risk management control cycle.

Answer 1

1. Risk identification
2. Risk classification
3. Risk measurement
4. Risk control
5. Risk financing
6. Risk monitoring

This is consistent with the actuarial control cycle:

1. Specifying the problem – identifying and analysing the risks
2. Developing the solution – selecting the most appropriate response to each risk and, where relevant, implementing the chosen mitigation action
3. Monitoring and feeding back into the process

Question 2

Which stage in the risk management control cycle is considered to be the hardest?

Answer 2

Risk identification is seen as the hardest aspect because the risks to which an organisation is exposed are numerous and their identification needs to be comprehensive. The biggest risks are unidentified ones, as they will not have been appropriately managed. This is particularly relevant to events that have not occurred before.

Question 3

Risk Identification

Answer 3

The recognition of the risks that can threaten the income and assets of a organisation

Having identified each risk, the following should be determined/identified:

1. Whether each risk is systematic or diversifiable
2. Possible risk control processes that could be put in place for each risk (to reduce the likelihood or the impact should it occur).
3. Opportunities to exploit risks to gain a competitive advantage (eg by insurance or reinsurance companies)
4. The organization’s risk appetite or risk tolerance

Question 4

Risk Classification

Answer 4

Classifying risks into groups aids the calculation of the cost of risk and the value of diversification.

It also enables a risk ‘owner’ to be allocated from the management team, who would normally be responsible for the control processes for the risk

Question 5

Risk Measurement

Answer 5

The estimation of the probability of a risk event occurring and its likely severity, should it occur

This would normally be carried out before and after the application of any risk controls, and the cost of the risk controls would be included in the assessment.

Knowing whether a risk is high, medium or low probability and severity helps in the prioritization of risks and deciding whether the risk should be:

• declined
• transferred
• mitigated
• retained with or without controls

Question 6

Risk Control

Answer 6

Involves deciding to reject, fully accept or partially accept each risk

This stage also involves identifying different possible mitigation options for each risk that requires mitigation

Risk control measures are systems that aim to mitigate the risks or the consequences of the risk events by:

• Reducing the probability of the risk occurring (eg control and checking procedures)
• Limiting the financial consequences of a risk (eg insurance)
• Limiting the severity of the effects of the risk that does occur (reducing probability of a catastrophic loss – eg insurance or fire extinguishers)
• Reducing the consequences of a risk that does occur – refers to consequences of a risk event that do not have a direct financial cost, but lead to adverse implications for the company, often operational the loss of trading after a fire. Eg use business continuity plan

Question 7

Risk Financing

Answer 7

• Determining the likely cost of each risk (incl. the cost of any mitigations and the expected losses and cost of capital arising from retained risk)
• Ensuring the organisation has sufficient financial resources to continue its objectives after a loss event occurs

Question 8

Risk monitoring

Answer 8

• The regular review and re-assessment of all the risks previously identified, coupled with an overall business review to identify new or previously omitted risks
• It is the process of ensuring that risks continue to be managed
• Objectives may be to:> determine is exposure to risks or the risk appetite of the organisation has changes over time
  identify new risks or changes in the nature if existing risks
  report on risks that have actually occurred and how they were managed
  access whether the existing risk management process is effective

Question 9

List 7 perceived benefits of risk management to the provider

Answer 9

SAMOSAS

Stability and quality of business improved

Avoid surprises

Management and allocation of capital improved – improves growth and returns

(risk) Opportunities exploited– improves growth and returns
(natural) Synergies identified (and related opportunities arising from this)
(risk) Arbitrage opportunities identified (and related opportunities arising from this)

Stakeholders in the business given confidence that business is well managed

Question 10

Explain how natural synergies may arise in life insurance

Answer 10

A life insurance company may sell some products (eg term insurance) that expose it to mortality risk and other (eg annuities) that expose it to longevity risk

Question 11

Explain how natural synergies may arise in general insurance

Answer 11

A general insurer may find that good weather increases claims on its domestic property policies as there are more subsidence (sinking of the ground) claims, but reduces claims on its motor policies as there are fewer accidents

Question 12

List 5 objectives of the risk management process

Answer 12

1. Incorporate all risks, both financial and non-financial
2. Evaluate all relevant strategies for managing risk, both financial and non-financial
3. Consider all relevant constraints, including political, social, regulatory and competitive
4. Exploit the hedges and portfolio effects among the risks
5. Exploit the financial and operational efficiencies within the strategies

Question 13

Explain the difference between “risk” and “uncertainty”

Answer 13

“Uncertainty” means that an outcome is unpredictable.

“Risk” is a consequence of an action that is taken which involves some element of uncertainty, but there may be some certainty about some components of the risk.

For example, the provider of a whole life assurance policy is exposed to mortality risk. There is certainty that the policyholder will die - but the timing is uncertain.

Question 14

Systematic risk

Answer 14

Risk the affects an entire financial market or system, and not just specified participants. It is not possible to avoid systematic risk through diversification.

Question 15

Diversifiable risk

Answer 15

Risk that arises from an individual component of a financial market or system. An investor is unlikely to be rewarded for taking on diversifiable risk since, by definition, it can be eliminated by diversification. In theory, all rational investors would hold a portfolio of assets that was all well diversifies as possible

Question 16

Does a fall in the domestic equity market represent systematic risk or diversifiable risk?

Answer 16

It depends on the context.

To an investor that is constrained only to invest in the domestic equity market, this risk cannot be diversified away and is systematic.

To a world-wide investment fund that can invest in many markets, the risk is diversifiable.

Question 17

Business Units

Answer 17

All but the simplest businesses comprise a number of business units which might:

• carry out the same activity but in different locations
• carry out different activities at the same location
• carry out different activities at different locations
• operate in different countries
• operate in different markets
• be separate companies in a group, which each have their own business units

Question 18

What does it mean to manage risk at the business unit level and what are the key disadvantages to this approach?

Answer 18

The parent company would determine its overall risk appetite and then divide it among the business units.

Each business unit would then manage its risk within the allocated risk appetite.

The key disadvantages of the approach are that it makes no allowance for the benefits of diversification or pooling of risk, and the group is unlikely to be making best use of its available capital.

Question 19

What does it mean to manage risk at the enterprise level?

Answer 19

Enterprise risk management means that risks are managed at the enterprise or group level rather than by each business unit separately, with all risks being considers as a whole.

Question 20

List six benefits of risk management at the enterprise level.

Answer 20

1. Diversification, including being able to identify undiversified areas of risk
2. Pooling of risks
3. Economies of scale in terms of the risk management process
4. Capital efficiency as capital can be targeted
5. Providing insight into risk in different parts of business, including identification of unacceptable concentrations.
6. Understanding the risks better and so adding value by exploiting risk as an opportunity

Question 21

Outline the roles of various stakeholders in risk governance

Answer 21

1. Employees - all members of staff are stakeholders in risk governance. Responsible for looking out for risks and suggesting controls.
2. Chief Risk Officer - Enterprise level role. Responsible for allocating the risk budget to business units, monitoring group risk exposure and documenting risk events.
3. Risk managers - Often within each business unit. Responsible for making full use of the allocated risk budget, risk data collection, monitoring and reporting.
4. Customers - Could be encouraged to note and report risks they find when using the company’s products or premises.
5. Shareholders - Can drive risk governance, e.g. through development of the risk appetitie
6. Regulators and credit rating agencies - interested in the quality of risk governance; may impose minimum standards

Question 22

Do page 16 and on

Answer 22

DO IT!