Chapter 25: Risk Governance Flashcards

1
Q

List the 6 stages in the risk management control cycle.

A
  1. Risk identification
  2. Risk classification
  3. Risk measurement
  4. Risk control
  5. Risk financing
  6. Risk monitoring

This is consistent with the actuarial control cycle:

  1. Specifying the problem – identifying and analysing the risks
  2. Developing the solution – selecting the most appropriate response to each risk and, where relevant, implementing the chosen mitigation action
  3. Monitoring and feeding back into the process
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which stage in the risk management control cycle is considered to be the hardest?

A

Risk identification is seen as the hardest aspect because the risks to which an organisation is exposed are numerous and their identification needs to be comprehensive. The biggest risks are unidentified ones, as they will not have been appropriately managed. This is particularly relevant to events that have not occurred before.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Risk Identification

A

The recognition of the risks that can threaten the income and assets of a organisation

Having identified each risk, the following should be determined/identified:

  1. Whether each risk is systematic or diversifiable
  2. Possible risk control processes that could be put in place for each risk (to reduce the likelihood or the impact should it occur).
  3. Opportunities to exploit risks to gain a competitive advantage (eg by insurance or reinsurance companies)
  4. The organization’s risk appetite or risk tolerance
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Risk Classification

A

Classifying risks into groups aids the calculation of the cost of risk and the value of diversification.

It also enables a risk ‘owner’ to be allocated from the management team, who would normally be responsible for the control processes for the risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Risk Measurement

A

The estimation of the probability of a risk event occurring and its likely severity, should it occur

This would normally be carried out before and after the application of any risk controls, and the cost of the risk controls would be included in the assessment.

Knowing whether a risk is high, medium or low probability and severity helps in the prioritization of risks and deciding whether the risk should be:

  • declined
  • transferred
  • mitigated
  • retained with or without controls
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Risk Control

A

Involves deciding to reject, fully accept or partially accept each risk

This stage also involves identifying different possible mitigation options for each risk that requires mitigation

Risk control measures are systems that aim to mitigate the risks or the consequences of the risk events by:

  • Reducing the probability of the risk occurring (eg control and checking procedures)
  • Limiting the financial consequences of a risk (eg insurance)
  • Limiting the severity of the effects of the risk that does occur (reducing probability of a catastrophic loss – eg insurance or fire extinguishers)
  • Reducing the consequences of a risk that does occur – refers to consequences of a risk event that do not have a direct financial cost, but lead to adverse implications for the company, often operational the loss of trading after a fire. Eg use business continuity plan
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Risk Financing

A
  • Determining the likely cost of each risk (incl. the cost of any mitigations and the expected losses and cost of capital arising from retained risk)
  • Ensuring the organisation has sufficient financial resources to continue its objectives after a loss event occurs
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Risk monitoring

A
  • The regular review and re-assessment of all the risks previously identified, coupled with an overall business review to identify new or previously omitted risks
  • It is the process of ensuring that risks continue to be managed
  • Objectives may be to:> determine is exposure to risks or the risk appetite of the organisation has changes over time
    identify new risks or changes in the nature of existing risks
    report on risks that have actually occurred and how they were managed
    access whether the existing risk management process is effective
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

List 7 perceived benefits of risk management to the provider

A

SAMOSAS

Stability and quality of business improved

Avoid surprises

Management and allocation of capital improved – improves growth and returns

(risk) Opportunities exploited– improves growth and returns
(natural) Synergies identified (and related opportunities arising from this)
(risk) Arbitrage opportunities identified (and related opportunities arising from this)

Stakeholders in the business given confidence that business is well managed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Explain how natural synergies may arise in life insurance

A

A life insurance company may sell some products (eg term insurance) that expose it to mortality risk and other (eg annuities) that expose it to longevity risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Explain how natural synergies may arise in general insurance

A

A general insurer may find that good weather increases claims on its domestic property policies as there are more subsidence (sinking of the ground) claims, but reduces claims on its motor policies as there are fewer accidents

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

List 5 objectives of the risk management process

A
  1. Incorporate all risks, both financial and non-financial
  2. Evaluate all relevant strategies for managing risk, both financial and non-financial
  3. Consider all relevant constraints, including political, social, regulatory and competitive
  4. Exploit the hedges and portfolio effects among the risks
  5. Exploit the financial and operational efficiencies within the strategies
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Explain the difference between “risk” and “uncertainty”

A

“Uncertainty” means that an outcome is unpredictable.

“Risk” is a consequence of an action that is taken which involves some element of uncertainty, but there may be some certainty about some components of the risk.

For example, the provider of a whole life assurance policy is exposed to mortality risk. There is certainty that the policyholder will die - but the timing is uncertain.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Systematic risk

A

Risk the affects an entire financial market or system, and not just specified participants. It is not possible to avoid systematic risk through diversification.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Diversifiable risk

A

Risk that arises from an individual component of a financial market or system. An investor is unlikely to be rewarded for taking on diversifiable risk since, by definition, it can be eliminated by diversification. In theory, all rational investors would hold a portfolio of assets that was all well diversifies as possible

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Does a fall in the domestic equity market represent systematic risk or diversifiable risk?

A

It depends on the context.

To an investor that is constrained only to invest in the domestic equity market, this risk cannot be diversified away and is systematic.

To a world-wide investment fund that can invest in many markets, the risk is diversifiable.

17
Q

Business Units

A

All but the simplest businesses comprise a number of business units which might:

  • carry out the same activity but in different locations
  • carry out different activities at the same location
  • carry out different activities at different locations
  • operate in different countries
  • operate in different markets
  • be separate companies in a group, which each have their own business units
18
Q

What does it mean to manage risk at the business unit level and what are the key disadvantages to this approach?

A

The parent company would determine its overall risk appetite and then divide it among the business units.

Each business unit would then manage its risk within the allocated risk appetite.

The key disadvantages of the approach are that it makes no allowance for the benefits of diversification or pooling of risk, and the group is unlikely to be making best use of its available capital.

19
Q

What does it mean to manage risk at the enterprise level?

A

Enterprise risk management means that risks are managed at the enterprise or group level rather than by each business unit separately, with all risks being considers as a whole.

20
Q

List six benefits of risk management at the enterprise level.

A
  1. Diversification, including being able to identify undiversified areas of risk
  2. Pooling of risks
  3. Economies of scale in terms of the risk management process
  4. Capital efficiency as capital can be targeted
  5. Providing insight into risk in different parts of business, including identification of unacceptable concentrations.
  6. Understanding the risks better and so adding value by exploiting risk as an opportunity
21
Q

Outline the roles of various stakeholders in risk governance

A
  1. Employees - all members of staff are stakeholders in risk governance. Responsible for looking out for risks and suggesting controls.
  2. Chief Risk Officer - Enterprise level role. Responsible for allocating the risk budget to business units, monitoring group risk exposure and documenting risk events.
  3. Risk managers - Often within each business unit. Responsible for making full use of the allocated risk budget, risk data collection, monitoring and reporting.
  4. Customers - Could be encouraged to note and report risks they find when using the company’s products or premises.
  5. Shareholders - Can drive risk governance, e.g. through development of the risk appetitie
  6. Regulators and credit rating agencies - interested in the quality of risk governance; may impose minimum standards
22
Q

Do page 16 and on

A

Do page 16 and on