Chapter 25: Risk governance Flashcards
What is an important input in the risk management process ?
Risk appetite/ risk tolerance level
What is risk management
The process of ensuring that the risks that a entitiy is exposed to are the risks that it thinks it is exposed to and are the risks that it id prepared to be exposed to.
3
The risk management process
C lassification into groups including allocation of ownership
F iancing - determining the likely cost of each risk, including the effectiveness of control options and availability of capital to cover retained risks
M nitoring - regular review and reassessment of risks together with an overall business review to identify new/previously omitted risks
M easurement of probability and severity
I dentification of risks that threaten a company’s assets and the possible controls
C ontrol - mitigation to reduce severity/probability/ financial and other consequences of loss
Risk identification
C lassification into groups including allocation of ownership
F iancing - determining the likely cost of each risk, including the effectiveness of control options and availability of capital to cover retained risks
M nitoring - regular review and reassessment of risks together with an overall business review to identify new/previously omitted risks
M easurement of probability and severity
I dentification of risks that threaten a company’s assets and the possible controls
C ontrol - mitigation to reduce severity/probability/ financial and other consequences of loss
Risk classification
C lassification into groups including allocation of ownership
F iancing - determining the likely cost of each risk, including the effectiveness of control options and availability of capital to cover retained risks
M nitoring - regular review and reassessment of risks together with an overall business review to identify new/previously omitted risks
M easurement of probability and severity
I dentification of risks that threaten a company’s assets and the possible controls
C ontrol - mitigation to reduce severity/probability/ financial and other consequences of loss
Risk measurement
C lassification into groups including allocation of ownership
F iancing - determining the likely cost of each risk, including the effectiveness of control options and availability of capital to cover retained risks
M nitoring - regular review and reassessment of risks together with an overall business review to identify new/previously omitted risks
M easurement of probability and severity
I dentification of risks that threaten a company’s assets and the possible controls
C ontrol - mitigation to reduce severity/probability/ financial and other consequences of loss
Risk control
C lassification into groups including allocation of ownership
F iancing - determining the likely cost of each risk, including the effectiveness of control options and availability of capital to cover retained risks
M nitoring - regular review and reassessment of risks together with an overall business review to identify new/previously omitted risks
M easurement of probability and severity
I dentification of risks that threaten a company’s assets and the possible controls
C ontrol - mitigation to reduce severity/probability/ financial and other consequences of loss
Risk financing
C lassification into groups including allocation of ownership
F iancing - determining the likely cost of each risk, including the effectiveness of control options and availability of capital to cover retained risks
M nitoring - regular review and reassessment of risks together with an overall business review to identify new/previously omitted risks
M easurement of probability and severity
I dentification of risks that threaten a company’s assets and the possible controls
C ontrol - mitigation to reduce severity/probability/ financial and other consequences of loss
Risk monitoring
C lassification into groups including allocation of ownership
F iancing - determining the likely cost of each risk, including the effectiveness of control options and availability of capital to cover retained risks
M nitoring - regular review and reassessment of risks together with an overall business review to identify new/previously omitted risks
M easurement of probability and severity
I dentification of risks that threaten a company’s assets and the possible controls
C ontrol - mitigation to reduce severity/probability/ financial and other consequences of loss
What that risk classification help with
Calculation of cost of risk and value of diversification.
Benefits of risk management
S takeholders - confidence that business is weoll managed
I mprove: stability and quality, growth and return (risk opportunities + better mngmnt & allocation of capital)
R eact quickly to emerging risks
I dentify aggeregate risk exposures and interdependencies
A void surprises
I ntergrare risk into business processes and strategic decision making processes
Benefits of risk management
S takeholders - confidence that business is weoll managed
I mprove: stability and quality, growth and return (risk opportunities + better mngmnt & allocation of capital)
R eact quickly to emerging risks
I dentify aggeregate risk exposures and interdependencies
A void surprises
I ntergrare risk into business processes and strategic decision making process
D etermine cost-effective means of risk transfer
I dentify opportunities rising from natural synergies
E arlier detection of risk
P rice products
J ob security
What do providers need to balance in setting the risk management strategy
Return, growth and consistency
What should a good risk management process do ?
R isks - incorporate all risks, both financial and non-financial
E xploit hedges and portfolio effects among the risks + exploit the financial and operational efficiences with the strategies.
C onstraints - consider all relevant constraints , including political social, regulatory and competitive.
S trategies - evaluate all strategies for managing risks, both financial and non-financial
What can be the source of complexities in large enterprises?
B usiness units which are separate companies making up the holding company.
C ountries of operations differing
A ctivities done by the company
L ocation
M arkets in which the company operates.
two approaches to risk management
Silo approach – each to their own which makes little allowance for diversification.
Enterprise risk management which makes allowance for diversification and minimisation of risk which is required by regulatory framework.
Advantages of enterprise risk management over silo approach
Can take advantage of pooling and diversification; better oversight; transparency; company culture w.r.t. risk, etc.
Three lines of defence in risk management
First line of defence – line management and staff in the business units
Second line of defence – the CRO, risk management team and compliance team
Third line of defence – the board and the audit function
what are the functions of a chief risk officer in an organisation?
- responsible for allocating the risk budget to business units after allowing for diversification
- And for monitoring the group exposure to risks
- And documenting the risks that have materialised and affected the group.
What are the key elements of enterprise risk management ?
These assist the line managers with ERM
I ncentives
T axonomy (common)
E ngagement and buy-in from entire business
M onitoring and reporting (up and down)
Clear, transparent, easy to understand and interactive risk dashboards
with drill-down functionality and up-to-date information
S tandard risk processes; well-communicated and documented
role of an audit subcommittee/risk managment committee
- Overseeing and challenging management’s treatment of key risks.
- Setting risk policy
- Gathering relevant information on risks
what are the different relationships between line managers and the central risk function?
Offence vs defence
* Business units focus on maximising sales, revenue, etc. whereas Risk function aims to minimise losses
* Can result in conflicts and mistrust
Policy vs policing
* Business units operate within rules and policies (enforced by audit and compliance functions).
* Problems include this being reactive rather than proactive, and policies becoming out-of-date, infrequent audits, misunderstandings, and/or reduced incentives to report issues of RM
Partnership
* Risk function integrated in business units – client-consultant type relationship
* Suffers from lack of independence and oversight.
* Engagement and co-operation and mutual respect for the purpose and scope of engagement
what are some factors to consider when setting a risk management framework?
A utonomy of business units
R isk management framework(s) currently in place
C osts vs benefits; scope of RM function duties, etc.
S ize of organisation/business units
I ncorporating RM into business processes – Product design, pricing, marketing, monitoring and reward
N ature of the business
S cope of risks faced
