Key risk-management concepts

Question 1

In an organisational setting, when do risks arise?

Answer 1

Whenever a single decision or action could result in more than one potential outcome

Question 2

Difference between risk and uncertainty

Answer 2

Generally:
Risk is something that can be quantified and therefore calculated
&
Uncertainty is unquantifiable due to unpredictability of future event constraints

Question 3

Degree of uncertainty in organisational risk will often depend on: (4)

Answer 3

• the chosen risk model and underlying assumptions
• the availability and quality of data
• the chosen model parameters such as time horizon and frequency of data inputs
• the chosen confidence level, among other factors

Question 4

In organisational setting, will risks be calculated with 100% accuracy?

Answer 4

Very rarely, there will almost always be some level of uncertainty

Question 5

4 examples of uncertainty in an org:

Answer 5

• Emerging risks such as cyber-attacks
• How fin. markets may react to unfamiliar scenarios (eg. natural disaster)
• Effects of political or regulatory change
• Effects of negative news media coverage

Question 6

What is the common factor in examples of uncertainty?

Answer 6

The human element - human behaviour can be very unpredictable

Question 7

What is the concept of confidence intervals used for? How is it applied?

Answer 7

Used to measure the level of uncertainty of a particular risk.
Confidence interval is expressed in percentage terms from 0 to 100, with a higher interval indicating greater confidence

Question 8

What is a risk event

Answer 8

Any outcome that arises from a single decision or action that had more than one potential outcome

Question 9

What are outcomes that result from a single decision expressed in terms of?

Answer 9

Probability and severity

Question 10

What does impact relate to re. risk?

Answer 10

The scale of a particular positive or negative outcome

Question 11

What is impact commonly estimated in relation to?

Answer 11

How the specific objectives are affected

Question 12

What is risk exposure?

Answer 12

The measure of probably future outcome resulting from a single decision or outcome

Question 13

What is the time horizon re. risk?

Answer 13

The length of time over which probabilities are estimated when analysing risk

Question 14

Equation for risk exposure

Answer 14

Probability of outcome x impact of outcome = exposure to outcome

Question 15

What is a pure risk?

Answer 15

A risk that only has neutral or negative outcomes, such as a fire risk

Question 16

What is a speculative risk?

Answer 16

A risk that has three outcomes - positive, neutral or negative

Question 17

What is inherent risk?

Answer 17

The level of exposure that is present in the absence of any controls or mitigating actions

In practice, inherent risk tends to assume the existence of controls at their current level rather than a scenario with no controls whatsoever

Question 18

What is residual risk?

Answer 18

The level of exposure that remains given the current effectiveness of the controls that are in place to manage the risk in question

Question 19

What is target risk?

Answer 19

The desired level of risk exposure, usually the level required to keep the risk within appetite

Question 20

What is a principal risk?

Answer 20

A risk that is considered material and can affect the viability of a business

Question 21

What is an emerging risk?

Answer 21

A risk that does not yet affect an org, but may develop to a principal risk in the future

Question 22

What does a risk profile represent a combination of?

Answer 22

All principal and emerging risks that an organisation faces

Question 23

Which sorts of risks are reported as part of the strategic annual report?

Answer 23

Principal risks

Question 24

What is a tail risk?

Answer 24

A ‘black swan’ event - the risk arising from a highly improbably and difficult-to-predict event

Question 25

What is a cliff risk?

Answer 25

A risk arising from an event that is probably and has high impact

Question 26

What is risk taxonomy?

Answer 26

A set of all risk categories used within an org - this will often differ from one org to the next

Question 27

Benefits of risk categorisation (3)

Answer 27

- Helps decision-makers to narrow down key risk categories - Helps to establish a common risk taxonomy within an org, which improves quality of communication and increases effectiveness of decision-making processes - Allows for different types of risk to be approached differently

Question 28

6 categories in standard categorisation of risk

Answer 28

- Business risk - Credit risk - Market risk - Liquidity risk - Operational risk - Reputation risk

Question 29

Business risk (5)

Answer 29

- Non-financial risks that are inherent in an org's operating environment, such as specific actions of competitors - Business risk is willingly assumed by orgs in order to gain a competitive advantage - Generally intangible and hard to quantify - Assessed in terms of probability and impact - High-probability, high-impact risks ideally reduced to acceptable level either by business changes, an insurance policy, or both

Question 30

What is credit risk?

Answer 30

Financial risk that a borrower or counterparty will suffer a deterioration in its credit rating meaning it will be unable to meet its obligations

Question 31

Credit risk is managed through a combination of: (5)

Answer 31

- Statistical models - Stress testing and scenario analysis - Risk appetite and limits - Credit underwriting and diversification standards - Qualitative assessments

Question 32

What is market risk?

Answer 32

Type of financial risk - measures the extent of change in the value of an investment due to factors affecting the overall performance of the entire financial markets.

Question 33

4 major categories of market risk

Answer 33

- Equity risk - Interest-rate risk - Foreign exchange risk - Commodity price risk

Question 34

Market risk is managed through a combination of: (5)

Answer 34

- Statistical models - Stress testing and scenario analysis - Risk appetite and limits - Diversification and hedging strategies - Qualitative assessments

Question 35

Liquidity risk (2)

Answer 35

- Financial risk including asset liquidity risk and funding liquidity risk - Came into focus following financial crisis of 07-08, where banks had to be bailed out, creating a higher expectation to manage liquidity risk these days

Question 36

What is asset liquidity risk?

Answer 36

The inability to easily sell a particular asset

Question 37

What is funding liquidity risk?

Answer 37

Inability to fulfil payment obligations in a timely manner

Question 38

Liquidity risk is managed through a combination of: (6)

Answer 38

- Comprehensive assets and liabilities management framework - Statistical models - Stress testing and scenario analysis - Risk appetite and limits - Funding diversification - Qualitative assessments

Question 39

Operational risk (3)

Answer 39

- Risk of loss resulting from inadequate or failed internal processes, people and systems or from external events - Generally pure risks - Typically includes legal, regulatory-compliance and data-quality risks

Question 40

Examples of operational risk: (5)

Answer 40

- Loss due to inadequate performance of a risk model - Damage to physical assets - H&S incidents - Customer-service problems - Security breaches such as cyber attacks

Question 41

What is legal risk?

Answer 41

Risk that an org will be unable to meet its obligations as required by law, giving rise to regulatory fines or legal action by private parties

Question 42

What is regulatory-compliance risk?

Answer 42

Risk arising when in violation of applicable laws and regulations, giving rise to consequences such as fines and negative publicity

Question 43

What is data-quality risk?

Answer 43

Risk that data used to calculate risk exposures is incomplete or incorrect

Question 44

Reputation risk

Answer 44

- Risk of loss resulting from damages to reputation, value of brand and perceived goodwill - Reputation is a very valuable intangible asset, giving an org a competitive advantage such as in attracting more customers and high-quality employees, and lower marketing and financing costs - Often associated with some type of risk event such as large-scale operational incident or substantial liquidity loss - Likelihood can be mitigated with employee ethics training - In modern world where news travels fast, so speed of response, by individuals who have knowhow, is critical

Question 45

Who is ultimately responsible for risk-man practices within an org, and compliance with relevant regulations?

Answer 45

The board

Question 46

What will the approach that is taken to categorise risks depend upon?

Answer 46

The nature of the organisation's activities

Question 47

Consideration re. risk sub-categories

Answer 47

Too many sub-categories can make it difficult to categorise risks Too few sub-categories and important differences between risk types may be missed

Question 48

Growing recognition that risks are becoming more complex, impactful and interconnected due to rise of: (3)

Answer 48

- globalisation - innovation - technological advances

Question 49

Example of interconnected risk

Answer 49

An accidental order for a large number of highly risky securities (risk event 1) may lead to a sudden deterioration of liquidity (risk event 2), as well as an increase in market and credit risks

Question 50

How can org's better recognise interconnected risks?

Answer 50

By using' what if?' scenarios - what other risks will we face if X risk occurs?

Question 51

5 challenges arising with estimating risk exposures objectively

Answer 51

- Choice of a specific statistical model, assumptions, parameters and confidence interval are all subjective - Output is only as good as input, so patchy or erroneous data can skew the results - Many risk models use historical data and combine this with subjective judgements on the future to produce forward looking results - Not every risk can be quantified using statistical methods - Quantifiable risks are quantified by people who cannot interpret findings objectively - different people would make different conclusions (due to BIAS)

Question 52

3 common cognitive biases that affect subjectivity of risk perception

Answer 52

Group-think bias - individual decision-makers strive for group consensus Status quo bias - favours preservation of current state Myopia bias - increased focus on smaller and less impactful risks at expense of more strategic and more impactful risks

Question 53

6 common risk perceptions and how they effect perception of risk

Answer 53

Choice - person's perception of risk reduced if they make the choice to take risk (due to confidence in personal ability) Control - people more willing to accept risks that they believe they can control (as they overestimate their ability to control) Familiarity - person's perception of risk diminishes if they get used to living with that risk Distant risks - if effect is far in the future, people may be more willing to accept that risk now Media - risks ignored by media are not seen to be as important as those that receive media attention Randomness - naturally occurring risks are more accepted as they are believed to be random bad luck rather than human-made and therefore caused by error

Question 54

5 common practical challenges and trends surrounding risk models

Answer 54

- Risk models have become increasingly complex - Balancing different outputs from different risk models is becoming more of an art than a science - Risks are interconnected, which models can struggle to recognise - In fin. services, number of required regulatory risk models has been growing exponentially due to increased regulation since fin. crisis - Link between risk model assumptions and long-term strategic objectives need to be stronger