P2D.1 Enterprise Risk Flashcards
Benefits of Risk Management
- Preservation
- Reduction of volatility
- Unlocking the benefits of planning
- Enabling exploitation of core competencies
- Enabling investment opportunities
- Building culture of risk awareness
Risk Management Process
- Set organization’s tolerance
- Identify existing risks
- Assess the probability and potential loss for each risk
- Prioritize risks
- Respond to risks
- Continue to monitor for change in impact or probability
Attitudes Toward Risk
Low tolerance: risk management is an important part not only of significant business decisions but overall company culture.
High tolerance: risk management is less of a concern. While still important, the organization has more of a bias toward action.
Business Risk
Business risk involves changes in operating income, and is a result of factors such as operating leverage and variability in the cost of inputs.
- Potential loss or risk of actual profits being lower than anticipated.
- Risk measured in the context of major uncertainties in the economy and how projects might be affected by these uncertainties.
Internal Risk Factors
- Financial risk
- Strategic risk
- Operational risk
- Employee supervision
- Internal control activities
- Communication
External Risk Factors
- International risk
- Hazard risk
- Regulatory changes
- Vendors
- Customers
Hazard Risk
Risks to persons, property or business due to natural catastrophes such as earthquakes or tornadoes.
Hazard risks can’t be avoided.
Financial Risk
Financial risk is the risk involved with financing an asset, such as pricing risk, asset risk, currency risk, or liquidity risk, and exists because there is a probability that the actual return received from the asset will be less than the expected return.
Risks related to financial status.
Credit risk Liquidity risk Market risk Foreign exchange volatility Interest rate changes Commodity trading
Operational Risk
- Potential for loss due to internal operational failures from employees, systems or processes.
- Relates to the relationship of fixed & variable costs in the company’s cost structure.
- Includes fraud, legal and compliance risks as well as physical and environmental risks.
Compliance Risk
Risks associated with compliance with governmental regulation.
Legal Risk
Potential for loss due to legal proceedings.
Strategic Risk
- Potential for loss arising from company making poor or incorrect business decisions.
- Focus on broader risks such as those in the economy or industry economic conditions, risks to reputation, or changes in consumer needs.
- Associated with the future business plans and strategies for the company.
Political Risk
Risk that company’s profits or operations will be impacted by a political decision, a change in political party or other political factors.
Example: tax structure.
Factors that increase risk
- Volatility: the greater the variance in possible outcomes, the more risk.
- Time: as predictions age, circumstances can change.
- Both have a direct relationship.
Quantitative Risk Assessment Tools
- Probability
- Unexpected and maximum possible loss
- Value at Risk
- Cost-Benefit Analysis
Qualitative Risk Assessment Tools
- Risk identification
- Risk ranking: high, medium, low
- Risk maps
Probability
The expected outcome of an event equals the sum of the products of potential impacts and the probability of each.
= ∑(Loss Amount n) × (Loss Probability n)
Unexpected & Maximum Possible Loss
Unexpected loss = Actual loss - expected loss
Maximum possible loss = Total potential impact without discounting by probability
Value at Risk - VaR
Value at risk (VaR) uses the probability distribution of past values for a portfolio to estimate the amount of money at risk of loss over a specified time period.
Maximum loss within given period of time and given a specified probability level (level of confidence).
Calculations:
- Historical
- Parametric: co-variance method
- Monte Carlo
Cash Flow at Risk - Quantitative Tool
Unfavorable cash flow that may occur during a period of time.
Earnings at Risk - Quantitative Tool
Potential impact to net income due to interest rate risk.
Dividends & EPS are tools too.
Risk Assessment Grid - Qualitative Tool
Low Impact, High Probability: mitigate risk through planning
Low Impact, Low Probability: accept risk
High Impact, High Probability: utilize risk management processes to decrease risk
High Impact, Low Probability: transfer risk by buying insurance
Inherent & Residual Risk
Inherent: exposure to loss as part of an activity without any risk management activities.
Inherent risk includes the environmental risk in which a company operates.
Residual: risk that remains after risk management measures have been taken.
Risk Response
- Exploit (accept): take the risk in hopes of profiting from activity
- Transfer (share): divest the risk into another organization
- Reduce (mitigate): take steps to reduce probability and impact
- Retain: self-insure against risk
- Avoid: decline to participate in activity that creates risk.
Operational Risk Response Actions
- Preventative measures
- System controls
- Manual checks
- Simplify processes
- Culture of risk awareness
Financial Risk Response Actions
- Hedges
- Cash flow planning
- Capacity planning
- Reducing leverage
- Reserves
Capital Adequacy
Refers to required amount of capital that banks are required to have per regulation requirements
= (Tier 1 Capital + Tier 2 Capital) / Risk Weighted Assets
Tier 1: Common shares & retained earnings
Tier 2: Loss reserves, hybrid debt capital instruments
Risk Weighted Assets: assets or minimum required capital
Enterprise Risk Management (ERM) Objectives
- Strategic: development of high-level goals.
- Operations: proper management of the day-to-day activities.
- Reporting: reliability of financial/operational reporting an reduce risk.
- Compliance: compliance with laws and regulations can reduce company’s risk.
Enterprise Risk Management (ERM) Components
- Internal environment: corporate culture, overall setting, general tone
- Objective setting: statement of goals
- Event identification: identify company’s objectives as opportunity or risk.
- Risk assessment: impact and probability of occurrence.
- Risk response: possible responses include avoidance, acceptance, mitigation, transfer or retention of risk.
- Control activities: policies and procedures to execute response
- Information and communication: pertinent information transmitted to relevant parties.
- Monitoring: ongoing assessment and modifications, if applicable.
