Past Exam Questions: September 2013 Flashcards
Compare the data typically used for modelling credit risk with that for modelling operational risk.
For both types of risk, data are needed for both severity and frequency.
There are different types of credit risks. The main distinction is between government, companies and individuals.
For credit risk, frequency refers to the probability of default and severity to the expected level of recovery which can be made (or the expected loss) given default.
There are a variety of sources of data on the levels of credit risk.
And these are more likely to be subject to greater scrutiny or review than operational risk data, therefore more likely to be robust.
And similarly are more likely to be up-to-date.
For example, credit agencies may provide information on the level of financial soundness of a counterparty (and ratings can be a condition of some stock market listings).
If the company is listed it will have a market price which will give some information on the likelihood of default.
Spreads on corporate bonds and credit default swap spreads can also give some insight.
Operational risks are more likely to be heterogeneous than credit risk events and so it may be necessary to do more detailed analysis of data splits.
Information on operational risks from errors in internal processes will be generally available.
However, there is a risk that some data will not be available as staff may not record near misses which may affect their remuneration.
There will also be operational risks that do not happen often, but which are severe enough to bring down a company if they transpire, e.g. a large on-off fraud.
The data for such risks will be very scanty.
External operational risk data may be more credible, but is unlikely to be relevant to the specific company.
Particularly reflecting its actual operating processes, business mix, size and environment and the governance, controls and other mitigation actions which may have been implemented.
It is more important for operational risk data than for credit risk data to take into account the specifics of the company.
Expert judgement is more likely to be required for operational risk data.
Experts may also be needed to construct worst case scenario examples for analysis.
However, credit risk is likely to be more influenced by external events (e.g. general state of the economy) and so therefore it may be necessary to adjust historic credit risk data to reflect aspects such as the economic cycle and also to adjust appropriately for significant contagion events (to which credit risk events are likely to be more prone).
Why is external operational risk data unlikely to be relevant to a specific company?
External operational risk data would need to reflect its actual - operating processes - business mix - size - environment and the - governance, - controls, - mitigation actions which have been implemented.
Discuss the advantages and disadvantages of selling futures contracts to mitigate risk
- Selling futures contracts would provide a quick mitigation option.
- Futures contracts are transacted through exchanges, which improves the liquidity and also removes the counterparty risk between the seller and the ultimate purchaser.
However, there are issues:
- Futures contracts are subject to margin requirements
- The company would need to submit margin if the price of the underlying changed adversely.
- In addition futures contracts might expose the company to basis risk as they might not perfectly offset other asset movements being hedged.
- Futures contracts are generally more standardised, meaning that the company would have less flexibility, e.g. in delivery date.
List 6 TOOLS that can be used to identify risks
- SWOT analysis
- Risk check lists or taxonomy
- Risk prompt lists
- Risk trigger questions
- Case studies
- Risk-focussed process analysis
Risk identification tools:
SWOT analysis
Considers both the downsides and positive implications of risk for future strategies,
through the identification of:
- strengths
- weaknesses
- opportunities
- threats
Risk identification tools:
Risk check lists or taxonomy
Reference lists of possible risks, sourced from information obtained through experiences and from external documented knowledge.
Risk identification tools:
Risk prompt lists
Higher level categories intended to prompt a more specific list, e.g. PEST - political - economic - social - technological analysis.
Risk identification tools:
Risk trigger questions
Lists of situations in particular areas of an organisation that can lead to risk, based on previous risk events.
Risk identification tools:
Case studies
“real world” examples can suggest specific current risks if clear similarities with own organisation, otherwise could suggest areas where similar risks might occur in future.
Risk identification tools:
Risk-focussed process analysis
Construction of detailed flow charts for every process in the organisation and analysis of the points at which risks and failures can occur.
List 7 TECHNIQUES that can be used to identify risks
- Brainstorming
- Independent group analysis
- Surveys
- Gap analysis
- Delphi technique
- Interviews
- Working groups
Risk identification techniques:
Brainstorming
Unrestrained or unstructured discussion involving experts, led by an experienced facilitator in order to draw out a wide range of ideas in depth.
Risk identification techniques:
Independent group analysis
All participants document their views on risks in silence and without collaboration, in order to avoid bias;
these are aggregated by a facilitator and then discussed.
Risk identification techniques:
Surveys
Questions about different aspects of the area(s) being considered and related risks are distributed to a large number of staff.
Risk identification techniques:
Gap analysis
A survey-based approach seeking to answer 2 questions:
- the desired level of a given risk and
- its actual level.
The two questions would not necessarily be asked of the same people.
Risk identification techniques:
Delphi technique
Another type of survey with greater flexibility, whereby acknowledged experts are asked to comment on the risks anonymously and independently;
The answers are then analysed in detail and follow-up surveys issued until consensus is reached.