Risk Governance Flashcards
The risk management process
It can be described as the process of ensuring that the risks to which an organization is exposed are the risks to which it thinks it is exposed and to which it is prepared to exposed
The risk management process consists of risk:
• identification (of risks that threaten the income or assets of an organization, and of possible controls)
• classification (into groups, including allocation of ownership)
• measurement (probability and severity)
• control (mitigation to reduce the probability/severity/financial and other consequences of a loss)
• financing (determining the likely cost of each risk, including the cost of effectiveness of risk control options, and the availability of capital to cover retained risk)
• monitoring (regular review and re-assessment of risks together with an overall business review to identify new/previously omitted risks)
Risk appetite is an important input into this process
Benefits of a risk management process
The providers will be able to (through an effective risk management process)
• avoid surprises
• react more quickly to emerging risks
• improve the stability (i.e. reduce earnings volatility) and quality of of their business
• improve their growth and returns through better management and allocation of capital
• improve their growth and returns by exploring risk opportunities
• identify their aggregate risk exposure and assess interdependencies
• integrate risk into business processes and strategic decision making
• giving stakeholders in their business confidence that the business is well managed
The risk management process should:
• incorporate all risks (both financial and non-financial)
• evaluate all relevant strategies for managing risk
• consider all relevant constraints
• exploit hedges and portfolio effects
• exploit financial and operational efficiencies
Systematic vs diversifiable risk
Systematic risk is risk that affects an entire financial market or system and cannot be diversified away
Diversifiable risk arises from an individual component of a financial market or system and can be diversified away
Enterprise risk management
A company’s business unit might:
• carry out the same activity but in different locations
• carry out different activities at the same location
• carry out different activities at different locations
• operate in different countries
• operate in different markets
• be separate companies in a group, which each have their own business units
The parent company could determine its overall risk appetite and divide it between the units. However this is likely to make no allowance for the benefits of diversification. A preferable approach is to establish group risk management as a major activity at the enterprise level
The key features of ERM:
• consistency across business units
• holistic - considers the risks of an enterprise as a whole, rather than in isolation, thus allowing appropriately for diversification, etc.
• seeking opportunities to enhance value
Stakeholders in risk governance
All members and staff are stakeholders in risk governance in an efficiently run organization
All large companies and all providers of financial products should have a designated Chief Risk Officer, normally at enterprise level. Business units should also have a risk manager
Customers, shareholders, credit rating agencies and regulators also have a stake in the risk governance of an organization