Summary Flashcards
Define Risk?
Statistical probability of an event which can be calculated
Define Uncertainty?
Something with too many variables to calculate
Define Chance?
Something outside human control such as gambling
How is risk assessed?
Frequency and Severity
How is risk perception influenced?
Based on patterns of behaviour
Media
More heavily influenced in a group
What is risk appetite?
- Varys from risk seeking to risk adverse
- Considered in terms of attitude, preference, tolerance and capacity.
- Desire and ability to persue risk
What is risk tollerance?
What the Board of Directors have authorised to accept.
What is Risk Culture?
- Term used to describe appetite, attitude and understanding of risks shared by a group.
- Displayed formally and informally
- Continuously moving and developing and evolving
What is mature risk culture?
Culture that recognises and accepts that uncertainty is inevitable and welcomes healthy risk management.
Why is the modern attitude to risk changing?
- People are more anxious about risk.
- We have moved from accepting risk happens to trying to prevent risk.
- Accidents and loss are no longer regarded as fate/bad luck.
- Now they are seen as failure to prevent risk .
What is Corporate Gevernance?
Learning from past corporate crisis by providing new laws and regulations.
What has healthy and saftey improvings changed?
Less injuries/deaths in the workplace.
What has being a compensation culture meant?
People now seek money as the main remedy too loss.
What are emerging risks?
- Current known risks are more volatile
- New risks continue to appear
- New risks present challenges and opportunities for insurers.
What are Corporate Risks?
Risks associated with large companies or corporations.
What are Business Risks?
- The probability of loss inherent in an organisations operations and environment such as competition and adverse economic conditions that may improve its ability to provide returns on investments.
What is the link between corporate and business risks?
Closely linked but corporate risks is the more all-encompassing term and includes business risks.
What is a Strategic Risks?
Associated with long term objectives of an organisation.
As such they invariably relate to decisions made by the organisation about direction, product mix and target markets.
What is strategic risks closely related too?
Business risks and speculative risks.
What is a financial risk?
Risks that happen on paper and not in a physical world (such as valuation of property/investment)
What is non-financial risk?
Always associated with a physical loss ie building burnt down in a fire
What is a market risk?
Also called a systemic risk. Risk of loss due to movement in market prices. Often volatile and changing daily.
What is a credit risk?
The risk that a counterparty will suffer a real or perceived deterioration in financial strength or will be unable to pay amount in full when due.
Credit risk is associated with the creditworthiness of those with who, an organisation does business.
What is a default risk?
Under Credit Risk.
Specifically the probability of a debtor being unable to repay its loan obligations.
What is a concentration risk?
Under Credit Risk.
Prudent lenders requires banks to avoid either too much loan exposure to a single multinational company or to a single industry.
What is Country Risk?
Under Credit Risk.
An investor in one country may lend to a business or government in another country.
A crisis in the borrowing sovereign state, perhaps involving a change of government, may cause it to freeze foreign currency payments leaving the country.
Or more simply a sovereign state may default on repayments of a loan made to it by another country.
What is a Liquidity Risk?
Running out of cash when it is needed to meet financial obligations.
What is a Legal Risk?
Associated with aledged or actual breach of contract.
What is a regulatory risks?
Associated with factors an organisation needs to consider because of the regulatory environment in which it operates.
Eg - falling to keep up with changes in regulations. Such as not making electric cars, which due to emmision regulations is trendy and with the times.
What is a compliance risk?
Failure to comply with laws and regulations resulting in large penalties, fines or a public warning damaging reputation.
What is an operational risk?
Risk of loss resulting from inadequate or failed internal processes, people and systems or from external events.
eg staff resourcing, preventing fraud (internal and external), workplace health and saftey, outsourcing core and non core functions, insourcing
What in an outsourced non-core (routine) function?
Rental of property
Stationary/electricity supply
Temp staff
Audits
Accounting
Staff payroll administration
Legal advice
What is an outsourced core function?
The development of a strategy that seeks to obtain a commercial advantage from the outsourcing of core functions or processes.
Back office policy processing
Premium Collection
Accounting
IT Management
Claims Processing
Client service call centre
Risk Management
Actuarial Services
What is a concentration risk?
Associated with outsourcing.
Too much is outsourced to one provider.
What is a boundary risk?
When it is unclear if a risk is operational or belongs in another category.
What are reputational and communication risks?
Reputational: Loss of organizations reputation.
Communication: related to reputational risk but associated with new technologies such as social media and the speed which news now travels.
What is a speculative risk?
Where you speculate the risk could provide a gain
What is a pure risk?
Where there is the possibility to break even or of a loss but not a gain.
ie. driving and making it too your end destination.
What are upside/downside risks?
Upside = speculative = possibility to make a gain.
Downside = pure = break even/loss
What is a fundamental risk?
“catastrophic” occurs on a wide scale.
Arrises from social, economic, political or natural causes.
Widespread in effect
What is a particular risk?
Localised and personal in there cause and effect.
Cause would be widespread such as a storm however the effect must be localised.
eg - storm doesnt damage the whole city
What are underwritting risks?
Making the policy wording to vague or wide compared to how it was intended.
Poorly calculating risks
accepting poor risks
What is a volatility risk?
It is impossible to predict the total amount of claims in a year, the timing of those risks, therefore it is volatile.
What is a pricing risk?
Undercharging premiums meaning the reserve is too low.
In insurance what is an economic factors risk?
During an economic downturn, people are poorer, crime increases, claims increase, investor confidence reduces, ability to obtain credit reduces therefore higher premiums must be charged.
What is an accumulation risk?
Accumulation of exposures to a since risk or source.
also called aggregate managment or exposure managment.
What is a reserving risk?
Inadequate reserves.
What is a homogenous exposure?
Law of large numbers
Similar risks.
What are futures and hedging?
Futures is buying/selling future contracts as protection against the risk of loss due to changes in prices in the cash market.
Hedging is the name of this strategy.
What is the earliest development in managing business’ risks by insurance?
1547 - Marine polices in Italy
1623 - Fire policies - German
What did the industrial revolution to in terms of risk managements ?
Created risk managment processes to eliminate/reduce risk to make it safer. Factories Act 1833 created the first factory inspections.
What happened in the 1950s?
1950s - risk can be managed and reduced.
Rather than only looking at insurance, self-protection initiatives and self-insurance and mutual schemes arose.
What happened in the 1970s?
Financial risk management becuase a priority. Insurance derivatives became a new popular way of removing risk.
What is an insurance derivitave?
Alternate risk transfer.
Financial pay out for a risk when it reaches a certain threshold.
If construction is stopped for X number of days, the derivative will pay out Y for each day past day X.
What are the 5 steps in a risk management process?
Establish the context
Identify the risk
Analyse risk
Evaluate risk
Treat risk
What is done in step 1 - establish the context?
Find out clear understanding of the objectives, structure and culture of an organisation
What steps make up a risk assessment and what do they include?
Risk identification, analysis and evaluation.
Identify - understand the treats that exist
Analysis - understand the treats potential
Evaluate - work out risk levels - both single and cumulative.
What is mean by step - treat?
Accept, eliminate, control or transfer.
Reduce frequency or severity
Transfer to another organisation
Accept risk and prepare for it
What is meant by risk maturity?
The extent to which risk management is embedded in an organisation.
Based on observations, audits and interviews.
What is ERM?
Enterprise Risk Management.
- New approach to RM.
- Strong focus on risk-taking and how risk achieves objective.
- Uses taking risks to gain commercial advantage.
- Looks at how risks relate to each other/whole organisation
Proactive - Looks at both insurable and non-insurable risks
- Overview of risk becomes more senior role such as CRO.
What does opportunity risk mean?
Upside risk - change of gain as well as loss.
What does qualitive and quantitative mean?
Quanlitative information is a description of something spoken or written
Quantitative means something that can be counted or measured in numbers.
What does subjective, objective, static and dynamic mean?
Subjective - option/judgment about something, often influenced by feelings.
Objective - based on facts
Static - a fact eg date of birth, cant be changed
Dynamic - capable of change, someone’s experience
Traditional risk identification techniques looking inside and outside the organisation?
Talk to people
workshops/brainstorming
meetings and committees
checklists and questionaires
procedures manuals
internal audit and compliance monitoring
Surveys and obeservation
Outside:
Research
Stress testing and scenario analysis
External auditors reports
Reading insurance documents
How can you organise risk?
Allocate it too catagories to make comparisons and present info in an understandable form
What are the firm scorecard catagories
financial risks
infrastruction risks
marketplace risks
reputational risks
externally and internally driven
What are the measures for analysing risk?
Frequency and severity
What are the risk levels?
Inherent - assuming the controls fail to work
Residual - with the controls in place
What is the purpose of displaying risk information and what should the content show?
To produce meaningful info that will help management make better decisions in the face of risk uncertainty.
Must be informative and enable necessary decisions to be made.
How is risk frequency and severity expressed in turns of levels?
1-5 or red, amber, green.
What are the options for dealing with risk?
Eliminate
Control
Transfer
Retain
What is a risk matrix primarily used for?
To divide risks into those that are acceptable and not acceptable by the Board.
What does the risk owner mean?
So that they can take responsibility for seeing that appropriate action is completed.
What are the features of terminating a risk?
Only certain way to prevent a loss entirely
Could remove a profitable area of business
Change of materials could inpact quality
What are the features of controling risk?
Preventative, corrective, directive and detective controls
control is proportionate/reasonable in relation to risk
Estimated by comparing inherent risk to residual risk
What does, directive, detective, inherent and residual mean?
Directive = designed to make people behave in a specific way.
Detective = designed to identify unwanted occurrence’s that have already happened from happening again
Inherent = uncontrolled risk, natural level of risk if left alone
Residual = Risk left over after implementing risk controls
What is the traditional method of risk transfer?
Insurance
Why do people take out insurance?
Transfer risk
legally - eg - EL
What is securitisation of risk?
Refers to a range of instruments that enable an organisation to transfers risk to a professional risk carrier in the banking world, other than traditional insurance contracts.
What are insurance derivatives and Catastrophe (CAT) bonds?
Insurance Derivatives: insurance kicks in at a pre-determined point. EG after X number of days of no trading due to a storm.
CAT bonds - 3-5year period, pay out wen an occurrence has bene triggered during this time such as an earthquake.
Why would you retain a risk?
Insurance may not be an option
It may be a risk you hadnt considered and there for unknowingly retained it
You might have decided it would cost more to control or transfer the risk, you can afford to eliminate it therefore you must retain it.
How do companies deal with retained risks that come to fruition?
non-replacement
build into expenses
Contingency reserve (from profits)
Internal risk fund (liquid fund for losses)
Captive Insurance Company
Borrowing
What methods of part retention are there?
Indemnity Limits
Excesses and deductibles
First loss cover
Co-Payment
What is a BCM?
A specialist type of risk management planning for when a major incident occurs or a crisis develops. Both expected and unexpected.
What has increased the need for BCM>
Globalisation and interconnectivity
What are the core and facilitating actions in a BCM
Impacts of disruption and the organisations survival priorities
Excersises and Tests
Plans - whos does what, how we keep it running, how to we get back to normal
Evaluation and improvment
Leadership and support
How to monitor an evaluate risk conotrols?
Internal audits
Risk registers
What is the role of Board members when it comes to risk managment?
Accept responsibility under laws that applu to the running of corporate bodies
What is stated about risk managment in the Companies Act 2006?
Implided risk management required
What is corporate covernance?
The way a board sets up an organisation to achieve its objectives, together with the systems it puts in place to manage and control that organisation, is know as corporate governance.
What is a risk commitee?
Set up by the board to delegate risk assesments and risk management supervisory responsibilities.
What is the risk team?
Risk managers go by vaious names, often they will develop a who team of risk managers knows as the risk management team.
What level is a risk manager?
Could be a board member, middle management or lower
What is in a risk mangers job spec?
Varies based on organisations size.
Who is the head of ERM
CRO or Group Risk Manager
