Week 3 Flashcards
Dealing with Risks
-> 4 possibilities
- Avoid
- Mitigate -> Insurance
- Transfer
- Accept
Dealing with Risks
-> Insurance
- Mutualisation of risk
- Equivalence principle: premium = losses + costs + profit
- Only actual losses are reimbursed
- Risk layering / deductibles to structure risk transfer
- Moral hazard for user behavior
- Adverse selection through better risk pricing
- Danger of (hidden) risk accumulation in insurance portfolio
Dealing with Risks
-> Ability of Guaranteed Cost Insurance to Meet risk Financing Goals
- Pay for Losses: Insurance can meet this goal, provided the loss exposures are covered by the guranteed cost insurance policies.
- Maintain Liquidity; Insurance can meet this goal because the organization requires less liquidity with guaranteed cost insurance compared with retention or other risk financing measures.
- Manage uncertainity: Insureance can meet this goal because much of the unceratinty about future losses is transferred to the insurer.
- Comply With Legal and Regulatory Requirementss: Insurance can meet this goal, especially regarding loss exposures that are reuqired (by law or contracutal obligation) to be transferred.
- Minimize the Cost of risk: Insurance can meet this goal, but it is ot ideal because insurance premium are designed to cover not only expected losses, but also insurer administrative costes. premium taxes, and any social loadings.
Why are companies (or you) insured?
- We buy insurance knowing that we
expect to pay 60-70% more than our
expected losses. - This is rational, because a large loss
could be disastrous.
Risk Management Frameworks
-> Process for Managing Risk
- Scan Environment
- Identify Risks
- Analyze Risks
- Treat Risks
- Monitor and Review
Risk Matrix
Impact, Consequence / Likelihood, Probaility
Risk Management
- Risk Tolerance depends on knowledge, experience, culture, confidence, economic situation etc.
- Savings increases with high risk accpetance
- Savings decreases with low risk acceptance
High Risk: Immediate Action
Medium High Risk: Short-Term Action
Medim Risk: Cost/Benefit - Assemssment
Low risk: Action normally not necessary
The COSO Cube
- Operations: How well are the operations goals protected against known risks.
- Reporting: Internal and external reports. Tracking
progress toward stated operation targets or meeting regulatory financial transparency requirements.
Compliance: Regards any goals dealing with laws or regulations the organization is subject to.
* Sets the tone for internal controlling by providing resources, discipline and structure
* Identifies measures risks that threaten the organization’s objectives
* A collection of policies, procedures, and practices enacted to carry out the management objectives and risks mitigation goals
* System or process that communicates control responsibilities…
* Either external oversight or the internal application of independent methodologies, such as customized procedures or standard checklists
Risk Management and Internal Audit roles
The board of directors establishes the riks mangement policy and risk appetite. It also determines the amount and types of risk that the organization wants to pursue, retain, reduce, or avoid.
Risk Management
* Designs and Implements the risk managemetn plan, including the choice of apporpriate tools and responses to risk, in accordance with board guidance.
* Works with the business managers to establish internal risk mangement controls.
* Monitor risk levels within the organization.
* Identifies and quantifies new, emerging risks and recommends apporpriate responses
* Is accountabel for whether the risk manamgenmet plan is effective
Internal Audit
* Reviews and critiques the implementation on the risk management plan
* Audits internal risk controls to ensure that they are in place and working as desgined
* Monitors risk levels within the organization to determine whether the risk mangement plan and internal risk control are effectively managing risk as expected
* Identifies and quantifies new emerging risks
Normalization of Deviance
Normalization of Deviance (operational drift)
The tendecy over time to accept anomalies - particulary risks ones- as normal
Outcome Bias
Outcome bias
When people observe successful outcomes, they tend to focus on the results more than
on the (often unseen) complex processes that lead to them
Latent Errors (resident pathogens)
Latent Errors (resident pathogens)
The unexpected interaction of multiple, small often seemingly unimportant, human
errors, technological failures, or bad business decisions
Latent errors often exist for long periods of time before they combine with enabling
conditions to produce significant failures
Recognizing and Preventing Near Misses
▪ Pay attention to high pressure situations
▪ Investigate deviations and learn from them
▪ Analyze and tackle root causes
▪ Demand explanations
▪ Consider worst-case scenarios
▪ Evaluate at every step
▪ Reward transparency
Line of defense
Hedging
- offset losses in investment by taking an opposite position (chance) in a realated asset (absichern)
