Week 4 - Risks and Recap

Question 1

What is risk?

Answer 1

Use a consistent ‘framing’ of risks to avoid internal confusion and
proliferation of similar risks into their own definitions
* The use of the risk definition needs to allow for:
* Identification of the event that triggers the risk to occur
* Underlying root cause
* The result or the impact of that risk on the organization

Question 2

Types of categories of risks

Answer 2

Helps to organize and “roll-up” risks
Avoids duplication of similar risks identified by different departments
Major Categories:
- Risks external to the organization (External Risks)
- Risks internal to the organization (Business Risks)

Question 3

External Risks

Answer 3

Definition: The risk of loss due to external events that are outside of the control of the organization and may be random and difficult to predict. These risks can be mitigated through effective planning and preparation (expecting the unknown, unknown).

Examples: external fraud (hacking), external system failures, market dislocations (2007/08 U.S. mortgage market), and natural or man- made disasters.

Question 4

Business risks

Answer 4

Business risks – Examples
► Strategic Risks
► Operational Risks
► People: Human resources – Health and Safety – Customers/Stakeholders
► Processes: Legal and Compliance – Business Disruptions – Financial Information – Financial Reporting –
Shareholder/Stakeholder relations
► Technology: Information Technology related risks: System Availability – Cyber Security – Technological
Innovation – Privacy – Data Availability – Data Integrity
► Financial Risks (Financial Institutions / companies with exposures)
► Credit Risk
► Country Risk
► Market Risk
► Foreign Currency Risk
► Liquidity Risk

Question 5

Risks related to processe

Answer 5

When looking at risks in processes, consider that most of the risks relate to the processing of transactions. This includes the potential for errors in any stage of a business transaction, including sales, pricing, documentation,
confirmation, and fulfillment, with varying levels of impact. It can also relate to transactions relating to hiring, managing, or terminating staff.

Process can have the following two failures:
► Ineffective processes: those that fail to achieve their objectives.
► Inefficient processes: those that achieve their objectives but consume
excessive costs

Example: a pricing error can result in lower/no profitability, whereas a fulfillment problem can
cause a customer to stop doing business with the company.

Question 6

Risks related to people

Answer 6

These typically result from staff constraints, incompetence, dishonesty, or a corporate culture that does not cultivate risk awareness. It can be result of a process risk in the talent
acquisition process (not checking references, criminal background check, etc.)

Constraints: lack of qualified personnel, compensation uncompetitive; Incompetence: lack of training and development programs; Dishonesty: theft/fraud due to ineffective hiring processes; Culture: encourage profits without regard for risk, i.e. how are incentives set up?

Question 7

Risks related to systems

Answer 7

Risk associated with technology (hardware and software):
– Systems failure
– Programming errors
– Telecommunication failure
– Cyber Attacks
– Power outages
– Incorrect ”change and release” processes
– Flawed access to systems

Question 8

What is operational risk

Answer 8

Operational risk is the risk of direct or indirect loss resulting from inadequate or failed internal processes, people, systems or from external events

Question 9

What is the significance of operational risk

Answer 9

1) Investigations of major financial disasters have identified operational risk issues as the main culprit in the majority of these cases.
2) Operational risks are often interrelated with credit and market risks, and an operational
risk failure during stressed market conditions can potentially be very costly.
3) If operational risks are not identified, assessed, and mitigated at the enterprise level, it tends to be managed differently in different areas of the company, resulting in
inconsistencies. A robust ERM framework also ensures limits are in place (tolerances).
4) Risks are often interdependent or connected – a decline in disposable income for
consumers often elevates fraud risk (which is an operational risk). Not managing a large
organizational change for employees results in more stress, lower productivity, and
heightened fraud risk. If both happen, fraud risk is elevated.

Question 10

What are the major types of operational risk

Answer 10

►Supply Chain – for companies heavily reliant on their supply chains (manufacturers, retailers)
► Exploration – for mining companies
► Quality Assurance – for companies that produce goods/services that have a direct impact on human life. Airlines, pharma,
consumables, etc.
► Project Management – for construction companies that build significant infrastructure projects
Emerging:
► ESG related risks: measurement, targets, greenwashing, etc.
► Data and AI: use of data, reliability, relevance, AI has its own specific risks – validity, inability to verify

Question 11

Financial risk

Answer 11

Financial risk includes various types of risk associated with financing, including financial transactions that include company loans
in risk of default.

Businesses are exposed to Financial Risk generally in three areas:
1) Market Risk
2) Credit Risk
3) Liquidity Risk

Question 12

Market risk

Answer 12

Market risk is the possibility
that an individual or other entity
will experience losses due to
factors that affect the overall
performance

Market risk arises from
movements in stock prices,
interest rates, exchange rates,
and commodity prices.

Question 13

Equity price risk

Answer 13

“Price risk is the risk that the value of a security or investment will
decrease. ”

Businesses are exposed to Equity Price Risk where they have an
investment or a portfolio of investments.
Examples of equity price risk to manage:
- General economic downturns (systematic risk)
- Investment concentration in specific industries, geographies
- Lack of diversification in portfolio (company specific risk)

Question 14

How to manage equity price risk

Answer 14

General strategies:
- Hedging
- Monetization
- Diversification

Question 15

Interest rate risk

Answer 15

Interest rate risk is the potential for investment losses that result from a change in interest rates.

Businesses are exposed to interest rate risk where they have fixed-rate securities or investments such as bonds, treasury bills, or
commercial paper.

Certain financial institutions would be exposed to additional interest rate risk in areas such as repricing risk, basis risk, yield curve risk, and embedded option risk.

Question 16

Exchange rate risk

Answer 16

Exchange Rate Risk refers to the losses that an international financial transaction may incur due to currency fluctuations.
Businesses are exposed to Exchange Rate Risk as follows:
- Transaction risk:
- Buying in foreign currencies (accounts payable)
- Selling in foreign currencies (accounts receivable)
- Translation risk
- Economic risk (or forecast risk)

Question 17

Commodity Price Risk

Answer 17

Commodity Price Risk is the possibility that commodity price changes will cause financial losses for either commodity buyers or producers.

Commodities include basic goods primarily used as inputs in the production of other goods, such as wood, oil, livestock, crops, or
previous metals.

Businesses are exposed to Commodity Price Risk due to seasons, weather, technology, and other market conditions such as political
environment (tariffs)

Question 18

How to Manage Interest, Exchange and
Commodity Price Rate Risk

Answer 18

Hedging instruments are generally used, such as:
* Futures Contracts
* Forward Contracts
* Options
* Hedged assets such as Hedged exchange-traded funds

Question 19

Credit risk

Answer 19

Credit Risk is the possibility of a loss resulting from a borrower’s failure to repay a loan or meet contractual obligations.
Credit risk can be measured by:
- Credit history
- Capacity to repay
- Capital
- Conditions on the loan
- Collateral
Such risks can be measured by credit-rating agencies such as Dun &
Bradstreet, Moody’s or Fitch

Question 20

How to manage credit risk

Answer 20

Based on the five “C”s, a Company can manage credit risk by:
- Improving customer screening
- Increasing interest rates
- Shortening credit terms, or requiring upfront payment
- Adding covenants
- Adding collateral
- Securitize the receivables

Question 21

Liquidity risk

Answer 21

Liquidity Risk is the ability of a firm, company, or even an individual to pay its debts without suffering catastrophic losses.

Liquidity risk is measured by using liquidity measurement ratios such as working capital ratio, quick ratio, DSOs, and Debt-to-Equity

This was a key area of risk that resulted in the 2008 economic crisis and the resulting Basel Accords, a series of banking regulations
designed to ensure financial institutions mitigate risk by maintaining adequate capital

Question 22

How to manage liquidity risk

Answer 22

Liquidity Risk is managed by:
- Setting policies on risk tolerance and target liquidity ratios
- Monitoring and forecasting cash flow over appropriate time horizons
- Actively managing capital structure and financing
- Building in contingencies for unexpected disruptions/expenditures
- Regulatory requirements (for financial institutions)

Question 23

Reputational risk

Answer 23

Reputational risk is the potential business and economic impact due to negative
opinion as viewed by the firm’s stakeholders, including customers, employees,
shareholders, government, rating agencies, and the general public”.

Note that reputational risk is often a second-order impact from other risk events. If you have Reputation or Brand as an impact in your Risk Metrics – you end up with a circular process – in that case don’t use Reputational
Risk.

It is also affected by the firm’s response to such events and communication with
stakeholders.

Synonymous with “Brand” risk.

Question 24

Causes of Reputational Risk

Answer 24

1) Strategic/Business Risk:
The potential business and economic impact arising from adverse business decisions, corporate and business strategies, ineffective
implementation of such strategies, failure to respond to industry and technological changes, and insufficient business diversification.

2) Financial Risk:
The potential business and economic impact resulting from adverse movements in market prices and rates, borrower or counterparty
defaults, and inability to meet cash flow requirements.

3) Operational Risk:
The potential business and economic impact resulting from human error or malfeasance, failed internal processes or systems, or
external events and disasters.

4) Regulatory/Compliance Risk:
The potential business and economic impact, such as regulatory sanctions, financial loss, or damage to reputation, resulting from failure to comply with applicable laws and regulations.

5) Other:
Errors in communicating with the investor community or the public; The public perception of other external parties connected with firm; Systemic reputational risk failures at the industry level.

Question 25

Monitoring reputational risk

Answer 25

A sound reputational risk framework includes a set of metrics and tolerance levels that support the identification, measurement, and management of reputational risks. Reputational risks are largely qualitative, however quantitative metrics/data analytics (ie. frequency and numbers/kinds of complaints), can provide useful information.
The following five metrics are examples to monitor reputation risks:
1) Employee perspective
2) Customer perspective
3) Shareholder perspective
4) General public and media coverage
5) Regulatory and legal perspective