Summary

This document provides an introduction to risk management, outlining the process, framework, and key terms related to risk identification, measurement, and mitigation. It covers financial and non-financial risks, risk tolerance, and risk budgeting.

Full Transcript

**INTRODUCTION TO RISK MANAGEMENT** Risk management is a process that defines risk tolerance and measures, monitors, and modifies risks to be in line with that tolerance. The risk management process seeks to 1\) identify the risk tolerance of the organization, 2\) identify and measure the risks...

**INTRODUCTION TO RISK MANAGEMENT** Risk management is a process that defines risk tolerance and measures, monitors, and modifies risks to be in line with that tolerance. The risk management process seeks to 1\) identify the risk tolerance of the organization, 2\) identify and measure the risks that the organization faces, and 3\) modify and monitor these risks. A risk management framework flows logically from the definition of risk management that was previously given: It is the infrastructure, process, and analytics needed to support effective risk management in an organization. Despite customization, every risk management system or framework should address the following key factors: Risk governance Risk identification and measurement Risk infrastructure Defined policies and processes Risk monitoring, mitigation, and management Communications Strategic analysis or integration **Enterprise risk management is an overarching governance approach applied throughout the entity and consistent with its strategy, guiding the risk management framework to focus risk activities on the objectives, health, and value of the entire organization** A diagram of a risk management framework Description automatically generated **KEY TERMS** - **Risk exposure** is the extent to which an entity's value may be affected through sensitivity to underlying risks. - **Risk governance** is the top-level foundation for risk management, including risk oversight and setting risk tolerance for the organization. - **Risk infrastructure** comprises the resources and systems required to track and assess the organization's risk profile. - **Risk policies and processes** are management's complement to risk governance at the operating level. - **Risk identification and measurement** is the quantitative and qualitative assessment of all potential sources of risk and the organization's risk exposures. - **Risk mitigation** and management is the active monitoring and adjusting of risk exposures, integrating all the other factors of the risk management framework. - **Communication** includes risk reporting and active feedback loops so that the risk process improves decision making. - **Strategic risk analysis and integration** involves using these risk tools to rigorously sort out the factors that are and are not adding value as well as incorporating this analysis into the management decision process, with the intent of improving outcomes - **Risk drivers** are the fundamental global and domestic macroeconomic and industry factors that create risk. **Risk governance, risk tolerance and risk budgeting** **Risk Governance** Risk governance refers to senior management's determination of the risk tolerance of the organization, the elements of its optimal risk exposure strategy, and the framework for oversight of the risk management function. Enterprise risk management (focusing risk activities on the objectives, health, and value of the whole organization) requires that the entire economic balance sheet of the business be considered, not just the assets or one part of the business in isolation. In the same vein, another element of good risk governance is the formal appointment of a responsible executive as chief risk officer (CRO). This officer should be responsible for building and implementing the risk framework for the enterprise and managing the many activities therein **Risk Tolerance** Determining an organization's risk tolerance involves setting the overall risk exposure the organization will take by identifying the risks the firm can effectively take and the risks that the organization should reduce or avoid. Some of the factors that determine an organization's risk tolerance are its expertise in its lines of business, its skill at responding to negative outside events, its regulatory environment, and its financial strength and ability to withstand losses. **Risk Budgeting** Risk budgeting is the process of allocating firm resources to assets (or investments) by considering their various risk characteristics and how they combine to meet the organization's risk tolerance. The goal is to allocate the overall amount of acceptable risk to the mix of assets or investments that have the greatest expected returns over time. **IDENTIFICATION OF RISK** **Financial risks** are those that arise from exposure to financial markets. Examples are: 1. **Credit risk.** This is the uncertainty about whether the counterparty to a transaction will fulfill its contractual obligations. 2. **Liquidity risk.** This is the risk of loss when selling an asset at a time when market conditions make the sales price less than the underlying fair value of the asset. 3. **Market risk.** This is the uncertainty about market prices of assets (stocks, commodities, and currencies) and interest rates. **Non-financial risks** arise from the operations of the organization and from sources external to the organization. Examples are: 1. **Operational risk.** This is the risk that human error or faulty organizational processes will result in losses. 2. **Solvency risk.** This is the risk that the organization will be unable to continue to operate because it has run out of cash. 3. **Regulatory risk.** This is the risk that the regulatory environment will change, imposing costs on the firm or restricting its activities. 4. **Governmental or political risk (including tax risk).** This is the risk that political actions outside a specific regulatory framework, such as increases in tax rates, will impose significant costs on an organization. 5. **Legal risk.** This is the uncertainty about the organization's exposure to future legal action. Model risk. This is the risk that asset valuations based on the organization's analytical models are incorrect. 6. **Tail risk**. This is the risk that extreme events (those in the tails of the distribution of outcomes) are more likely than the organization's analysis indicates, especially from incorrectly concluding that the distribution of outcomes is normal. 7. **Accounting risk.** This is the risk that the organization's accounting policies and estimates are judged to be incorrect. **MEASUREMENTS OF RISK** Measures of risk for specific asset types include standard deviation, beta, and duration. 1. **Standard deviation** is a measure of the volatility of asset prices and interest rates. Standard deviation may not be the appropriate measure of risk for non-normal probability distributions, especially those with negative skew or positive excess kurtosis (fat tails). 2. **Beta** measures the market risk of equity securities and portfolios of equity securities. This measure considers the risk reduction benefits of diversification and is appropriate for securities held in a well-diversified portfolio, whereas standard deviation is a measure of risk on a stand-alone basis. 3. **Duration** is a measure of the price sensitivity of debt securities to changes in interest rates. Derivatives risks (sometimes referred to as "the Greeks") include: 1. **Delta.** This is the sensitivity of derivatives values to the price of the underlying asset. 2. **Gamma.** This is the sensitivity of delta to changes in the price of the underlying asset. 3. **Vega.** This is the sensitivity of derivatives values to the volatility of the price of the underlying asset. 4. **Rho.** This is the sensitivity of derivatives values to changes in the risk-free rate. **Tail risk** is the uncertainty about the probability of extreme (negative) outcomes. Commonly used measures of tail risk (sometimes referred to as downside risk) include Value at Risk and Conditional VaR. 1. **Value at risk (VaR)** is the minimum loss over a period that will occur with a specific probability. Consider a bank that has a one-month VaR of \$1 million with a probability of 5%. That means that a one-week loss of at least \$1 million is expected to occur 5% of the time. 2. **Conditional VaR (CVaR)** is the expected value of a loss, given that the loss exceeds a minimum amount. Relating this to the VaR measure presented above, the CVaR would be the expected loss, given that the loss was at least \$1 million. 1. **Stress testing** examines the effects of a specific (usually extreme) change in a key variable such as an interest rate or exchange rate. 2. **Scenario analysis** refers to a similar what-if analysis of expected loss but incorporates changes in multiple inputs. A given scenario might combine an interest rate change with a significant change in oil prices or exchange rates. **Risks are not necessarily independent because many risks arise as a result of other risks; risk interactions can be extremely non-linear and harmful.** **MODIFYING RISK EXPOSURES** **Internal** 1. **Diversification** may offer a way to more efficiently bear a specific risk. 2. Sometimes the term **self-insurance** is used to describe a situation where an organization has decided to bear a risk. Note, however, that this simply means that it will bear any associated losses from this risk factor. It is possible that this represents inaction rather than the result of analysis and strategic decision making. In some cases, the firm will establish a reserve account to cover losses as a way of mitigating the impact of losses on the organization. **External** 3. With a **risk transfer**, another party takes on the risk. Insurance is a type of risk transfer. The risk of fire destroying a warehouse complex is shifted to an insurance company by buying an insurance policy and paying the policy premiums. Insurance companies diversify across many risks so the premiums of some insured parties pay the losses of others. 4. With a **surety bond**, an insurance company has agreed to make a payment if a third party fails to perform under the terms of a contract or agreement with the organization. 5. Insurers also issue **fidelity bonds**, which will pay for losses that result from employee theft or misconduct. Managements that purchase insurance, surety bonds, or fidelity bonds have determined that the benefits of risk reduction are greater than the cost of the insurance. 6. **Risk shifting** is a way to change the distribution of possible outcomes and is accomplished primarily with derivative contracts. For example, financial firms that do not want to bear currency risk on some foreign currency denominated debt securities can use forward currency contracts, futures contracts, or swaps to reduce or eliminate that risk.

Use Quizgecko on...
Browser
Browser