Professional Documents
Culture Documents
Administration Administration Administration and operational Risks operational Risks and Operational Risks
Risk and Risk and Organizational Planning anizational Planning Organizational Planning
5 4
Enterprise Risk Management syllabus
Risk Management Risk Management and formation Systems nformation Systems Information Systems
Historically, within both private and public organizations,Risk management has traditionally been segmented and carried out in silos.
This has arisen for a number of reasons, such as the way our mind works in problem solving, the structure of our business organizations and the evolution of risk management practice.
3
There is clearly the tendency to want to compartmentalize risks into distinct mutually exclusive categories and this would appear to be as a result of the way we sub divide problems to Credit risk manage them. Interest rate risk
Equity risk Currency risk
Commodity risk
Underwriting risk Operational risk Reputational risk
4
ERM is a response to the sense of inadequacy in using a silo based approach to manage increasingly interdependent risks. The discipline of ERM, sometimes referred to as strategic business risk management,is seen as a more robust method of managing risk and opportunity and an answer to the business pressures.
5
ERM is designed to improve business performance . It is relatively a new approach, whereby risks are coordinated and integrated way across an entire business.
ERM is about understanding interdependencies between the risks, how materialization of a risk in one business area may increase the impact of risks in another business area. ERM is an illustration of integrated approach to risk management.
7
Process
affected
Management
designed
ERM is; a process, affected by an entitys board of directors, management and other personnel, applied in strategy setting and across the enterprise ,designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives
8
Personnel
With an ERM approach, the scope of risk management is enterprise wide and the application of risk management is targeted to enhancing as well as protecting the unique combination of tangible and intangible assets comprising the organizations business model.
With market capitalizations often significantly exceeding historical balance sheet values, the application of risk management to intangible assets is critically important.
10
Just as potential future events can affect the value of tangible physical and financial assets, so, too can they affect the value of intangible assets eg customer assets, employee/supplier assets and organizational assets such as entitys distinctive brands, differentiating strategies, innovative
processes and proprietary systems.
11
This is the essence of what ERM contributes to the organization- an elevation of risk management to a strategic level by broadening its application to all sources of value, not just physical and financial ones.
12
a. Meaning ,nature of risk-sources of risks b. Types of risks c. Concept of risk management d. Purpose and objective of risk management e. Risk Management techniques f. Limitations of risk management g. Costs of risk management
13
Meaning of Risk
Webster says that Risk is the possibility of something unpleasant happening or the chance of encountering loss or harm.
Risk is the possibility of the actual outcome being different from the expected outcome.
14
Meaning of Risk
Risk includes both the downside and the upside potential. Downside potential is the possibility of the actual results being adverse compared to the expected results. On the other hand, upside potential is the possibility of the actual results being better than the expected results
15
Definition of Risk The Chinese symbol for risk best captures the positive and negative outcomes of risk;
The symbol for risk is a combination of danger (crisis) and opportunity, representing the downside and upside of risk.
16
Meaning of Risk
The terms risk and uncertainty often used are interchangeable. There is a clear distinction between certainty, uncertainty and Risk.
Certainty is the situation where it is known what will happen, and happening or non happening of an event carries 100 % probability. Uncertainty is where even the probable outcomes are unknown. It reflects total lack of knowledge of what might happen
17
Meaning of Risk
Risk is variable which can be calibrated, measured and compared. The degree of risk attached to an event is generally linked to the likelihood of the occurrence of an event Risk is a function of the probability of an outcome being different from that expected,but also its potential intensity,if it occurs. . 18
Meaning of Risk
The magnitude of the probable outcomes and the probability of their occurrence together determine the riskiness of an event. Risk is measured using standard deviation.
19
Meaning of Risk
Risk is different from peril and hazard. While risk is the possibility of a loss, peril is the cause of loss. Hazard is a factor that may create or increase the possibility of a loss in the face of an undesired event or may increase the possibility of the happening of the undesired event.
20
Sources of Risk If a company is exposed to a risk the impact should finally be felt on the values of its assets and liabilities. In some cases ,the impact may be direct while in others it may be indirect. The concept of risk becomes relevant only when there are assets and liabilities and are risk sensitive either immediately or in future- eg fire,a
source of risk- can affect directly the inventory. When a fire destroys the inventory there can be a consequential indirect impact on the profits of the company.
21
ERM: shift in focus From Fragmented Negative Reactive Ad hoc Historical looking Cost based Narrowly focused Silos Functionally driven To Integrated Positive Proactive Continuous Forward Looking Value- based Broadly focused Systemic Process -driven
External source
Internal source
Financial source
Types of Risks
Hazard Risk is related to natural hazards, accidents, fire etc that can be insured
Financial Risk has to do with volatility in interest rates exchange rates,default on loans ALM mismatches etc
24
Types of Risks
Operational Risk is associated with systems, processes and people and deals with succession planning, human resources. Information technology control systems and compliance and regulation
Strategic Risk stems from an inability to adjust to changes inthe environment such as changes in customer priorities, Competiveness conditions and geopolitical developments
25
Sources of Risks in General insurance The underwriting function needs to ensure that a robust infrastructure is in place so when individual accounts are underwritten the underwriter has: i. adequate information on the risk, such that the exposures can be reasonably known and understood, ii. the skills and experience required to analyze the risk, and iii. the ability and incentive to design coverage and price the account properly
26
An underwriting infrastructure also needs to be in place to allow for the meaningful capture of data on the risks underwritten. This is necessary to monitor concentrations, meet any regulatory reporting requirements and have the ability to manage the underwriting of individual accounts to remain within agreed limits on aggregate concentrations.
28
Principle 2
Principle 3
We are not always rational about the way we assess or deal with risk
Principle 4
29
Principle 6
Good risk measurement / assessment should lead to better decisions The key to good risk management is deciding which risks to avoid, which ones to pass through and which to exploit
The tools to assess risk and the output from risk assessment should be tailored to the decision making process rather than the other way round
Principle 7
Determining which risks should be hedged, which should not, ,and which should be taken advantage of is key to successful risk management
30
2
3
T quantify such risks where possible in terms of likely impact on profits or capital of the organization
High light extreme risks that are not included in the quantification process and be alert the management on such risks on a regular basis
4
5 6 7
Improve the organizational awareness and appreciation of various risks and the need to manage them
Improve margins through reduced risks,lower cost of capitaland improve capital availasbility for for business and regulatory purposes Assist the business and product development divisionsin developing appropriate products and services Develop objective performance evaluation methods like RAROC.
31
Principle 8
Principle 9
Managing risk well is the essence of good business practice and everyones responsibility
To succeed at risk management, we have to embed it in the organization through its structure and culture
32
Loss Control
Risk becomes relevant if one is holding an asset/liability which is vulnerable to risk. Avoidance refers to not holding such an asset/liability as a means of avoiding risk. This model can be adopted more as an exception rather than a rule for obvious reasons.
33
Separation
Combination
Transfer
Loss Control
Separation
Combination
Transfer
Attempt to reduce either the possibility of a loss or the quantum of loss. Loss control measures are used in respect of risks which cannot be avoided. These risks might have been assumed either voluntarily or because they could be avoided. The objective of the measures is either to prevent loss or to reduce the probability of loss -eg, insurance, loans at floating rate of interest to ensure protection against rising interest rates
34
Loss Control
The scope for loss by concentrating an asset at a single location can be reduced by distributing it at different locations. Assets required for consumption such as inventory can be placed at multiple locations so that the loss in case of accident is minimized.
In the process risk centers get increased.
Separation
Combination
Transfer
35
Loss Control
The risk of default is less when financial assets are distributed over a number of number of issuers instead of locking in the same with a single issuer.
Separation
It pays to have multiple suppliers of raw materials instead of relying on a sole supplier. A well diversified company has a lower risk experiencing recession.
36
Combination
Transfer
Risk Management
Avoidance
Separation
Combination
-The risk can be transferred by transferring the asset /liability itself. -Transferring the risk without transferring the asset /liability eg swaps in forex . -Making third party pay for losses without transferring the risk- insurance policy for
cars
37
Transfer
Limitations of Risk Management Risk Management cannot prevent the adverse events from happening. Quantitative models used in risk management have limitations. Even the most popular tool like VaR suffers from limitations. Risk management is a tool in the hands of management and the quality of governance decides the quality of risk management and vice versa.
38
Risk models are based on historic data and most models assume that the historical data follows a uniform distribution .Such assumptions may not not hold good during bursts of stress in the market.
39
Risk management is also subject to limitation that it tries to simplify the risk by arriving at a few risk numbers.While such quantification of risk prima facie is alright, the dynamic nature and their ever changing linkages require a more dynamic approach to measuring risk using tools like scenario analysis or sensitivity analysis
40
42
Costs of Risks
There are various costs involved in the management of risk like the following; - Risk Identifying Costs - Risk Handling Costs - Actual losses - Social costs - Loss Financing Costs - Loss Control Costs - Cost of residual Uncertainty
43
Costs of Risks
Risk Identifying Costs
Risk identifying costs are those costs which an enterprise incurs to identify and analyze the risk like fees for consultants. Given the fact that most preventive measures are estimated on an ex ante basis*, risk identifying costs are estimates of the cost of losses.
* before the event
44
Costs of Risks
Risk Handling Costs After the risks are identified, certain expenses of handling them are to be incurred like insurance premia, alarm installation and loss prevention devices in addition to the man hours spent on risk handling
45
Costs of Risks
Actual Losses Actual losses imply direct and indirect losses. Damages caused by fire, death of personnel, loss of production and finished goods are direct losses. While indirect losses imply productivity reduction, stoppages which will happen if the fire takes place. Social Costs These are the costs that the company may have to undertake to compensate the Society for the damages caused by its actions eg Union Carbide
46
Costs of Risks
Loss Financing Costs These costs also include insurance policies hedging arrangements and other contractual risk transfers etc Loss Control Costs Loss control costs are the increased precautions and limits on the risk activities in order to reduce the chances of recurrence of risks eg, timely maintenance of machinery.
47
Costs of Risks
Residual Uncertainty Cost After the magnitude of losses are eliminated through various measures like insurance policies, loss control etc there are certain risks still remain uncovered. These are usually small in nature and known a residuary risks.
48
Principle 2
Principle 3
Principle 4
Principle 6
Principle 7
Principle 8
Principle 10
Risk management should be dynamic,iterative and responsive to change Risk management Should be capable of continual improvement and enhancement
Principle 11
51