Ch 29: Risk measurement and reporting Flashcards

1
Q

Describe how the risk identification “brainstorming” approach can be extended to obtain a subjective assessment of risk exposure

A

The probability and severity of each risk event are both estimated (separately) using a simple scale.

The product of the probability and severity assessments gives a score on a scale. This provides an assessment of each risk event and allows them to be ranked and prioritized.

The assessment would be carried out with and without possible risk controls.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Outline how a model could be used to assess a risk event

A

Distributions need to be assigned to both the probability and severity of the risk event (unless the latter is a fixed amount rather than a RV, such as for a without profit term assurance policy).

To quantify the risk simply, the company could define an event and then use historical data to determine a probability distribution for that event. Alternatively, the frequency of the event could be defined and this could be used to determine the loss parameter.

A decision needs to be made as to whether a STOCHASTIC or DETERMINISTIC model is appropriate.

The availability of data to parameterize the model may influence the decision as to which model (if any) is used. This is particularly important when considering RARE EVENTS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

State 5 ways of evaluating risks

A
  1. Scenario analysis
  2. Stress testing
  3. Combined stress and scenario testing
  4. Reverse stress testing
  5. Stochastic modelling
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Outline 4 steps that should be involved in a scenario analysis to evaluate operational risk

A
  1. Group risks into broad categories. This should involve input from a wider range of senior individuals in the organization.
  2. Develop a plausible adverse scenario of risk events for each group of risks, which is REPRESENTATIVE of ALL the risks in the group.
  3. Calculate the consequences/costs of the risk event occurring for each scenario, again involving senior staff.
  4. Calculate the total costs of all risks represented by the scenario.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Suggest 6 categories into which operational risks might be divided for the purpose of scenario analysis

A
  1. Fraud
  2. Loss of key personnel
  3. Mis-selling of financial products
  4. Calculation error in the computer system
  5. Loss of business premises
  6. Loss of company e-mail access
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is stress testing?

A

Stress testing is a deterministic method of modelling EXTREME risk event. It is commonly used to model extreme market movements, but can be applied to other risks. (e.g. credit, liquidity)

In relation to market risk it involves subjecting a portfolio to extreme market movements by radically changing the underlying assumptions and characteristics - including changing asset class correlations and volatilities, which are often observed to increase during extreme market events.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Outline two types of stress test

A

Two types of tests are designed to:
1. Identify ‘weak areas’ in the portfolio and investigate the effects of localized stress situations by looking at the effect of different combinations of correlations and volatiltiies.

  1. Gauge the impact of major market turmoil affecting all model parameters while ensuring consistency between correlations while they are stressed.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Explain what is meant by reverse stress testing

A

This is the combination of a severe stress scenario that only just allows the company to be able to fulfill its strategic business plan.

Equivalently, it is the scenario which would just be enough ti stop them doing so.

The scenario might be financial or non-financial.

Although it might be an extreme scenario, it must be PLAUSIBLE!!!

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Describe how a stochastic model could be used to evaluate a particular risk

A

The variables that gives rise to the risk are treated as RVs with probability distributions.

The model must be DYNAMIC, with full interactions/correlations between variables.

The model can be run to determine the amount of capital that is needs to (just) void ruin with a given probability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Outline 3 approaches to limiting the ideal scope of a stochastic model in order to make the model more practical

A
  1. Restrict the time horizon that the model projects
  2. Limit the number of variables that are modelled stochastically and model the other variables deterministically with scenario testing.
  3. Carry out a number of runs each with a different single stochastic variable, followed by a single deterministic run using all the worst case scenarios together.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Outline how the overall capital requirement for a combination of risks relates to the individual risk capital requirements, if the risk events are:
- fully dependent

A

The overall capital requirement is the sum of the individual capital requirement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Outline how the overall capital requirement for a combination of risks relates to the individual risk capital requirements, if the risk events are:
- fully independent

A

The overall capital requirement is LESS than the sum of the individual capital requirements (the difference is the diversification benefit). Under certain assumptions, the overall capital requirement can be determined as the square root of the sum of the squares of the individual risk capital requirements.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Outline how the overall capital requirement for a combination of risks relates to the individual risk capital requirements, if the risk events are:
- partially dependent

A

The overall capital requirement is less than the sum of the individual risk capital requirements. The diversification benefit depends on the degree of correlation (possibly negative) between the risks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

List 3 methods of aggregating partially dependent risks

A
  1. Stochastic model
  2. Correlation matrix
  3. Copulas
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

How can liability risks be measured?

A

Liability risks can be measured by an analysis of experience, e.g. actual deaths divided by expected deaths.

It is important to ensure CONSISTENT classification and measurement of the risk event and the exposure to risk.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Outline 3 drawbacks of using VaR as a measure of risk

A
  1. It is often calculated assuming a normal distribution of returns, whereas this is not necessarily true in practice as distributions may be ‘fat-tailed’ or skewed.
  2. VaR can be calculated using a different distribution but DATA is often sparse, particularly within the tails, and it is difficult to fit an accurate distribution.
  3. VaR does not quantify the size of the tail, i.e. what the loss might be beyond the VaR confidence level.
17
Q

Describe what is meant by a “risk portfolio” and what it might contain.

A

A risk portfolio is a means of categorizing the various risks to the company or individual. Against each risk the likely impact and probability of occurrence are recorded. The product of these measures gives an idea of the relative importance of the various risks.

The risk portfolio can be extended to indicate how each risk has been dealt with, e.g. accepted, rejected transferred or managed. Where risk has been mitigated, the risk portfolio can include a revised assessment of the remaining risk.

For retained risks, the risk portfolio could also include details of control measures, reassessment after controls, risk owners, committee/senior management with oversight, identification of concentrations of risk and the need for management in these areas.

18
Q

Give 10 reasons why regular risk reporting is important within a business

A

FRAUD CRIME

  • Financing (appropriate price, reserves, capital requirements)
  • Rating agencies (to help determine appropriate rating)
  • Attractiveness to investors
  • Understand better (risks and their financial impact)
  • Determine appropriate control systems
  • Changes over time
  • Regulator
  • Interactions
  • Monitor effectiveness of controls
  • Emerging risk identification
19
Q

Explain why, if risk is managed at the enterprise level, it is necessary to have a coherent system of risk reporting across the whole enterprise

A

As part of ERM, each business unit will have been given a risk exposure allocation. The benefits of diversification are likely to rely on each unit taking on the exposure allocated. Therefore, it is necessary that each unit report on the exposure that they are taking, in a CONSISTENT way.

If this does not happen, there is a risk that additional capital will be required to cover the undiversified risks.

20
Q

The process of determining the amount of capital to hold can be divided up into two modelling steps.

What are these steps?

A
  1. A model is used to determine the risk event at the required level of probability. A stochastic model could be used to determine this.
  2. A second model is used to determine the consequences/cost of the risk event determined in 1. A deterministic model is likely to be used to determine this.
21
Q

State 5 issues to consider when assessing the risk-based capital requirements.

A
  1. Should the ruin probability be expressed over a single year or over the whole run-off of the business?
  2. Modelling more than 2 variables stochastically is probably impractical. Therefore, a method of assessing the correlation between variables is needed, e.g. a correlation matrix.
  3. The effect of multiple risk events may be greater or less than the sum of the individual risks due to interactions between the risks.
  4. Some risks, such as operational risks, are highly subjective. In order to construct a plausible adverse scenario with a given ruin probability, it is necessary to look beyond risk events that have already occurred.
  5. Past data must be used with caution when estimating the consequences of rare events.