Chapter 25: Risk governance Flashcards
(18 cards)
What is risk management?
Risk management is the process of ensuring that the risks to which an organisation is exposed to, are the risks to which it thinks it is exposed and to which it is prepared to be exposed to.
List the 6 stages in the risk management control cycle
Which is considered to be the hardest?
- Risk identification
- Risk classification
- Risk measurement
- Risk control
- Risk financing
- Risk monitoring
Risk identification is seen as the hardest aspect because the risks to which an organisation is exposed are numerous and their identification needs to be comprehensive. The biggest risks are unidentified ones, as they will not have been appropriately managed
The risk identification stage of the process is more than just recognising the risks to which an organisation is exposed.
Outline the other aspects that should be identified or determined at this stage
The following should be determined / identified:
1. Whether each risk is systematic or diversifiable
2. Possible risk control processes that could be put in place for each risk
3. Opportunities to exploit risks to gain a competitive advantage
4. The organisation’s risk appetite or risk tolerance
Explain the purpose of the risk classification part of the process, i.e. grouping the identified risks into categories
Classifying risks into groups aids the calculation of the cost of risk and the value of diversification.
It also enables a risk “owner” to be allocated from the management team.
What 2 quantities will be estimated under the risk measurement stage of the cycle?
How does this help with risk management?
The 2 quantities estimated are:
1. The probability of the risk event occurring
2. The likely severity
Knowing whether a risk is high, medium or low probability and severity helps in the prioritisation of risks and deciding what control measures should be adopted.
What is risk control?
Risk control involved deciding whether to reject, fully accept or partially accept each identified risk.
Risk control measures are identified to mitigate the risks or consequences of risk events by:
1. Reducing the probability of a risk occurring
2. Limiting the severity (financial or otherwise) of the effects of a risk that does occur
3. Reducing the consequences of a risk that does occur.
What is risk financing?
Risk financing is the determination of the likely cost of a risk and making sure that the organisation has sufficient financial resources available to continue to meet its objectives.
The likely cost of a risk includes the expected losses, the cost of risk mitigation measures such as insurance premiums, and the cost of capital that has to be held against retained risk
What is risk monitoring?
Risk monitoring is the regular review and re-assessment of all the risks previously identified, coupled with an overall business review to identify new or previously omitted risks.
The objectives of risk monitoring include:
* determine if the exposure to risk and/or the risk appetite of the organisation has changed over time
* identify new risks or changes in the nature of existing risks
* report on risks that have actually occurred and how they were managed
* assess whether the existing risk management process is effective.
List 7 perceived benefits of risk management to the provider
SAMOSAS
* Stability and quality of business improved
* Avoid surprises
* Management and allocation of capital improved
* Opportunities exploited for profit
* Synergies identified (and related opportunities taken)
* Arbitrage opportunities identified
* Stakeholders in the business given confidence
List 5 objectives of the risk management process
- Incorporate all risks, both financial and non-financial
- Evaluate all relevant strategies for managing risk, both financial and non-financial
- Consider all relevant constraints, including political, social, regulatory and competitive
- Exploit the hedges and portfolio effects among the risks
- Exploit the financial and operational efficiencies within the strategies
Give an example of a portfolio effect (or portfolio hedge) in a life insurance context
A life insurer may sell both whole life assurance contracts and immediate annuity contracts. The two risks have an offsetting effect.
Explain the difference between risk and uncertainty
“Uncertainty” means that an outcome is unpredictable
“Risk” is a consequence of an action that is taken which involves some element of uncertainty, but there may be some certainty about some components of the risk
For example, the provider of a whole life assurance policy is exposed to mortality risk. There is certainty that the policyholder will die - but the timing is uncertain
Systematic risk
Risk that affects an entire financial market or system, and not just specific participants. It is not possible to avoid systematic risk through diversification.
Diversifiable risk
Risk that arises from an individual component of a financial market or system. An investor is unlikely to be rewarded for taking on diversifiable risk since, by definition, it can be eliminated by diversification.
Does a fall in the domestic equity market represent systematic risk or diversifiable risk?
It depends on the context
To an investor that is constrained only to invest in the domestic equity market, this risk cannot be diversified away and is systematic.
To a world-wide investment fund that can invest in many markets, the risk is diversifiable.
What does it mean to manage risk at the business unit level and what are the key disadvantages to this approach?
The parent company would determine its overall risk appetite and then divide it among the business units.
Each business unit would then manage its risk within the allocated risk appetite.
The key disadvantage of this approach is that it makes no allowance for the benefits of diversification or pooling of risk, and the group is unlikely to be making best use of its available capital.
What does it mean to manage risk at the enterprise level?
List 6 benefits of risk management at enterprise level
A preferrable approach is to establish the group risk management function as a major activity at the enterprise level. The group can then impose similar risk assessment procedures on the various business units, which will enable the results from the various models to be combined into a risk assessment model at the entity level.
The benefits include:
1. By examining the risk at group level, allowance can be made for pooling of risk, diversification achievable and economies of scale. This should prove to be the most capital efficient way of managing risk
2. Enterprise risk management involves considering the risks of the enterprise as a whole rather than considering individual risks in isolation.
3. This allows the concentration of risk arising from a variety of sources within an enterprise to be appreciated, and for the diversifying effects of risks to be allowed for.
4. It will give the group management insight into the areas with resulting undiversified risk exposures where the risks need to be ransferred or capital set against them.
5. Such an approach enables the company to take advantage of opportunities to enhance value, i.e. if they understand their risks better, they can use them to their advantage by taking greater risks in order to increase returns.
6. It is not just about reducing risk - it is also about the company putting itself into a better position to be able to take advantage of strategic risk-based opportunities.
Outline the roles of various stakeholders in risk governance
- Internal stakeholders: In an efficiently run organisation, all members of staff are stakeholders in risk governance. Reports from staff on risk should be noted and rewarded through the normal appraisal system.
- ERM and the board: A successful ERM programme can help the board to discharge its responsibilities by setting the company’s risk appetite and establishing a suitable ERM framework to manage risk within these boundaries.
- The Central Risk Function (CRF): The role of the CRF is to give advice to the board on risk, assessing the overall risks being run by the business, making comparisons of the overall risks being run with its risk appetite, acting as a central focus point for staff to report new and enhanced risks, giving guidance to line managers about the identification and management of risks, monitoring progress on risk management and pulling the whole picture together. It doesn’t normally manage risk itself.
- The Chief Risk Officer (CRO): Responsibilities include managing the various risk functions, providing leadership and direction, designing and implementing an ERM framework across the company, ongoing risk policy development, risk reporting, allocation of capital across the firm, communicating with stakeholders about the organisation’s risk profile and developing systems to analyse, monitor and manage risk.
- External stakeholders: Organisation can also encourage their customers to note and report risks that they come across in using the company’s products or visiting the company’s premises. Other stakeholders may have a strong interest in risk governance within an organisation such as the shareholders, regulators and credit rating agencies.
