Download - Introduction to Risk Management
Introduction to Risk Management
Risk Management Fall 2013
Risk Defined
• Risk – possibility of a deviation between actual and
expected outcomes
• Comes from an early Italian word risicare, meaning “to
dare”
• Thus, risk is considered a choice rather than a fate
• Consider a risk that is not taken voluntary
• Risk is not synonymous with “possibility of loss” or “cause
of loss”
• Example of starting a new businesso Positive vs. negative risks
Traditional vs. Contemporary View
• Traditionally, risk and risk management focused on
accidental and hazard exposures, with only negative
outcomeso Pure risk exposures only
• Risk and Risk Management has evolved to take a more
holistic approach to encompass negative and positive
possible outcomeso Pure and speculative risk exposures
Impetus for Change in Risk Management Focus• Numerous high-profile large organizations failures
o Enrono Arthur Andersono Washington Mutualo Tycoo WorldCom
• Financial Crisis of the 2000’s• 2011 Tsunami in Japan – killed approximately 16,000 people• These events made it clear that organizations need to evaluate
and manage supply chain risk• Sarbanes-Oxley Act of 2002
o Requires controls to be disclosed and announced by public companies and their registered auditors in financial information.
o OECD (Organization for Economic Co-operation and Development and World Bank initiatives and the European Union promoted initiatives and Solvency standards for risk management in financial organizations.
Important Risk Dichotomies
• Hazard (or pure) risks and speculativeo Traditional focus on specific, catastrophic exposures
o Examination of exposures in isolation
o Speculative risks include Price and Credit Risk (p. 1.24)
• Subjective and objective risk (table p. 1.24)
• Diversifiable and non-diversifiable risko Diversifiable – affects only some individuals, businesses or groups
• Fire, theft, embezzlemento Non-diversifiable affects a large segment of society
• Unemployment, inflation, and natural disasters
Categories of Risk
• Hazardo Includes property, liability, or personnel loss exposures
• Operational Risko Result from the failure in processes, systems, or controls
• Financial Risko Result from the effect of market forces on financial assets or liability;
includes market risk, credit risk, liquidity risk, and price risk
• Strategic Risko Arises from trends in the economy and society; changes in the
demographic, economic, political, and competitive environments
Why Do We Need Risk Management?
• “Ben Bernanke said in 2008 that a significant factor
causing the 2008 financial crisis was risk-management
weaknesses at large global financial institutions.
• “Banks Bundled Bad Debt, Bet Against it and Won” article
o http://www.nytimes.com/2009/12/24/business/24trading.html?pagewanted=all&_r
=1
&
• Risk Mitigation and Risk Transfer benefit not only the individual
organization but the economy as a whole.
Benefits of Risk Managements to Society
• Reduced waste in resources
• Improved allocation of productive resources
• Reduced systemic risk
RM Tools
• Risk Management techniques:o risk avoidance
o risk control
• hazard or loss reductiono risk retention
o risk transfer
• Hedging and sub-contracting• Insurance
Total Cost of Hazard Risk
• Includes
• Costs of losses not covered by insurance or other sources
• Insurance premiums or expenses incurred for
noninsurance indemnity
• Costs of risk control techniques to reduce accidental losses
• Costs of administering risk management initiatives
Focus of Risk Management
• Reduce the potential loss frequency and loss severity
• Reduce deterrence effects of Hazard risks
• Reduce and managing the downside risko Potential loss from new product from delays, errors, cost
increases, market decline.
o May use stop-loss limits in insurance
• Intelligent Risk Taking
• Maximizing Profitability
Risk Management Goals
• Tolerable Uncertainty
• Legal and Regulatory Compliance
• Survival
• Business Continuity
• Earnings Stability
• Profitability and Growth
• Social Responsibility
• Economy of Risk Management Operations
Changes and trade-offs in Goals?
• Profitability and tolerable uncertainty
• Economy of operations and legality or social responsibility
• Growth vs. tolerable uncertainty
Holistic Risk Management
• Manages risk across all levels and functions within an
organization
• Provides a more complete picture of an organization’s risk
portfolio and profile
• Provides for better decisions and improved outcomes for
senior management
• Facilitates a complete understanding of the risks involved
Regulatory Requirements
• Sarbanes-Oxley Act of 2002o Requires both the management of public companies and their
auditors to assess and report on financial risk and controls
• Dodd-Frank Act of 2010 requires that financial bank
holding companies and certain other public companies
have a risk committee and at least one member of the
committee must be a risk management expert
• Basel III and Solvency II in Europe provide risk
management requirements for financial firms and insurers.
Enterprise Risk Management (ERM)
• Holistic approach to risk management
• Provides a way to manage all of an organization’s risks, including
operational, financial, and strategic risk.
• Three theoretical pillars to explain ERMo Interdependency – should not consider exposures as “silo events”
• Eg., mortgage loans in different geographic areas are not independent
o Correlation – increases risk
• Eg., if all suppliers are in hurricane areao Portfolio Theory – assumes both individual risk and their interactions;
• Eg., an airline may have increased portfolio risk with increased fuel prices; this will also impact consumer demand
Organizational Relationships
• CRO - Chief Risk Officer – reports to both the chief
executive officer and the board risk committeeo Responsibility includes helping create culture in which
divisions, units, and employees become Risk Owners.
Requirements for Implementing ERM
• Risk managers must have authority to make and enforce
necessary changes, often against significant resistance
• Effective Communication
• Knowledge of the type of information the CEO and other
senior managers need to understand the organization’s
risk portfolio.
• The ability to avoid “entrenched silos”, decisions made
without considering the impact on other divisions or on the
overall organization.
Risk Management Framework and Process – Chapter 5
• Components and sets of the RM model
Traditional Steps in the RM Process
• Identify and analyze loss exposures
• Examine feasibility of alternative management techniques
• Select risk management technique
• Implement
• Monitor and improve risk management program
How do we identify the Risk Management exposures?
• survey/questionnaire
• loss history of an organization
• financial statements
• other records and documents
• flowchart of organization’s operations
• personal inspection of facilities
• Professional experts
Examine the feasibility of RM Techniques
risk control techniques- exposure avoidance- loss prevention- loss reduction- segregation of loss exposures - contractual transfers for risk control
risk financing techniques- retention- transfer
Risk Financing
• Retentiono Current expensing of losseso Unfunded reserveo Funded reserveo Borrowing o Captive• Transfer
o Contractual transfer for risk financingo Commercial insuranceo Hedging
Focus of Analysis
• Potential loss frequency
• Potential loss severity
• Risk Control to Prevent losses
• Risk financing to reimburse for losses
• most risk control and risk financing techniques can be
adapted to deal with business risks
Select the RM Technique
• forecasts o The frequency and severity of the
expected losso The effects of various RC and RF
techniques will have on the predictability, frequency, and severity of loss
o The cost of the technique• selection criteria
o Financial and other constraints
Implement the RM Decision
• technical decisions
• managerial decisions
Monitor the RM Program
• establish standards of acceptable performance• compare actual results with standards• correct substandard performance
Steps to the Enterprise-wide RM Process
• Scan the Environment
• Identify risks
• Analyze risks
• Treat risks
• Monitor and make sure the process is effective
• (chart p. 5.19)
Four components of the ERM framework
• Lead and establish accountability
• Align and integrate
• Allocate resources
• Communicate and report
Establishing Accountability
• Identify RISK OWNERS and their roles in the organizationo Someone who is accountable for the identification, assessment,
treatment, and monitoring of risks in a specific environment• Establish Key performance Indicators (KPI)
o A measurement that defines how successfully an organization is progressing toward its long term goal
• Establish key risk indicators (KRI) and use them to evaluate performance
• Develop risk criteria to evaluate the significance of risks
Power, Inc. Case.
• Page 5.22-5.5.30