Introduction to risk management

Risk Management

•Topic 1. Introduction to Risk Management

Risk Management•Introduction

•Risk Management Fundamentals

•Risk Management Process

•Risk Management Implementation

Introduction• An important general principle in finance is that there is a trade-off between risk and return.

• Higher expected returns can usually be achieved only by taking higher risks.

Risk Management Defined

Risk management is the process of identifying, assessing, and controlling risks arising from operational factors and making decisions that balance risk costs with mission benefits.

Risk Management Concepts & Philosophies

What is risk management?

An iterative process to identify, assess, reduce, accept, and control risks in a systematic, proactive, comprehensive and cost effective manner, taking into account the business, costs, technical, quality and schedule programmatic constraints.149

Principles • Integrating risk management into mission

planning, preparation, and execution.

• Making risk decisions at the appropriate level in the chain of command.

• Accepting no unnecessary risk.

Risk Management Process Risk management is the process of identifying and controlling hazards to conserve combat power and resources.

There are 5 steps involved in risk management.

ProcessesWhat are the elements of a “Risk Management

Program”?

152

5 Steps of Risk Management

Step 1. Identify hazards.Step 2. Assess hazards to determine risks.

Step 3. Develop controls and make risk decisions.

Step 4. Implement controls.Step 5. Supervise and evaluate.

5 Steps (cont) Steps 1 and 2 together comprise the risk assessment. In Step 1, individuals identify the hazards that may be encountered in executing a mission. In Step 2, they determine the direct impact of each hazard on the operation. The risk assessment provides for enhanced situational awareness. This awareness builds confidence and allows units to take timely, efficient, and effective protective measures.

5 Steps (cont)Steps 3 through 5 are the essential follow-through actions to effectively manage risk. In these steps, leaders balance risk against costs—political, economic, environmental, and to combat power— and take appropriate actions to eliminate unnecessary risk. During execution, as well as during planning and preparation, leaders continuously assess the risk to the overall mission and to those involved in the task. Finally, leaders and individuals evaluate the effectiveness of controls and provide lessons learned so that others.

ProcessesRisk Management Tools (examples 9134)

156

ProcessesRisk Management Tools (examples 9134)

157

ProcessesRisk Management Tools (examples 9134)

158

Types of Risk Management•There are 2 types of risks:

1. Tactical risk

2. Accident Risk

Tactical Risk

Tactical risk is risk concerned with hazards that exist because of the presence of either the enemy or an adversary. It applies to all levels of war and across the spectrum of operations.

Accident Risk• Accident risk includes all operational risk considerations other than tactical risk. It includes risks to the friendly force. It also includes risks posed to civilians by an operation, as well as an operations impact on the environment. It can include activities associated with hazards concerning friendly personnel, civilians, equipment readiness, and environmental conditions.

Risk Management Concepts & Philosophies

Examples of types of risks

FinancialStrategic Compliance / Effectiveness Operational / Planning including physical & environmental

Human Factors Political (import export controls) Environment Health & Safety Ethical, legal, image

162

Risk Management Terms• Hazard• Risk• Probability• Severity• Exposure• Controls• Risk assessment• Residual Risk

Hazards

Any existing or potential condition that can cause injury, illness, or death; damage to, or loss of equipment and property; or degradation of the mission.

Risk

The chance of hazards or bad con-sequences; exposure to injury or loss. The risk level is expressed in terms of hazard probability and severity.

Risk Management Concepts & Philosophies

What is Risk?

ISO 31000:An undesirable situation or circumstance that has both a likelihood of occurring and a potentially negative consequence

166

ProbabilityThe likeliness that an event will occur.

• Frequent-occurs often.• Likely - Occurs several times.• Occasional - occurs sporadically.• Seldom – Unlikely, but could occur.• Unlikely – Probably won’t occur.

SeveritySeverity is the expected result of an event (degree of injury, property damage or other mission impairing factors.

• Catastrophic• Critical• Marginal• Negligible

SeverityCATASTROPHIC (I)Loss of ability to accomplish the mission ormission failure. Death or permanent totaldisability (accident risk). Loss of major ormission-critical system or equipment. Majorproperty ( facility) damage. Severeenvironmental damage. Mission-criticalsecurity failure. Unacceptable collateraldamage.

SeverityCRITICAL (II)Significantly (severely) degraded missioncapability or unit readiness. Permanentpartial disability, temporary total disabilityexceeding 3 months time (accident risk).Extensive (major) damage to equipment orsystems. Significant damage to property orthe environment. Security failure.Significant collateral damage.

SeverityMARGINAL (III)Degraded mission capability or unitreadiness. Minor damage to equipment orsystems, property, or the environment. Lostday due to injury or illness not exceeding 3months (accident risk). Minor damage toproperty or the environment.

SeverityNEGLIGIBLE (IV)Little or no adverse impact on missioncapability. First aid or minor medicaltreatment (accident risk). Slight equipmentor system damage, but fully functional andserviceable. Little or no property orenvironmental damage.

Risk Assessm ent M atrix

Probability

Severity

Frequent

A

Likely B

Occasional

C

Seldom

D

Unlikely

E Catastrophic

I

Critical

II

M arginal

III

Negligible

IV

E – Extremely High Risk H – High Risk M – M oderate Risk L – Low Risk

Exposure & ControlsExposure is the frequency and length of time employess, equipment, and missions are subjected to a hazard.

Controls are the actions taken to eliminate or reduce the risks identified.

Risk AssessmentRisk Assessment is the identification and assessments of an individual hazard or all identified hazards combined to complete a task.

Risk Assessment Matrix is often used to estimate the degree of severity and probability for each hazard.

Residual RiskResidual Risk is the level of risk remaining after controls have been implemented. Controls are altered until the residual risk is at an acceptable level or until it cannot practically be further reduced.

This is for one task.

Overall Residual RiskOverall residual risk of a mission must be determined when more than one hazard is identified. The residual risk for each of these hazards may have a different level, depending on the assessed probability and severity of the hazardous incident. Overall residual mission risk should be determined based on the incident having the greatest residual risk. Determining overall mission risk by averaging the risks of all hazards is not valid. If one hazard has high risk, the overall residual risk of the mission is high, no matter how many moderate or low risk hazards are present.

Risk Management Implementation

Leaders at all levels are responsible and accountable for managing risks by ensuring that hazards and associated risks are —

• Identified during planning, preparation, and execution of operations.

• Controlled during preparation and execution of operations.

Implementation

• Risk management is a two-way street.

• The objective of managing risk is not to remove all risk, but to eliminate unnecessary risk.

Z score Multivariate Bankruptcy Prediction

ModelsAltman’s Z-Score:

AssetsTotalSales

sLiabilitieofValueBookEquityofValueMarket

AssetsTotalTaxesandInterestBeforeEarning

AssetsTotalEarningstained

AssetsTotalCapitalWorkingNetscoreZ

0.1

6.03.3

Re4.12.1

We can convert the Z-score into a probability of bankruptcy using the normal density function within Excel. The formula is: =NORMSDIST(1-Z score). Altman developed this model so that higher positive Z-scores mean lower probability of bankruptcy.

The principle strengths of MDA are as follows:

• It incorporates multiple financial ratios;

• It provides the appropriate coefficients fro combining the independent variables;

• It is easy to apply once the initial model has been developed.

Each ratio captures a different dimension of profitability or risk:

• Met Working Capital/Total Assets: the proportion of total assets comprising relatively liquid net current assets (current assets minus current liabilities). It is a measure of short-term liquidity risk.

• Retained Earnings/Total Assets: accumulated profitability.

• EBIT/Total Assets: this ratio measures current profitability.

• Market Value of Equity/Book Value of Liabilities: this is a form of debt/equity ratio, but it incorporates the market’s assessment of the value of the firm’s shareholders’ equity. This ratio measures long-term solvency risk and the market’s overall assessment of the profitability and risk of the firm.

• Sales/Total Assets: this ratio is similar to the total assets turnover ratio and indicates the ability of a firm to use assets to generate sales.

Assumptions• In applying this model, Altman found that Z-scores of less than 1.81 indicated a high probability of bankruptcy, while Z-scores higher than 3.00 indicates a low probability of bankruptcy. Scores between 1.81 and 3.00 were in the gray area.

Two approaches• Risk decomposition involves managing risks one by one.

• Risk aggregation involves relying on the power of diversification to reduce risks.

• Banks use both approaches to manage market risks. Credit risks have traditionally been managed using risk aggregation, but, with the advent of credit derivatives, the risk decomposition approach can be used.

Questions?