Risk Management

Risk and Risk Management

Lecture 1

What is Risk

Possibility of events that may have impact (negative or positive) on objectives and strategies.

Events are potential incidents or occurrences resulting from internal/external sources that effect implementation of strategies or achievement of objectives.

Events can be both positive and negative.

What is Risk

Organizational objectives are

1. Reliable financial reporting.2. Efficiency and Effectiveness of

operations.3. Safeguarding of assets.4. Compliance with laws and

regulations.

What is Risk

Events has to be identified from external or internal environment.

External conditions: Political, Economic, Social and Technological factors lead to events.

Internal Factors: Processes, Persons and Infrastructure lead to possibility of events.

Types of Risks

Business or operational risks:related to activities of business-Functions

Financial risks: relating to financial operations.

Environmental Risks: related to changes in the political, economic, social and financial environment.

Reputational Risks:

Risk classification

Means assignment of risk into categories.

There is no one widely accepted set of categories, it can vary according to the nature of business and its industry.

List of risks can be endless.

Advantages of risk classification

By grouping risks, they can be managed in common by use of similar controls.

Categorization forces managers to be more proactive for managing risks.

Categorization helps manager to use their past experience applied to one category before.

This provides a framework that can be used to define who is responsible, design controls and assist in simplified and consistent risk reporting.

A systematic approach may help identify risks in the same category.

It can help identify which risks are inter related.

Business or Operational Risk Relates to activities carried out

within the company arising from structures, systems, people, products or processes.

BASEL committee on banking supervision defined it as the risk of loss resulting from inadequate or failed internal processes, people, systems and external events.

Largely subjective. It includes business interruptions,

errors or omissions, product failure, health and safety, failure of IT system, Fraud, loss of key people, litigation, loss of suppliers etc.

Generally within control of the company through risk management practices including internal controls and insurance

Financial Risk

Financial risk is an umbrella term for any risk associated with any form of financing. Typically, in finance, risk is synonymous with downside risk and is intimately related to the shortfall or the difference between the actual return and the expected return (when the actual return is less)

Financial risks arise from an organization’s exposure to financial markets, its transactions with others, and its reliance on processes, systems, and people.

Financial Risk

Financial risk arises through countless transactions of a financial nature, including sales and purchases, investments and loans, and various other business activities. It can arise as a result of legal transactions, new projects, mergers and acquisitions, debt financing. the energy component of costs, or through the activities of management, stakeholders, competitors or foreign governments.

There are three main sources of financial risk:

Financial risks arising from an organization’s exposure to changes in market prices, such as interest rates, exchange rates, and commodity prices.

Financial risks arising from the actions of, and transactions with other organizations such as vendors, customers, and counterparties in derivatives transactions

Financial risks resulting from internal actions or failures of the organization, particularly people, processes, and systems.

Financial Risk Management

Organizations manage financial risk using a variety of strategies and products. It is important to understand how these products and strategies work to reduce risk within the context of the organization’s risk tolerance and objectives.

Types of Financial risk

Interest Rate Risk Foreign Exchange Risk Commodity prices Risk Credit Risk Liquidity Risk

Interest Rate Risk Interest rates are a key component in

many market prices and an important economic barometer. They are comprised of the real rate plus a component for expected inflation, since inflation reduces the purchasing power of a lender’s assets.

Higher risk=higher interest rate The greater the term to maturity, the

greater the uncertainty. Interest rates are also reflective of supply

and demand for funds and credit risk.

Interest Rate Risk

Interest rates are particularly important to companies and governments because they are the key ingredient in the cost of capital.

Most companies and governments require debt financing for expansion and capital projects.

When interest rates increase, the impact can be significant on borrowers. Interest rates also affect prices in other financial markets, so their impact is far-reaching.

Interest Rate Risk

Other components to the interest rate may

include a risk premium to reflect the

creditworthiness of a borrower. For example,

the threat of political or sovereign risk can

cause interest rates to rise, sometimes

substantially, as investors demand additional

compensation for the increased risk of default.

Factors that influence the level of market interest rates

Expected levels of inflation

General economic conditions.

Monetary policy.

Foreign exchange market activity.

Foreign investor demand for debt securities.

Levels of sovereign debt outstanding.

Financial and political stability

Foreign Exchange Risk

Foreign exchange rates are determined by supply and demand for currencies.

Supply and demand, in turn, are influenced by factors in the economy, foreign trade, and the activities of international investors, capital flows, given their size and mobility, are of great importance in determining exchange rates.

Foreign Exchange Risk Factors that influence the level of interest rates also

influence exchange rates among floating or market-determined currencies.

Currencies are very sensitive to changes or anticipated changes in interest rates and to sovereign risk factors. Some of the key drivers that affect exchange rates include:

• Interest rate differentials net of expected inflation• Trading activity in other currencies• International capital and trade flows• International institutional investor sentiment• Financial and political stability• Monetary policy and the central bank• Domestic debt levels (e.g., debt-to-GDP ratio)• Economic fundamentals

Theories of Exchange rate determination

Purchasing power parity, based in part on “the law of one price,” suggests that exchange rates are in equilibrium when the prices of goods and services (excluding mobility and other issues) in different countries are the same.

If local prices increase more than prices in another country for the same product, the local currency would be expected to decline in value vis-à-vis its foreign counterpart, presuming no change in the structural relationship between the countries.


The balance of payments approach suggests that exchange rates result from trade and capital transactions that, in turn, affect the balance of payments. The equilibrium exchange rate is reached when both internal and external pressures are in equilibrium.


The monetary approach suggests that exchange rates are determined by a balance between the supply of, and demand for, money.

When the money supply in one country increases compared with its trading partners, prices should rise and the currency should depreciate.


The asset approach suggests that currency holdings by foreign investors are chosen based on factors such as real interest rates, as compared with other countries.

Commodity prices Risk

Physical commodity prices are influenced by supply and demand. Unlike financial assets, the value of commodities is also affected by attributes such as physical quality and location.

Factors that effect commodity prices

1. Expected levels of inflation, particularly for precious metals.

2. Interest rates 3. Exchange rates, depending on how prices are

determined.4. General economic conditions.5. Costs of production and ability to deliver to buyers.6. Availability of substitutes and shifts in taste and

consumption patterns.7. Weather, particularly for agricultural commodities

and energy.8. Political stability, particularly for energy and

precious metals

Credit Risk

Credit risk is an investor's risk of loss arising from a borrower who does not make payments as promised. Such an event is called a default. Another term for credit risk is default risk.

Higher credit risk reduce value of securities.

It increases as time to maturity, settlement or expiry increases.

Organizations are exposed to credit risk because of business and financial transactions.

Credit Risk-examples

Investor losses include lost principal and interest, decreased cash flows and increased collection costs which arise in a number of circumstances:

A consumer does not make a payment due on a mortgage, credit card, line of credit or other loan.

A business does not make a payment due on a mortgage, credit card, line of credit, or other loan

A business or consumer does not pay a trade invoice when due.

A business does not pay an employee's earned wages when due

A business or government bond issuer does not make a payment on a coupon or principal payment when due.

An insolvent insurance company does not pay a policy obligation

An insolvent bank won't return funds to a depositor.

Liquidity Risk

Asset Liquidity is the risk that a given security or asset cannot

be traded quickly enough in the market to prevent a loss (or make the required profit).

Funds LiquidityRisk that liabilities cannot be met when they fall due.

Liquidity risk arises from situations in which a party interested in trading an asset cannot do it because nobody in the market wants to trade that asset. Liquidity risk becomes particularly important to parties who are about to hold or currently hold an asset, since it affects their ability to trade.

What is Risk Management A process to

1. Identify 2. Assess3. Manage and4. Control potential events or situations

----to provide reasonable assurance regarding the achievement of organizational objectives.

Risk Management process

Risk Identification

The method of recognizing possible threats and opportunities.

Risk Management processRisk Assessment

It consists of measurement of risk in terms of probability /impact and prioritizing risk.

Risk Management process

Risk PrioritizationRanking risks from highest to lowest.

Risk ResponseActions taken to manage risks.

Risk Management Framework

Enterprises doing risk management using a framework can be more successful.

By formally organizing risk management responsibilities, an organization is better positioned to achieve its strategic objectives.

Use of framework ensure RM activities are focused.

Enterprise risk assessment (COSO)

Risk Identification

This involves driving events/conditions from External Environment

-Economic-Price movements, lower barriers-Natural Environment-Floods, Fire-Social-changing demographics, life priorities-Technological

Internal Environment-Infrastructure, personnel, process.

Event Identification

Consider events at activity and enterprise level.

Look at history and future estimates.

Risk Management Techniques Flow Charts Organizational Charts. Questionnaires Event Inventory-events common to similar companies. Internal Analysis-detailed analysis of information. Facilitated workshops. Process flow analysis Leading event indicators (monitoring loan payment

for defaults. Loss event data methodologies (examining data on

past individual loss events to identify trends and root causes of events.

Physical Risk Inspection

Flow charts

Flow chart is a micro level technique. Better detailed activities can be known through the help of flow chart. Organizational chart is unable to give a clear picture of the risks lying in the organization and it also cannot identify the impact of the risk on the organization. The flow chart will remove these drawbacks which are found in organizational chart. The flow chart also shows that where the most important and crucial dependencies are in the process of production.

Organizational Chart

The organizational chart is very useful in identifying the risk as it explains the activities of organization and structure of the organization.

The organizational chart can be limited to the organization and it can also be extended outside the organization to show that on which suppliers and other departments the organization depends. The organizational chart will help the risk manager to locate the area where there will be risk concentration

Flow Charts

Flowchart sequentially and graphically depicts the activities of a particular organization. Any loss or any risk which will cause disruption in the operations and will therefore be the bottlenecks can be clearly identified through this technique. Flow chart shows the clear picture of the internal activities of a particular organization, particular activity of the organization and also the organization’s complete chain of economic activities.

Flow Charts

Now let us take the example of paper making industry. In which the raw material is collected which includes straw and used paper. These are then stored in store room. After that processing is done on the raw material and pulp is produced. From pulp, tissue paper, corrugated paper and fax paper will be made. From corrugated paper, corrugated sheets are prepared. Corrugated sheets are then converted into paper reels, which can be used internally for packing a product or can be used for selling it.

Flow Charts

This flow chart is drawn below and will explain that how risks can be identified from a flow chart. Used paper is normally stored under the sheds and straw in not stored under sheds, straw can itself ignite when temperature is near 40 C, therefore the risk manager will try to reduce the risk of self ignition by installing a network of hydrants around straw, which sheds water twice a day. Risk manager will try to locate the area of risk concentration and risk dependencies. Pulp making is a non-hazardous process as water is used as a raw material in it. This is how the risk manager will locate the risk in the production process by the help of a flow chart.

Questionnairs

Checklists and Questionnaires is also a technique which is widely used to search and understand the risk internally. This technique is also used to understand the impact of the risk, its frequency and its severity. Questionnaires should ideally be in either yes or no but practically it is difficult because sometimes we need details about a particular question to clearly identify the risk. The questionnaire should be very much simple and less time consuming.

Key questions should be involved and all important factors should be covered while making a questionnaire. Whenever a questionnaire is being constructed, it should involve as many people or staff as possible because everyone has its own thinking and perception about risk. By Involving different staff levels, important questions can be created which can then be very helpful for a risk manager for example the guard of the organization will also be useful for the risk manager as he can tell about the risks at his level. The technical skill of the users should be kept in mind while constructing the questionnaire.

The benefits of checklists and questionnaires are numerous as they can be extremely efficient way of collecting information from a wide range of people which are scattered in different areas. Large amount of information can be widely collected by this tool. It is a simple and easy way to use and it can be used to update the information and to see the trends against the previous surveys.

Disadvatages

There are certain disadvantages of checklists and questionnaires as well. These can be completed by someone who is not skilled and do not have knowledge to fill the questionnaire or completed by person who do not understand the objective of those questionnaires. These checklists can be ambiguous to the reader and they could understand the questions according to perceptions. These questionnaires are also at a risk of being completed by the person who may have some reasons for holding back the risk information. All these factors can create problem for risk manager for identifying the risks. Therefore the risk manager should be very much vigilant during the construction of questionnaires and checklists; it should be designed in such a format that could extract as much information as possible.

Physical Risk inspection-specialized technique for risk identification)

This is one of the most useful methods for identifying risk areas. Physical risk inspection allows the risk manager to have face-to-face conversation with the workers on the floor as well as the risk manager will have a very clear and precise picture of the risk environment of the organization.


This will not be practically possible for the risk manager to visit each and every part of the large organization; the risk manager can randomly visit the areas of organization to locate risks, change if any occur requires frequent inspections. The picture which is made on papers about the organization is totally different from the actual picture. Usually a perfect situation has been shown in the paper which in practice is not according to that.


There are specialized Risk Surveyors, who can be appointed to carry out the inspection and then report back to the management, adding their own assessment and suggestions. The reports prepared by them are very useful for the risk managers but the risk manager should keep in mind that the report prepared by risk surveyors for a particular purpose and they are not embracing all the risk events which could occur on the floor of organization.


The biggest advantage of physically inspecting risk is proper risk assessment. Identification of risk along with the suggestions of managing them is another advantage of physical inspection. The drawback of physical risk inspection is that it is quite expensive in terms of both the time and money. When the risk manager will visit the factory floor on a specific day, only the activities of that day will be reflected and remaining day’s activities will not be taken into account, which is a disadvantage in properly assessing the risk. The risk manager will not be able to physically inspect those areas which are not included in the organization but the organization is depending on that department for example suppliers of raw materials.

Risk assessment Techniques

Qualitative

Quantitative

Qualitative Techniques

Interviews.

Workshops.

Qualitative Techniques

BenchmarkingA collaborative process that to compare performance measures and results of events /processes and identify improvement opportunities.

Dimensions to check are cost, time, quality.

Internal benchmarking (compare divisions) Competitive/Industry benchmarking Best in Class

ProbabIlistic Models

Value at Risk (VaR)

Cash flow at Risk

Earnings at Risk

Non Probabilistic Models

Use subjective assumptions in estimating the impact of events without quantifying an associated likelihood. Examples include.

Sensitivity Analysis.

Scenario Analysis.

Risk Management Techniques

Also known as risk mitigation techniques or risk response techniques.

It include;1.Avoidance. (exist the activity)2.Reduction.( apply internal controls)3.Sharing and (transfer or share a

portion of risk (insurance or outsourcing)

4.Acceptance (take no action)

Risk management pitfalls

Limiting risk management to financial hazards- not considering soft issues (HR, social responsibility, reputation)

Identifying too many risks as a long list will increase chances of inadequate attention to significant risks.

Overcomplicating risk quantification.

Risk Monitoring

ERMP changes over time. Current responses may be irrelevant. Controls might have lost their

relevance. Business objectives might have

changed

Through monitoring activities management determines if ERMS is effective.

Risk Monitoring

Ongoing Monitoring

Separate Evaluations.

Risk Monitoring

Separate evaluations are done by functions.

Internal audits. Depends upon competence of people

handling control activities, changes in the processes and results of ongoing evaluations.

Reporting deficiencies.

Internal audit activity role in ERM

On a continuum from no role to managing risk management.

Give assurance report for risk management processes.