in the Monte Carlo approach the market factors are simulated according to a definedstatistical distribution. Then the simulated market factors are applied to the currentportfolio to observe the changes in value.
the variance-covariance approach works differently. It derives historical riskmeasures like standard deviation and correlation for each market factor. Then itapplies these risk measures to the current portfolio, (after breaking down theportfolio into standard instruments) to derive the value at risk.
What can go wrong in using VaR?VaR cannot sense a catastrophic event as it pays attention to ‘normal’ loss and not‘abnormal’ loss
It is said that VaR is a measure of ‘normal’ market risk. But what is normal? If one says thatthere is a 5% probability that a portfolio will not lose more than $100,000 in the followingweek, how sure are we that this is a normal loss? The choice of the confidence level is opento interpretation.Joe Nocera of New York Times (Jan 4, 2009) suggests that VaR was useful to risk experts butnevertheless exacerbated the crisis by giving false security to bank executives andregulators.The 2008 crisis dealt with new products like the Credit Default Swaps. These productsgenerate small gains and very rarely have losses. But when they do have losses, they arehuge. As such, it was outside the 99 percent probability and did not show up in the VaRnumber as “it was lost in the tails”.Some critics claim that VaR looks at only a small slice of the risk and a great deal of valuableinformation in the distribution is ignored. Manageable risk near the centre of thedistribution is focussed on and the tails are ignored.
What does the Auditor do?
Depending on the level of importance that is placed on VaR in a firm, the auditor shouldobserve if risk managers have a clear comprehension of all the important confidence levelsand are able to place enough importance to them.
Ignoring important risks -- contagion and liquidity
Nassem Taleeb (the writer of “The Black Swan”) is concerned with what one callsmeasureable risks. “Measurable risk is when you have a handle on the randomness. If Ithrow a pair of dice, for example, I can pretty much measure my risk because I know that Ihave one-sixth probability of having a three pop up. Non-measurable uncertainty is when