You are on page 1of 76




Page 1 of 198


















Page 2 of 198

Risk management is a central part of any organization’s strategic

management. It is the process whereby organizations methodically
address the risks attaching to their activities with the goal of achieving
sustained benefit within each activity and across the portfolio of all
activities. The focus of good risk management is the identification and
treatment of these risks. Its objective is to add maximum sustainable
value to all the activities of the organization. It marshals the
understanding of the potential upside and downside of all those factors
which can affect the organization. It increases the probability of success,
and reduces both the probability of failure and the uncertainty of
achieving the organization’s overall objectives. Risk management
should be a continuous and developing process which runs throughout
the organization’s strategy and the implementation of that strategy. It
should address methodically all the risks surrounding the
organization’s activities past, present and in particular, future. It must
be integrated into the culture of the organization with an effective
policy and a programme led by the most senior management. It must
translate the strategy into tactical and operational objectives, assigning
responsibility throughout the organization with each manager and
employee responsible for the management of risk as part of their job
description. It supports accountability, performance measurement and
reward, thus promoting operational efficiency at all levels.

Anson and Ma (2003:22) quoted that risk is an essential part of a

competitive economy and that too much risk can be fatal to a company,
Page 1 of 198
but too little risk can result in a company to miss attractive
opportunities and lower the return on economic capital. Attempts to
eliminate all risks will sacrifice returns without a comparable reduction
in risk. For this reason senior management and the Board of directors of
listed companies must find the proper balance between risk and return
for their business.

Lucouw (2004:82) said that risk is necessary for a business to fulfill its
mission and that it isn't a totally negative force that should be avoided
at all cost. Risk is one of the most important factors that contribute
towards development because when potentially risky situations occur,
new possibilities become evident and improvements can take place
(Lucouw, 2004:85). Risk doesn't just offer danger, but also opportunities
and new resources, which can drive innovation and the development of
new theories, methods and tools for further enhancement.

Olsson (2002: xiii) stated that to obtain rewards from opportunities, it is

necessary to take risks. He also said that a basic view is that it is riskier
to operate in emerging markets than in the developed world, largely
because they are often characterized by greater economic and political
instability and are more vulnerable when external shocks, such as
natural disasters, occur. This is, however, no reason to steer clear of
these markets because there are higher levels of return on offer for those
that understand and can manage risk effectively. It is believed that
many of the risks that exist in the developed world also exist in
emerging markets but that there is other new twists that mean they
appear in different guises. The nature of risk itself is changing because
the world has become more complex and interconnected.

Page 2 of 198
Brealey and Myers (2003:753-755) stated that companies need to take
risks in order to add value to their business. They said that most of the
time companies consider risk to be God-given, which is not always true.
Managers can reduce the risks the company takes by building flexibility
into their operations, e.g. a petrochemical plant that is designed to use
either oil or natural gas, reduces the impact of an unfavourable
movement in fuel prices. Managers should not avoid all risks but if
exposure to risks for which there are no compensating rewards could be
reduced, larger bets can be placed when the odds are in the favour of
the company.

ICAEW (2002) concluded that risk is essential to an enterprise because it

is inherent in the pursuit of opportunities to earn returns for its owners.
Striking the balance between risk and reward is the key to maximizing
these returns.

The challenge facing modern risk managers is simply whether or not

risk management as it pertains to pure risk situations can be
approached in a structured and integrated manner (Valsamakis,
1996:12). Whilst no further attempt is needed to put risk in perspective,
there is no doubt that a need exists for the effective management of risk
- a total approach to the problem of risk - which entails more than
simply prudent insurance management. Insurance does represent an
effective way of risk cost transfer; however, the preoccupation with
insurance as a way of risk treatment work against a strictly integrated
approach to the management of risk, one that subscribes to both
elements of physical and financial risk management, and which
recognizes the responsibility for controlling risk.

Page 3 of 198
Valsamakis (1996:13) argued that however management-orientated the
definition of risk management may be, it becomes an academic issue
with little meaning unless what is implied is put into practice. The
underlying implication of the definition is that a systematic approach to
the management of risk is definitely necessary, and that this becomes
more obvious when one attempts to consider the risk challenges of the
future. He further states that there is no doubt that today the general
world is filled with uncertainty, and to identify clear trends for the
future is indeed difficult and even subjective. In this era of rapid and
indeed accelerating change, one should view the discipline of risk
management as a mechanism for coping with the effects of change.
From such efforts a range of possible futures can be constructed,
leading to better decisions and more effective business management.

To place the significance of the study of risk management in perspective

it will be useful to examine the general importance of risk management.
As risk management is generally seen as the identification, analysis and
financial control of those risks that negatively affect the assets, and
earning capacity of an organization, it seems that it displays a
significant orientation towards a general management function. Risk
management must become more pro-active, holistic and systemic to
become an integral part of general management as opposed to a set of
isolated functions comprising risk control and risk financing.

The importance of a systematised approach to managing risk becomes

more prominent when the following trends are considered:
(Valsamakis, 1996:14).
 The increasing sophistication of risk

Page 4 of 198
 The increasing concentration of risk
 The increasing awareness of risk
 The decline of insurance as a risk-financing technique.

Over the years during which risk management has evolved, there has
developed a substantial body of literature aiming to provide a routine,
if not a discipline, to ensure corporate survival in the face of risk
(Valsamakis, 1996:15). Such thinking has led to the present
understanding of risk management as a process comprising the
following four discrete stages.
 Risk identification
 Risk quantification
 Risk control directed at loss elimination, or more usually, loss
reduction and
 Risk financing via transfer.

Valsamakis (1996:16) referred to an observation made by Strutt that the

risk management model is a static one, envisaging discrete stages
followed in a predetermined and logical sequence. It is suggested that
the static nature has resulted in many risk management companies
organizing themselves into two distinct divisions (a) one for risk
control, (b) one for risk finance - unfortunately with a limited direct
working relationship between the two. A considerable body of
literature relating to each of the four before mentioned stages exists,
with advice on the preferred methods of approach to each subject. Text
dedicated to risk management lack the required integration and are, in
the main, written from an insurance point of view.

Page 5 of 198
Valsamakis (1996:16) said this assertion is not altogether unexpected as
insurance brokers, who, by the nature of these businesses, have a strong
leaning toward insurance and extensively market the concept of risk
management. Kloman (1987:62) said that as long as risk managers over-
emphasize insurance buying and managing, they will be incapable of
responding to the real needs of their organizations.

Wessels (2003) observed that the events surrounding Enron have

shaken the audit industry and the eyes of the business world are on
what audit firms will do in order to ensure that audit independence is
not compromised. Numerous pages of possible solutions to this
problem could be generated but that really addresses only one half of
the issue. The more important other half lies in the way that businesses
are run and managed, and how risks faced by companies are managed.
The Enrons, Barings Bank, Saambou's and Unifer's of this world will
keep occurring until proper risk management is a high priority for
every company director, manager and employee. Regulations like King
II, Turnbull and Basel, all have the same overall objective, which is to
protect shareholders and public interest from businesses, which are not
well managed. (Wessels, 2003).

These regulations are here to stay and they will probably be enforced
more formally in the future. The choice a company director has is
whether to comply with regulations like King II for the sake of
compliance or because it simply makes good business sense. Whatever
the choice, there will be certain issues that will have to be faced when
implementing risk management in a company (Wessels, 2003).

Page 6 of 198
From the above, the conclusion can be drawn that risk is inevitable and
risk-taking is an essential requirement for any dynamic business that is
seeking continued success. It is the attitude towards risk that will
determine the company's success in the end, because risks should not be
avoided but managed within predetermined risk appetite parameters.


Risk can be defined in many different ways but in common terms most
people will suggest that “risk is the possibility of adverse consequences
happening" (Olsson, 2002:5). In general, risk is mostly viewed from a
negative perspective and attention usually focuses on potential losses,
but the possibility is always there that a lot of benefits can be obtained
by taking risks. Therefore, the definition adopted by Olsson (2002:5)
that "... risk is the uncertainty of future outcomes", is a better
description of risk. From a risk management point of view there is the
uncertainty about

 whether the event/occurrence will take place; and,

 If it does take place, what the outcome will be.

Lucouw (2004:80) defined risk as the chance that some unfavourable

event will occur, or the chance of not meeting objectives, or not arriving
at a particular destination. He further stated that there usually are
negative connotations to the concept of risk, because there is an
expectation that the actual outcome of an event will be worse than the
expected results. Risk should be managed at a favourable level between
upper and lower risk levels and not be avoided, because risks that
Page 7 of 198
cannot be controlled will, eventually, result in failure (Lucouw,
2004:82). Total avoidance of risk will prevent the business to improve.
Risks should be taken when the rewards from taking the risk exceed the
penalty associated with the risk.

Herman and Head (2002) stated that risk exists simply because of the
possibility that the future may be surprisingly different from what was
expected. These surprises could bring either good or bad results
generating threats of losses or creating opportunities for gains. Mostly,
a risk will contain both and the objective will be to determine if the
gains will outbalance the losses.

Das (2001) averred that risk appears to be one of the most commonly
abused concepts in social science and researchers often differ
significantly in respect of their constructs of risk. Economic sciences
define risk as a condition in which decision makers know the possible
consequences of the decisions, as well as their associated probabilities.
In strategic management it is seldom that all possible decision
consequences and their probabilities are known, thus risk is often used
as if it is the equivalent of "uncertainty" or "unpredictable consequences
or probabilities". Seen in this context, strategic management scholars
refer to risk as the variance in performance beyond the control of
decision makers. What seems obvious in recent years, according to
literature on strategy, is that managers think of risk only as "down-side"
possibilities and they are more concerned with negative variations in

Page 8 of 198
Alijoyo (2002:3) defined risk as the chance of something happening that
will have an impact upon objectives. He further said that risk is equal to
uncertainty and the higher the uncertainty is, the higher the risk of
doing business becomes. The target is to achieve a proper balance
between risks incurred and potential returns to shareholders. This
requires Board of Directors to ensure that there are systems in place that
effectively monitor and manage these risks with a view to the long-term
viability of the company.

ICAEW (2002) described risk as the amount of uncertainty as to the

benefits that the business will derive from pursuing its objectives and
strategies. Risk includes both potential for gain and exposure to loss.

Lovemore and Brummer (2003:9) defined risk as the possibility of any

loss that could be caused by a known occurrence, for example droughts
have been known to ruin entire crops and cause death among livestock.
If the drought is not too serious, it may result in only limited losses, so
although the phenomenon of droughts is certain, it is very difficult to
determine how much loss will be incurred; thus droughts represent

Coyle (2000:10-11) said that risk has a two-way nature. Although he

defined risk as exposure to change when the size, direction or timing of
any future changes are uncertain, he stated that change can often be
favourable rather than negative and a company can benefit from an
exposure to financial risk whenever a change is favourable. In general,
the management of most non-financial companies is risk - averse,
because they tend to avoid risk unless there is a reasonable expectation

Page 9 of 198
of increased profits. Some companies will often prefer the certainty of a
smaller profit rather than an exposure to financial risk that could result
in a higher profit, but also contains the possibility of a loss.

According to Skipper (1997), risk has no universal definition and one

way to express it is the variability of outcomes.

Shimpi (2001) has defined risk as the lifeblood of every organization

and functional managers do manage risk head-on wherever it appears.

Gupta (2004a, b) said “Risk refers to the possibility of deviation from

the standard path. These deviations reduce the value and imply
unhappy situations”.


Classification of risk as credit, market and operational is a widely

accepted methodology (Lam, 2001; BCBS, 2003).

Alijoyo (2002:4) classified company risk in two categories:

 Financial risk, which comprises market risk, credit risk,
operational risk and reputation risk.
 Non-financial risk, which is viewed from both a micro-
perspective and a macro-perspective.

Doherty (1985:2) identified the following four types of risk affecting an

 Marketing risk
Page 10 of 198
 Financial risk
 Resource management risk
 Environmental risk.
Green and Serbein (1983:20) classified risks as follows:
 Property and personnel
 Marketing
 Finance
 Personnel and production
 Environment.
Fatemi and Luft (2002:29-38) summarized risk into following three
 Strategic risk
 Business/operational risk
 Financial risk.
From the managerial perspective, risk can be classified into three broad
 Risks that need to be avoided
 Risks that should be transferred
 Risks to be actively managed
From the functional perspective, risks can be divided into the following
 Credit risk / counterparty risk
 Market risk
 Operational risk

Page 11 of 198

It refers to the variability of income to the equity capital due to debt

capital. Financial risk in a company is associated with the capital
structure of the company. Capital structure of the company consists of
equity fund & borrowed fund. The presence of debt & preference
capital results in a commitment of paying interest or pre-fixed rate of
dividend. The residual income alone will be available to the equity
holders. The interest payment affects the payments that are due to the
equity investors, the debt financing increases the variability of returns
to the common stock holders & affects their expectation regarding the
return. The use of debt fund with the owned funds to increase the
return to the shareholders is known as financial leverage. Debt
financing enables the corporate to have funds at low cost & financial
leverage to the shareholders. As long as the earnings of the company
are higher than the cost of borrowed funds, shareholders’ earnings are
increased. At the same time, when the earnings are low, it may lead to
bankruptcy to equity holders. (Punithavathy Pandian, 2009)

Frank Knight (1921) defined financial risk as risk, or situations in which

the randomness facing a firm can be expressed in terms of specific,
numerical probabilities. These probabilities may be objective (as in a
lottery) or subjective (as in a horserace), but they must be quantifiable.
Because they are quantified, they can be managed. Financial risk is thus
a risk that firms can avoid.

Financial risk emanates from the composition of the financing of the

operations. The level of debt as a proportion to the total liability
Page 12 of 198
determines the risk. A company with low proportion of debt has lower
level of financial risk. A company which is unlevered has no financial
risk. Financial risk refers to the risk of bankruptcy arising from the
possibility of a firm not being able to repay its debts on time. Higher the
debt-equity ratio of a firm, higher the financial risk faced by it. Liquidity
risk & wrong capital structure are the prime reasons for financial risk.
Availability of credit at reasonable rates affects the cost of production.
Similarly, defaults or delays by debtors in settling their dues cause
financial loss.

Financial risk may be defined as the potential for cash flows or asset
values to vary from expectations due to changes in prices. This
definition also gives an indicator of the measurement of risk: the more
volatile the price, the greater the risk.



Market risk refers to changes in the value of financial instruments or

contracts held by a firm due to unpredictable fluctuations in prices of
traded assets & commodities as well as fluctuations in interest &
exchange rates & other market indices.

Christopher L. Culp (2001:18) said that market risk arises from the event
of a change in some market-determined asset price, reference rate (e.g.,
LIBOR), or index. The events define market risk can be separated into
two categories. The first type of event that generates market risk defines
Page 13 of 198
market risk based on the type of asset class whose price changes are
impacting the exposure in question. A common form of asset class-
based market risk is known as interest rate risk, or the risk that the
balance sheet assets, liabilities, & off-balance sheet items of a firm –
including its derivatives – will change in value as interest rates change.
Other asset class-driven classifications of market risk include changes in
the value of an exposure attributable to fluctuations in exchange rates,
commodity prices, & equity values.

Dun & Bradstreet (2010: 15-30) identified market risk as the risk of
losses due to movements in financial market variables. These may be
interest rates, foreign exchange rates, security prices, etc. Thus, market
risk is the risk of fluctuations in portfolio value because of movements
in such variables. Further, market risks can be categorized into:

 Price Risk
Price is a market-driven measure of value. The possibility of not
realizing the expected price is called the price risk. Thus, price risk
may be seen as an unfavourable movement in the price of a
commodity, security or other obligations. It can be classified into
following categories:
- Symmetrical vs. Unsymmetrical
- Absolute vs. Relative
- Directional & non-Directional
- Asset Liquidity
- Discontinuity & Event
- Concentration
- Credit Spread

Page 14 of 198
- Volatility

 Forex Risk
Forex risk occurs when a company is involved in international
business and the cash in or outflows are in a foreign exchange rate.
As this rate is not fixed and cannot be fully anticipated a possible
change in a foreign exchange rate leads to the risk of changes in the
amount of a payable / receivable and by that a change in the amount
of money the company has to pay / will receive. This risk is
measured by the concept of transaction exposure. Furthermore,
economic exposure can be included in the evaluation of exchange
rate risk. This includes changes in the quantity of future sales due to
changes in the exchange rate and therefore relative competitiveness
of the company. However, the prediction of this sensitivity is
difficult and hardly measurable and thus the company cannot
manage this risk actively. Most firms therefore concentrate on
transaction exposure and by that on the price change and not the
quantity change caused by the exchange rate volatility.

 Country Risk
A firm may transform itself into an international one when it starts
lending across its borders or invests in instruments issued by foreign
organizations. When the firm starts doing so, the first risk that it
encounters is country risk. This is also called sovereign risk. There
are number of factors like economic, political, socio-community,
legal, etc. that have a bearing on a level of risk associated with a
particular country.

Page 15 of 198
 Liquidity Risk
Liquidity risk is of two types:
- Funding risk is the inability to raise funds at normal cost.
- Asset liquidity risk is the lack of trading depth in the market
for a security or class of assets.
An institution might lose liquidity if its credit ratings fall, it
experiences sudden, unexpected cash outflows, or some other event
causes counterparties to avoid trading with or lending to the
institution. A firm is also exposed to liquidity risk if markets on
which it depends are subject to loss of liquidity.

 Interest Rate Risk

Interest rate risk is based on changes in interest rates and can be
observed in different forms. The first form refers to changes in
interest rates in connection with variable loans and short-term
financing. A rise in the interest rate leads to higher interest
payments for the variable rate loan and more expensive follow-up
financing. This decreases the company’s earnings and can in worst
case lead to financial distress. Secondly, the vice versa case refers to
cash positions of the company with a variable interest rate. A fall in
this rate leads to a loss in earnings. Thirdly, also fixed rate debt
contracts can be a risk for the company. In times of declining
interest rates those contracts cause higher payments than a variable
loan would do and are disadvantageous for the company. However,
these costs are opportunity costs and not real costs to the company.
Therefore, it can be summarized that the more corporate debt and
especially short-term and variable rate debt a company has, the
more vulnerable it is to changes in the interest rate. Finally demand

Page 16 of 198
sensitivity caused by interest rate changes can also be regarded as
part of the interest rate risk. However, similar to economic exposure
of foreign exchange rate risk, also the prediction of this sensitivity is
also difficult and hardly measurable. It is therefore in practice
ignored for most products and companies.

 Technology Risk
Technology is the backbone of every business. It needs a lot of
money, time & effort in order to be implemented. The primary
objective of investment is operational efficiency in terms of
economies of scale & of scope. However, if the system
implementation is too slow or the performance is ineffective, the risk
is that the entire investment may not result in adequate repayment.
In extreme cases, it could even hamper efficiency. In such an
eventuality, it would have a negative impact on the survival &
growth of the organization.


There are four common approaches to measure market risk:

 Sensitivity Analysis
 Scenario Analysis
 Stress Testing
 Value At Risk (VaR)

 Sensitivity Analysis
Sensitivity analysis is also known as the ‘what if’ analysis. It is a
useful tool to determine how the changes in the market could
Page 17 of 198
affect the value of the portfolio. The market risk factors are
market variables like interest rates, credit spreads, equity prices,
exchange rates, etc.

 Scenario Analysis
This is similar to sensitivity analysis in the sense that this
approach also tries to determine the portfolio value if the market
risk factors change. However in this approach, instead of
changing the risk factors one by one, different scenarios with
simultaneous changes in all risk factors are considered.
In scenario analysis, expert opinion is used to create a limited set
of worst case scenarios. Each scenario corresponds to a specific
type of market crises, like crash of the equity market, increase in
oil prices, increase in interest rates, etc. Typically, some 5 – 10
worst case scenarios are constructed.
The steps in scenario analysis are as follows:
1. Choose 5 -10 scenarios that would adversely affect the markets
in which the company operates.
2. Estimate the changes in each risk factor(s) given the scenario.
3. Value the portfolio under the given scenario.
4. Test the portfolio on a daily basis to estimate the probable loss
under each scenario.
5. Review & update the scenarios periodically.

 Stress Testing
Stress testing achieves a very different risk management objective
as compared to VaR. Its purpose is to examine the impact of
extreme events on the portfolio. This test thus deals with the

Page 18 of 198
ability of the business to survive extreme conditions & implement
changes in strategy. It provides a deeper understanding of the
risk & thereby prepares a ground for better protection. This can
also be used to understand how new products will respond to
extreme conditions. Thus, investment risks can be better assessed
before the business becomes involved. Stress testing can be
applied to test market risk & derivatives & also operational,
credit & counterparty risk.
Some examples of extreme events are:
- The October 1987 crash of more than 20% in one day in the US
Equities market followed by a contagion effect in other
- The 1990 Nikkei crash
- The rise in US interest rates by about 250 basis points in 1994
- The Mexican Peso crises in 1994 & Latin America crises in 1995
- The East Asian crises in 1997
- The 1998 LTCM crises
- The Russian crises where the Russian Ruble fell by 29% in
- The 1999 Brazil crises

These events underscored the need to go beyond the normal

events that VaR deals with. Risk management must envisage
extreme events & factor the risks caused by them. Stress testing
deals with these events. The results or features of these extreme
events are as follows:

Page 19 of 198
- Contagion effect
A crisis in one market gets passed on to other markets &
normal correlations go haywire. All markets get highly
correlated with each other & accentuate the risk.
- Speed of price shocks
Shock waves spread rapidly & normal assumptions made in
derivative transactions do not hold any more.
- Liquidity issues
Liquidity dries up in most markets & exit from a position
becomes very difficult.
- Concentration
Under normal circumstances, concentration allows market
leadership. However in extreme conditions, it creates the risk
of a near fatal loss.
Stress tests are carried out with reference to some extreme events
& can be categorized as follows:
- Market Moves
o Parallel shifts in the yield curve
o Yield curve could twist
o Basis (e.g. interest rate differential) changes
o Swap & other credit spreads
o Currency devaluations
o Volatility changes & twists in the term structure of
o Price shifts
o Liquidity
o Credit tightening
o Contagion effects

Page 20 of 198
o Speed & duration of extreme market moves
- Modeling assumptions to be stress tested
o Yield curve interpolation & creation
o Pricing models, e.g. option pricing
o Models used for trading hedging strategies
o Volatilities
o Correlations
- Product complexity
o Derivatives
o Mortgages
o Structured products with embedded multiple risks
o Products with a wide range of acceptable prices
o Difficulty in handling risks & asset types
o Emerging markets & difficult to handle markets
- Credit
o Name concentration
o Industry concentration
o Concentration across client segments
o Contingent credit exposures, particularly of derivatives
Approaches to stress testing
- Historical event analysis: Examines what happens if the
extreme event occurs again
- Scenario analysis: Develops scenarios based on historical
events and examine the Outcome for such scenarios
- Institution specific scenario analysis: Scenarios are developed
based on the events relevant to the bank or institutional

Page 21 of 198
- Extreme standard deviation scenarios: Examines what could
happen if the returns vary by 5-, 6-, 10-standard deviations
- Extreme incremental events and Tail risk: Quantifies a set of
progressively severe market moves or events and the loss that
can ensure
- Quantitative evaluation of tail events: Examines whether there
is any pattern in the tail events and uses the results in scenario

 Value At Risk (VaR)

In 1993, the Group of Thirty (G-30) endorsed VaR as a best practice

for dealing with derivatives. Since then, VaR has revolutionized
market risk measurement for institutions. Gradually, this concept
has been extended to other risks such as credit risk, operational risk,
and even integrated risk management.

VaR is a method of assessing risk using standard statistical

techniques. Formally, it is the maximum loss over a target horizon
such that there is a low, predetermined probability that the actual
loss will be larger. VaR has a scientific basis and provides users with
a summary measure of market risk. For instance, a company might
say that the daily VaR of its trading portfolio is INR 35 million at the
99% confidence level. In other words, there is only one chance in a
hundred, under normal market conditions, that a loss greater than
this amount will occur.

Page 22 of 198
This number summarizes the company’s exposure to market risk as
well as the probability of an adverse move. Shareholders and
managers can then decide whether they feel comfortable with this
level of risk. If the answer is no, the process that led to the
computation of VaR can be used to decide where to trim risk. VaR
takes into account both portfolio diversification and leverage effects.
Various methods are possible to compute Value At Risk. These
methods basically differ in terms of:
• Distributional assumptions for the risk factors (e.g. normal versus
other distributions)
• Linear vs. full valuation, where the former approximates the
exposure to risk factors by a linear mode
Some of the important methods for measuring VaR are:
1. Delta Method
2. Historical Simulation Method
3. Monte Carlo Method

1. Delta-Normal Method
This method assumes that the individual asset returns are normally
distributed. Since the portfolio return is a linear combination of asset
returns, it is also normally distributed. The variance-covariance
matrix and correlations for all risk factors are computed from
historical data for a period of 3- 5 years. Once this is done, the
portfolio risk is computed by using forecasts of volatility and
correlations for each risk factor and the exposure to these risk

Page 23 of 198
2. Historical Simulation Method
This method is similar to the Delta Normal method in that it also
uses historical data of asset returns and the exposure to these risk
factors. The difference is that this return does not represent an actual
portfolio but rather reconstructs the history of a hypothetical
portfolio using the current position. Both the methods would
generate the same VaR if asset returns are all normally distributed.

3. Monte Carlo Method

In this method there are two steps:
• First, specifying a stochastic process for financial variables as
well as process.
• Second, simulating fictitious price paths for all variables of
interest. The portfolio is marked-to-market at each horizon
considered, which can be one day or many months ahead.
Each of these hypothetical returns is then used to compile a
distribution of returns, from which a VaR figure can be

Comparison of Methods
1. Delta-normal method
This is the simplest method to implement. The drawback
however, is that it assumes that all risk factors are normally
distributed and that all assets are linear in risk.
2. Historical Simulation Method
This is also relatively simple. The drawback to this is that only
one sample path is used for simulation, which may not
adequately represent future distributions.

Page 24 of 198
3. Monte Carlo Method
This is the most sophisticated method. It accommodates even
non-normal distributions and non-linear assets, but requires
work on computers and a good understanding of the
underlying stochastic process.

Caveats in the use of Value At Risk

 It does not describe the worst loss; for example, in VaR
calculation with 99% confidence, there is a one in hundred
possibility that actual loss will exceed VaR estimates.
 It does not describe the distribution of losses.
 VaR itself is subject to some sampling variation; a different
sample period or a period with a different length could lead to
different VaR numbers.

Measurement of Interest Rate Risk for Asset Liability Management


Although ALM risk is a part of market risk, it is difficult to measure

using the trading VAR framework. As a result, companies use three
alternative approaches to measure ALM interest rate risk. These are:
 Gap analysis
 Rate-shift scenarios
 Simulation methods

 Gap analysis
Interest rate risk arises in those companies where their assets &
liabilities generally have their interest rates reset at different
times. This leaves net interest income (interest earned on assets
Page 25 of 198
less interest paid on liabilities) vulnerable to changes in market
interest rates. The magnitude of interest rate risk depends on the
degree of mismatch between the changes in asset & liability
interest rates.

One way to measure the direction & extent of the asset-liability

mismatch is through gap analysis. Its name is derived from the
dollar gap, that is, the difference between the dollar amounts of
rate-sensitive assets & liabilities. A maturity gap is calculated for
a given time period. It includes all fixed rate assets & liabilities
that have interest rate reset dates in that period.

A company that has a positive (calculated from assets less

liabilities) gap will see its interest income rise if market interest
rates rise, since more assets than liabilities will exhibit this
increase. A company with a negative gap will be hurt by rising
rates & benefit from falling rates.

 Rate-shift scenarios
Rate-shift scenarios attempt to capture the behavior of customers
as a result of a given change in interest rates. For example, if the
rates are expected to go up by 1%, what will be the effect on the
company’s cash flows? The NPV of this new set of cash flows is
calculated using the new rates.
This helps in arriving at the changes in earnings & value expected
under different interest rate scenarios.

Page 26 of 198
 Simulation methods
In this technique, the impact of various risks like market risk,
interest rate risk, etc. on a company’s financial position, asset
values, earnings or net income is examined. Simulation can be
carried out for a static or dynamic environment. While the
current on-& off-balance sheet positions are evaluated under
static environment, the dynamic simulation builds on more
detailed assumptions about the future course of interest rates &
unexpected changes in the company’s activity. The output of
simulation can be in a variety of forms, depending on the need of
the users. Simulation can provide current & expected periodic
gaps, duration gaps, balance sheet & income statements,
performance measures, budget & financial reports. The
simulation model is an effective tool for understanding the risk
exposure in different interest rates/balance sheet scenarios. This
technique also plays an integral planning role in evaluating the
effect of alternative business strategies on risk exposures. Its
usefulness depends on the structure of the model, the validity of
its assumptions, technology support & technical expertise of
companies. The application of various techniques depends to a
large extent on the quality of data & the degree of automation.
Thus, companies may utilize the gap or simulation techniques,
based on the availability of data, information of technology &
technical expertise.

Page 27 of 198

Market risk management department has three groups - policies and

procedures, risk measurement and risk management. The policies and
procedures group is mainly concerned with establishing and
maintaining a framework of policies to ensure that the trading
operation is controlled. The risk measurement group is required to
produce periodical, timely, precise risk reports for use by the risk
management group, senior management and traders. The risk
management group has to see that the risk taken by the traders and
reflected in the risk reports is in line with the overall risk policies of the
organization. For this, the risk management group in consultation with
senior management sets the limits for dealers, like inventory age limits,
concentration limits, stop loss limits, position limits, etc. The risk
management group has no authority over the traders. If they find that
the traders are including in excessive exposure, they can bring this to
the attention of senior management or change the limits.



A company enters into numerous transactions. Some of these involve

financing of clients in a variety of forms. Other transactions involve
investment activities, where funds are invested in debt and other
instruments. A company also enters into foreign exchange transactions.
In such transactions, the company is exposed to a risk linked to the
financial soundness of the party with which the company is dealing.
Page 28 of 198
This risk is accentuated when the company has completed its part of the
transaction and parted with its own funds, and is waiting for the other
party to fulfill its obligation. This risk is also dependent on whether the
particular transaction has been put through organized exchanges or
whether it is executed on an Over-the-Counter (OTC) basis. Organized
exchanges often guarantee the performance of the other party; to that
extent, the concerned company is protected. In OTC transactions,
however, there is no third party involved as guarantor and the entire
risk remains with the concerned company.

Counterparty risk, thus, is the risk to each party of a contract that the
other will not live up to its contractual obligation. In most financial
contracts, this risk is known as default risk.

In the case of a pure lending transaction, this risk takes the form of
credit risk. The performance of credit transaction is linked to the
performance of the borrower's business. This, in turn, is dependent on
the performance of the economy, industry, and management of the
specific business. In case of investment transactions including both
purchase and sale, counterparty risk would arise where the securities
have been delivered but the corresponding funds have not been
received; or alternatively, funds have been paid but the related
securities have not been received. This risk could also arise in derivative
transactions, where the company is trying to protect its exposure.
However, this protection is dependent on the compliance of the
counterparty regarding its contractual obligations. Further, when a
company has invested in a security (particularly in the form of bonds or
debentures), the performance of this instrument is dependent on the

Page 29 of 198
financial solvency of the issuer. This could then be called as issuer risk
that could arise on default in payment of interest or in repayment of
principal by the issuer.

Generally, this type of risk is related to the financial performance of the

counterparty; however, certain corporate actions (like merger or
acquisition) could also have a bearing on it. The credit risk profile will
also undergo a change based on additional borrowings raised or earlier
borrowings retired.

Pre-settlement Risk
Pre-settlement risk is the bankruptcy of the counterparty (or some other
event which impairs the ability of counterparty to perform its
obligation) prior to settlement. In such a case, the risk of the
organization is not 100% but the replacement value of the original

For example, if Fair-Trades enter into a contract to buy Government

bonds for INR 10 Million from ConHolders for settlement on December
24 th and ConHolders go bankrupt on December 23 rd, the risk of Fair-
Trades is not INR 10 million, but the price over and above it that they
have to pay to buy the same bonds from another party.

Replacement cost is a basic metric of credit exposure due to pre-

settlement risk. It arises when a firm arranges a transaction with a
second counterparty to replace an original, defaulted deal. If the new
transaction comes at a higher price to the firm, then the firm incurs a
replacement cost loss.

Page 30 of 198
Settlement Risk
Settlement risk arises with respect to the settlement of a transaction.
Settlement often involves two parties, each with its own obligations -
for example, one party buying the bond and the other delivering it. The
risk in such a situation is that one party may perform its obligation
while the other does not. Unlike pre-settlement risk, where the
exposure is the net value of the two obligations, in settlement risk the
exposure is the entire value of the counterparty's obligation.

In the above example, if ConHolders declare bankruptcy on the 24th

instead of the 23rd, after Fair-Trades have paid the amount but before
they have received the bonds, their risk may extend to the whole
amount of the contract. In addition, they still have to incur the
replacement cost (if any).

Settlement risk is a bigger risk in foreign exchange markets because

each currency must be delivered in its home country. Due to time zone
differences, several hours can elapse between a payment made in one
currency and the offsetting payment in another currency. A famous
example of settlement risk is the failure of the German Herstatt Bank. It
was the afternoon of 26 th June 1974, and the bank had received all its
foreign currency receipts in Europe, but had not made any of its US
Dollar payments. This position continued till the end of the business
day, when German banking regulators closed the bank due to
insolvency. As a result, the counterparties were left holding unsecured
claims against the bankrupt bank's assets.

Page 31 of 198
Basel Committee (in its supervisory guidance issued in July 1999 on this
subject) states that this risk arises when counterparty pays the currency
it sold but does not receive the currency it bought. According to the
consultative paper issued by the Basel Committee on Banking
Supervision, July 1999, foreign exchange settlement failures can arise
from counterparty default, operational problems and market liquidity
constraints among other factors. Foreign exchange settlement risk
clearly has a credit risk dimension. If a company cannot make the
payment of the currency it sold conditional upon its final receipt or the
currency it bought, it faces the possibility of losing the entire principal
value of the transaction. However foreign exchange settlement risk also
has an important dimension of liquidity risk. Even temporary delays in
settlement can expose a receiving company to liquidity pressures if
obligations to other parties have to be met. Such exposure can be severe
if the unsettled amounts are large and alternative sources of funds must
be raised at short notice in turbulent or unreceptive markets. The Basel
Committee has recommended, therefore that (as with other forms of
risk), the development of counterparty settlement limits and the
monitoring of exposures is a critical control function and should form
the basis of a company’s foreign exchange settlement risk management


There are many sources of credit risk. The amount of credit risk
depends upon the structure of the agreement between the company and
its customers. An agreement between a company and a customer that

Page 32 of 198
gives rise to a credit exposure is called a credit structure or a credit
1. Risk measurement for a single credit facility
2. Risk measurement for a credit portfolio

Risk Measurement of a Single Facility

Credit risk is the risk due to uncertainty regarding the counterparty's
ability to meet its obligations. Because there are many types of
counterparties from individuals to sovereign governments and many
different types of obligations (from auto loans to derivatives
transactions) credit risk takes many forms. Institutions manage it in
different ways. For a single credit facility, there are three parameters
that are important in quantifying the credit risk. These are:
• Probability of Default (PD)
• Exposure at Default (EAD)
• Loss given Default (LGD)

Probability of Default (PD)

What is the likelihood that the counter-party will default on its
obligation either over the life of the obligation or over some specified
horizon, such as a year? Calculated for a one-year horizon, this may be
called the expected default frequency.

Exposure at Default (EAD)

This is also known as the loan equivalence (LEQ). It is the outstanding
amount at the time of default. In the event of a default, it indicates the
amount of outstanding obligation.

Page 33 of 198
Loss given Default (LGD)
In the event of a default, the fraction of exposure that can be recovered
through bankruptcy proceedings or some other form of settlement is
given by the equation:
Expected loss = PD x EAD x LGD
Expected loss is covered through pricing of the company’s products
and services. Unexpected loss is the variability about this mean loss,
which should be covered through adequate capital allocation or

Risk Measurement of a Credit Portfolio

The process of measuring credit risk for a portfolio of credit assets is
different from that of a standalone asset because of the correlations that
come into play for a portfolio. Correlation reflects the extent to which
loans tend to default simultaneously. This may happen because of
macroeconomic factors like recession or interrelationships between the
various credit assets (e.g. default by the parent company may trigger
defaults by its subsidiaries or default by the manufacturer may result in
a default by the company's suppliers).

The effects of correlation may result in highly skewed loss distributions-

many years of low loss followed by a few years of extremely high loss.
However, these correlation effects are difficult to observe because
defaults are few and far between. As a result, some models have been
developed for measuring the credit risk of a portfolio. They are based
on some financial assumptions and can be used with fewer data points.

Page 34 of 198
These models are:
• The Covariance Model
• The Actuarial Model
• The Merton-Based Simulation Model
• The Macroeconomic Default Model

The Covariance Model

This model is similar to the parametric VaR model except that in this
case default correlations are used and the probability distribution is
assumed to be a beta distribution (in contrast to normal distribution in
VaR). Further, in credit risk the mean of the distribution (or the
expected loss) is important and is calculated; in VaR for market risks,
we assume that the distribution is normal with a mean of zero.

Capital allocation using this model is done as follows:

1. The expected loss (EL) and unexpected loss (UL) of the portfolio
are determined in terms of the EL and UL of the individual credit
assets in the portfolio
2. Default correlation is determined
3. The overall probability distribution of the portfolio is estimated
4. Capital for the portfolio is allocated to individual credit asset
using unexpected loss distribution

The Actuarial Model

In the Actuarial model, the statistics of historical losses are directly
used. The CreditRisk+TM model developed by Credit Suisse is based on
the actuarial model. The process is quite complex. The main steps in the
calculation process are:

Page 35 of 198
• Determining the probability of default for each company
• Grouping the loans in the portfolio according to their sector, size
and LGD.
• Calculating the Poisson distribution of losses, given the mean
probability of default
• Using Gamma distribution to create uncertainty in the mean
probability of default
• Calculating the inverse binomial distribution of losses, given the
uncertainty in the mean probability of default
• Aggregating the groups independent results
However, the actuarial approach suffers from two major drawbacks:
1. Defining the standard deviations of the Gamma functions that
drive the correlations
2. Linking the credit risk with market risks
The Merton simulation model helps in overcoming these difficulties.

The Merton-Based Simulation Model

This model helps in simulating the correlated defaults for a portfolio of
loans. The model generates random values for each company's assets; if
the value is too low, the model simulates a default. The
PortfolioManagerTM software by KMV Corp. and the CreditMetricsTM
software by Risk Metrics use this approach. The main advantages of the
model are:
• There is no need to assume a probability distribution for the
losses, as the simulation provides this.
• It is easier to include uncertainties in the number of defaults as
well as in EAD, LGD and changes in credit ratings.

Page 36 of 198
• It helps in simulating the market variables in line with the
simulation of asset values; since the same framework is used to
calculate market risk and credit risk, it is easier to link the two.
The main steps in this process are:
 Determine the probability of default for each company
 Determine the threshold for asset values
 Calculate the correlation between asset values
 Generate uncorrelated random numbers (n)
 Generate uncorrelated random asset values (v)
 Record a loss if v for a company is below the critical threshold
 Create the distribution of losses

The Macroeconomic Default Model

This model is similar to the actuarial model. In any given economic
condition, defaults are considered to be independent, but the
probability of default for all loans is expected to change when the
economy changes.
The steps involved in the process are as follows:
 Determine the probability of default of a group of loans as a
function of macroeconomic variables
 Create a random macroeconomic scenario
 Calculate the average probability of default for the group
 Modify the average probability of default for each company
 Decide randomly whether each loan defaults
 Calculate the loss
 Create the loss distribution

Page 37 of 198

Credit risk management, at the fundamental level, involves two critical

components: credit decision and credit monitoring. Credit risk has to be
assessed and managed at the individual exposure level as well as at the
portfolio level.

Individual Account level

While prospecting for new credit, two important aspects are the
repayment capacity of the borrower and the facility structure that may
be most appropriate to the business needs and financial position of that
borrower. While analyzing the repayment capacity, the industry risk
has to be assessed first. This is followed by analysis of the borrower's
financial statement and cash flow projections.

In respect of the facility structure, it is critical to assess the

appropriateness of the facility for the customer's stated end-use. The
disbursement method has to be appropriate to the borrower's
requirements and has to meet the lender's risk management and asset-
liability management criteria. Apart from price negotiation, another
important aspect relates to the mutually decided covenants.

Legal documentation and a contract with the borrower are necessary to

protect the lenders' rights of action in case of default.

Before looking at the company's performance, it is essential to

understand the risks involved in the industry or sector(s) in which the
business operates. The cost structure of the industry, its maturity,
Page 38 of 198
cyclicality, overall profitability, market or competition structure, the
supply chain and dependence on buyers or vendors, product
substitution threats, the FDI policy of the government for that sector
and the regulatory/licensing environment in which it operates all need
to be examined. Further, the social and environmental risks of that
sector also should be assessed. With the current emphasis on Corporate
Social Responsibility (CSR), use of child labour, environmental hazards,
etc. are some risks that need to be noted. Management of social and
environmental risk is now a corporate governance issue and plays a
major role in managing the reputation risk of the organization.

The financial statements of a borrower should be analyzed before a

credit exposure is taken. At the same time, it is important to
comprehend the business context or background in which these
numbers have been produced. On one hand, an overview of the
investment, operations and financing aspects of the business is
necessary and on the other, critical management aspects (such as sales,
operations, expenses management) have to be looked into. The
strategies used have to be carefully understood, such as pricing, cost
structure, operating leverage, shareholder reward, financial leverage
and risk/reward trade-off. While looking at sales, external drivers
should also be taken into account. The revenue contributed by new
businesses or products indicates the ability of the company to meet
market requirements and its competitive position. The impact of sales
growth on working capital investments as well as on capacity
expansion needs to be grasped.

Page 39 of 198
Once the above has been accomplished, one can proceed to the analysis
of financial statements with a focus on the comparison of financial
ratios with industry benchmarks. The cash flow statement reveals a
great deal about the company's financing strategies. Declining firms
may reveal disinvestment of their assets to repay a part of their debt or

Financial ratios can be classified into profitability, efficiency and

leverage ratios. The profitability ratios indicate the profit margins at
various levels and the contribution of major expenses and costs to the
overall performance. Efficiency ratios focus on working capital
management efficiency as well as utilization of fixed assets. Overall
return on equity or assets indicates a summary measure of the
organization’s performance. Leverage ratios indicate the extent to
which debt forms part of the long-term funds of the enterprise and thus
signal its ability to borrow further without over-leveraging. Debt
service ratios give the lenders an idea of the firm's previous
performance in the area, and therefore the level of comfort they can

In addition to the usual financial statement analysis, it is critical to

assess the risk areas on the borrower's balance sheet, including poor
quality of receivables, concentration risks, existing mortgages, stock
quality, technological obsolescence and aggressive fixed asset

In the end, the cliché "Look at the willingness to repay rather than the
ability to repay" needs to be kept in mind. The management has a

Page 40 of 198
paramount role in coming to a credit decision. A credible and
transparent management significantly enhances credit quality.

Portfolio Level
One should keep in mind that the risk ratings of various debt
instruments and of corporates in general migrate from one class to
another. One way to measure the credit risk at portfolio level is by
assessing the value at risk. This is done by taking into account the rating
migration probability, default probability at various levels of rating and
the recovery rate.

Some of the areas in which an organization has to define its own

underwriting standards are - acceptance criteria, composition and
quality targets, risk triggers and actions and risk management

Acceptance criteria can include the target markets, customer acceptance

criteria and pricing/return guidelines. At the individual customer level,
some examples of this are profitability track record, minimum credit
rating/grade, leadership position in the market, buyer/vendor
dependency and financial parameters.

The composition of the credit portfolio can be monitored with reference

to the industry exposure, exposure by credit grade and other quality
targets, like overdue accounts.

Some examples of risk triggers are changes in industrial growth rate,

agricultural growth rate, foreign currency rates, interest rates, oil prices,

Page 41 of 198
fiscal deficit numbers, etc. When such triggers do happen, appropriate
action may have to be taken to limit further exposures or to shun or
reduce certain industry exposures.

Risk management processes comprise of the definition of appropriate

approval authorities and credit process, among other things. As a part
of this, one may have to define the maximum tenor for various facilities
from an Asset Liability Management point of view. Collateral is another
important part of the risk management process.

Collateral and Margins

Derivative contracts are often cash settled, viz. the parties settle only the
difference between the contract and the market values. Thus, with a
smaller amount of capital, investors may be tempted to take large
positions. If early profits are tested by investing in these products, the
temptation could be to create leveraged positions. This is a risk for
individual participants as well as for the system as a whole. To protect
the system from exposure to the risks of over-leveraging, exchanges
where derivative contracts are traded levy margins on their members,
i.e. broker-dealers. They in turn recover this margin from their
customers or constituents.

Margin is the amount of money or collateral deposited by a customer

with her broker, by a broker with a clearing member, or by a clearing
member with a clearing house. Exchanges specify the levels of various
margins but brokers may require their customers to post margin at
higher amounts than those specified by the exchange.

Page 42 of 198
In addition to margins, exchanges also collect collaterals from their
members (the broker-dealers) to meet the eventuality of non-payment
of margin requirements due to market movements.

The word limit means a ceiling or a maximum amount. The authority of
an officer to execute or approve a particular transaction or deal is one
form of limit. It is also related to an exposure that the firm may have
undertaken with reference to counterparty, an industry or an
instrument. Prudent limits are required, such that the overall risk
undertaken by the firm is properly backed up by capital. Limit setting is
a part of the overall risk management exercise. Therefore, it has to be
done taking into account the risk management strategy and
organization structure. There has to be a proper limit monitoring
mechanism in place, which can often be implemented using
computerized systems.

Risk Diversification
A portfolio is a collection of a number of securities or instruments. One
that is invested in instruments with uncorrelated returns will have an
expected simple return. This is the weighted average of the individual
instruments' returns. Its volatility will be less than the weighted average
of the individual instruments' volatilities. Diversification as seen by this
means that an investor can reduce market risk simply by investing in
many unrelated instruments. The concept is often described by the
saying "Don't put all your eggs in one basket". A central concern of the
portfolio theory is the issue of how investors can use diversification to
optimize their portfolios.

Page 43 of 198
Netting implies off-setting of payables and receivables arising under
various contracts and net settlement of the payable or receivable with
the counterparty. Essentially, it helps in reducing the settlement risk.

Netting can also be achieved by entering into specific agreements

between the counterparties. The agreements allow receivables to be set
off against payables. This has two advantages. One is that it reduces the
credit risk for both the counterparties and in the event of default, the
exposure can be minimized by setting off payables against the same.
Secondly, the agreement may allow only net receivable to be reflected
on the balance sheet, resulting in a reduced capital requirement.
However, this favourable capital treatment for netting is available only
for contracts without walk-away clauses. This clause allows both parties
to walk away from the contract in case of default.

Audit and Compliance Roles

There are two crucial roles in any organization: compliance and audit.
Compliance implies meeting the statutory expectations imposed by
various regulators for the orderly functioning of any market. It is now a
requirement for banks and financial services entities in most
jurisdictions to appoint a Chief Compliance Officer (CCO). Depending
on the size of the organization, the compliance department needs to be
appropriately structured. The objective of the CCO requirement is to
ensure that compliance with regulations gets senior level attention and
someone within the organization has the main responsibility for it. The
typical role of the Chief Compliance Officer is envisaged to be:

Page 44 of 198
 Tracking compliance requirements: The requirements depend on
the complexity, nature and location of businesses
 Identification of compliance strategy for new regulations and
ensuring clarity about implementation responsibility
 Discussions with regulators to seek clarifications if necessary
 Dissemination of compliance statutes throughout the
 Preparing and updating an inventory (calendar of returns, Dos
and Don'ts) of the requirements
 Reviewing ongoing compliance
 Devising internal guidelines and manuals to ensure that the staff
adheres to the code of conduct envisaged by the Board of
Directors for the purpose of corporate governance as well as the
expectations of the regulators
 Monitoring with various staff personal trading compliance
 Training of staff in compliance guidelines
 Dealing with regulators in case of inspections or investigations


Operational risk can be due to several reasons, including ill-defined
procedures and a weak control environment. While technology takes
care of key processing requirements of various customer services, there
have to be effective procedures around the computer system involving
human intervention. Operational risk could arise if these procedures are

Page 45 of 198
not properly documented and examined for robustness. The controls
built into these procedures also have to be properly examined to ensure
that errors are not inadvertently incorporated in processing.
Considering the magnitude of transactions in companies, it is critical
that operational risks are identified in advance and control processes to
mitigate these risks are established. These processes have to be
interlinked with the reporting processes so that all the exposures are
brought to the attention of senior management on a regular and
predictable basis.

There is a growing realization of the significance of operational risk. It

has been at the heart of a number of important problems. Operational
risks can arise due to inappropriate systems (losses due to inadequate
or wrong systems and procedures), settlements (consequences of failed
settlements), model risk (losses due to errors in model), fraud risk
(damage due to internal/external frauds), errors and omissions, legal
risk (inappropriate documentation), regulatory risk (non-compliance
with regulations), etc. A broad way of looking at operational risk is
every financial risk other than market or credit risk. Narrowly, this risk
can simply be defined as one arising out of operations. A more practical
definition, as mentioned earlier, is risk arising out of failed internal
processes, people and systems or from external events.
Internally oriented controls consist of:
• Segregation of duties to ensure that no individual is responsible
for the execution as well as settlement of transactions
• Independent checks from dual sources
• Reconciliation: Checking and comparing the balance in the
account books with actual bank balance

Page 46 of 198
• Diary system that help us in follow-up of important events or
• Audit Trails: All amendments, changes or deletions of records
need to be properly tracked and available for a supervisory

Externally oriented controls consist of the following methods:

• Trade confirmations from counterparties
• Verification of prices used in valuations from independent data
• Authorization and maker-checker controls

Errors and Omissions

There is a saying “To err is human”. Indeed, in spite of our best efforts,
it may not be possible to eliminate all errors. In banking institutions,
therefore, the concept of ‘maker and checker’ is used, whereby the work
of an individual could be independently verified by another.
Sometimes, an error could have a minimal effect, while in other cases,
an omission could be costly. When computer programmes are installed
without proper vetting, they could have built-in faults in logic that
perpetuate the error. In such a case, there could be a revenue loss or
overcharging of customers that can lead to claims from the customers
and loss of goodwill.

Fraud can be defined as any act or an omission done with a malafide
intention, for personal gain or for the gain of acquaintances by the
perpetrator (internal or external to the organization) that results in an

Page 47 of 198
unauthorized leakage of organizational resources. It could take the form
of a loss of assets (both financial and non-financial) or an increase in
organizational costs, resulting indirectly in a leakage of revenue and

Fraud can be of many types, including:

• Theft and embezzlement
• Forgery
• Disbursements against false securities
• Kickbacks
• Payments without appropriate consideration
• Unauthorized diversion of credits followed by withdrawals
• Passing off a transaction of one form as another
• Falsification of vouchers/records
• Accommodation advances
• Allowing conflict of interest to arise
• Misuse of vital stationery to create unauthorized documents
• Under-invoicing on sale of assets
• Misuse of access for physical property and data
• Commercial espionage

Some of the tools that are being used to prevent frauds are as follows:
• Customer identification
• Review of customer activities
• Review of transaction concentration and unusual transactions
• Physical access controls and security arrangements
• Electronic access controls
• Reconciliation and reviews of suspense accounts

Page 48 of 198
• Controls on important stationary
• Dual controls on transaction processing


Operational risk is the most important risk for an organization. As

mentioned earlier, operational risk may result from inadequacy or
failure of people, processes, systems or external factors. The risk is
important because, unlike credit risk or market risk, where the variables
are known and can be quantified, in assessing operational risk, it may
be difficult to do so.
The approaches available for measuring operational risk are:
• Qualitative Approaches
• Structural Approaches
• Actuarial Approaches
• Mixed Approaches

Qualitative Approaches
As the name suggests, qualitative approaches are based on the
management's judgement of various sources of risk. This does not make
it an arbitrary method. The judgement is based on information collected
through surveys or questionnaires from the management and operating

The questionnaire tries to gather information on:

• Historical Events
• Current State of Affairs

Page 49 of 198
Structural Approaches
These approaches use a model of causality that defines a set of linkages
between various processes and the probability of loss events. This helps
managers in concentrating their efforts on those links in the process
which have a high probability of loss.

It may not be possible to use this approach for all operational risks,
although for some well-defined operational risks (like process risk or
business risk) this approach may be useful. In the structural approach,
the flow chart of the process is constructed. Then, the manager tries to
identify the weak links in the process and the expected losses in such an
event. The probability of each link failing can be estimated to quantify
the loss for any given event. For more frequent failure events, the
probability estimation is easier. For less frequent events, this estimate
may be based on managerial judgement.

Actuarial Approaches
These approaches are statistical in nature and hence make minimal
assumptions about the causes and mechanisms of loss. They try to
estimate the parameters of the loss distribution, i.e. they do not identify
the sources of risks but include all of them. Hence, they are better than
qualitative approaches where the management identifies the sources of
risk. In the latter, there is a possibility that an important source of risk
might be overlooked.

Mixed Approaches
These approaches are a combination of all the above. These approaches
use judgement, structure and loss experience to measure the operating

Page 50 of 198
risks. Even the Basel Committee has recommended such an approach to
measure operational risk.
Two main approaches in this category are:
• Historical Loss Mapping
• Key Risk Indicators

Historical Loss Mapping

In this approach, the probability distribution of losses is estimated on
the basis of historical data. The steps in this method are:
1. Historical data on operating loss events are collected both at the
organization and industry levels. For industry level data, the
information may either be obtained from various sources in the
public domain or the data from various players may be pooled by
a nodal agency and made available to all players on an
anonymous basis (i.e. data is shared without disclosing the names
of the organizations, the corresponding loss events and the losses
2. The loss data is classified on the basis of the type of event that
caused the loss and the type of business unit process in which the
loss occurred.
3. The processes and business units of a particular company are
similarly classified and the loss data for the industry is used to
estimate the expected/unexpected loss for the company.

Key Risk Indicators (KRIS)

KRIs are quantifiable measures of the performance of the company’s
processes. If these indicators have been well chosen, then changes in
KRls should be in line with the probability of loss. Key risk indicators

Page 51 of 198
for operational risk may include volume of trades processed, volatility
in Profit and Loss account, employee turnover rate, average overtime
per employee, etc.

KRIs are very useful as a management tool. However, till historical data
that supports their connection to loss has been gathered, their usage to
determine the capital charge for operational risk will remain restricted.


Operational risk management is gaining importance, particularly since

large losses can be attributed to the failure of internal controls. Further,
the Basle II proposals include capital charges for operational risk.
Operational risk management can be achieved through preventive as
well as damage limiting controls. The former are necessary to decrease
the probability of loss; the second come into play when efforts are made
to curtail the loss incurred by the occurrence of an event.

Preventive techniques that form a part of operational risk management


In this technique, each business unit identifies the nature and size of
operational risk subjectively. It is necessary to pinpoint high impact
events as well as their probabilities. Events that when combined could
have a significant effect require appropriate monitoring.

Page 52 of 198
An audit of the business processes and controls by an external agency is
an essential process for operational risk control. Wherever necessary,
the audit can take the form of concurrent audit or even pre-audit. With
the use of technology, information systems audit has also become

Segregation of Duties
There has to be a segregation of duties so that no one person carries
through a transaction from beginning to end. This segregation results in
the separation of functions into front office, mid-office and back office.
The reporting lines for these functions should be independent till it
reaches the level of senior management that is not directly involved in
trading decisions.

The delegation of authority at all levels of the organization should be
clearly defined. This is particularly important in terms of the authority
to trade, settle trades, sign cheques, etc.

Independent Confirmation
An independent confirmation from the back office of the counterparty
is an important operational control. This practice averts the possibility
of financial losses at a later date. Also, in case of securities like a bank
guarantee, letter of credit or deposit receipt, it is important to get an
independent confirmation from the issuing bank to ensure its

Page 53 of 198
Use of Technology
Technology brings consistency in processing and minimizes stress-
related errors. One needs to take advantage of this. Wherever straight
through processing is possible, systems should be allowed to talk to
each other without human intervention. Technology, however, entails a
different set of risks (as discussed elsewhere) and this need to be

Model Validation
Models are constructed based on certain assumptions and formulae. It
is important that modes are rigorously tested and verified, as also any
changes in existing models.

Dual Controls
The system input should be independently checked and approved. This
reduces the possibility of errors within the system. Often organizations
insist on joint authorization for activities such as cheque payments and
procurement orders to ensure an independent application of mind.

Reconciliation of two independent records is an important control.
Outputs from two different records, like profit estimates of the dealer
and profit calculations by the mid-office, should be reconciled.

Process Manuals
Processes should be documented as far as possible through operations
manuals. They provide clarity regarding the steps involved in various
processes and the responsibility of carrying them out. The ownership of

Page 54 of 198
each process and step should be clearly defined and communicated. In
defining the process, various viewpoints such as tax, legal & accounting
need to be taken into account. It is important that each change in the
process is properly documented. These manuals can be used for
training new personnel and also help in reengineering processes when
change in the external or internal environment demands it.

Tickler Systems
For all important dates or events, alerts must be built into the system so
that the appropriate action can be initiated well in advance. An example
is a date of expiry of collateral, such as a guarantee deposited by a client
or a member of the stock exchange.

Departmental Checklists
Along with the operations manual, it is critical to develop departmental
checklists that provide details of daily, weekly, monthly, quarterly,
biannual and annual tasks that have to be performed, along with the
responsible person. These checklists must be signed off by the
responsible person on completion of the task. S/he would be held
accountable in case of failure.

Control over Correction

Any amendment to an important document (like a deal ticket) must be
subject to the same controls as the original document. Corrections
should preferably be done through an amending document. Where the
correction is minor and doesn't need a separate document, correction
should not be done using correction fluid; the earlier numbers should

Page 55 of 198
be struck off and new numbers or data rewritten in a way that the
original entry is still visible.

Verification of Prices
Mid-office must take/calculate market/current prices independently
and check if any price is out of line. These out of line prices could be
used to manipulate the profit/loss of the trading book or derivative

Code of Conduct
This is a necessity to manage not only operational but also reputation
risk. The code should specify what is expected from the employees and
the management. It should also cover policies on personal account
trading, gifts and entertainment. The code, in addition to being
documented, should actually be signed by each employee. This brings
in the employees' commitment to the organization’s expectations.

Incentive Payments
Most investment banking environments involve large incentive
payments. Often, incentives are much larger than the fixed pay. Unless
profit measurement is transparent and independently vetted, it can be
used as a tool to influence the incentives, resulting in a conflict of
interest. Further, incentive payments may motivate the trader to take
disproportionate risks since he may have relatively less to lose as
compared to the personal gains on excellent profit performance. Thus,
an overview of operations is necessary.

Page 56 of 198
Compliance Manual
With the growing complexity of rules and regulations, it becomes
necessary to compile the essence and communicate it to the employees.
The manual should thus be regularly updated. Just preparing the
manual is not sufficient, it is equally important to hold training sessions
that communicate the contents of the manual. The employees should
then give it in writing that they have read and understood the
requirements of the manual. Annually, they should confirm that they
have complied with the same. This induces greater discipline.

Compulsory Annual Leave

It is easier to detect fraud if another individual replaces an employee
who regularly handles a certain function. Insisting that each employee
must proceed on a two-week leave each year usually achieves this, as
during the period of leave, the employee is not allowed to attend the

Physical Controls
Physical or environmental controls are an important component of
operational controls; they include access controls (physical and
systems), fire controls, burglary alarms and transit controls (for
movement of people and important material including documents).

Know Your Client

Know Your Client or KYC ensures that the counterparty is properly
identified, and the client does not use the relationship for nefarious
activities like money laundering, manipulative practices, etc.

Page 57 of 198

The four fundamental instruments other than on-balance sheet

methods1 are Forwards, Futures, Swaps and Options. These tools can be
used to deal with managing financial risk, both in isolation and as
interrelated instruments to derive apparently new derivative products.

Forward Contracts
Of the financial derivatives, forward contracts are the most familiar,
appearing in transactions as common as buying a puppy. ‘I’ll pay you
$x for that puppy with the spot on its right hind leg when it is weaned.’2
A forward contract is one in which a party agrees to buy (long position)
from another party (short position), an item (underlying asset) on a
future date (maturity, expiry or expiration) at a price (forward price)
that is agreed in the contract.

The diagram labeled Figure 1.1 below helps illustrate the definition of
the forward contract. The top panel illustrates a foreign exchange
forward, in which our company has agreed to pay at time T, GBPx in
order to receive USDy. Assume that one company imports oranges
from the US and will therefore most likely have to pay for them in USD.
Exchange rate fluctuations might expose the company to differences on
exchange which the risk manager would like to hedge for.

Such as borrowing in the competitor’s currency or moving production abroad.
Charles W Smithson & Clifford W Smith Jr, Managing Financial Risks, Irwin Professional Publishing,

Page 58 of 198
Apart from the exchange rate fluctuations, such company is exposed
also to commodity price risks, that is, the risk of fluctuations in the
market price of oranges. In planning the raw material requirements for
the forthcoming production runs, the company will discuss the risk
profile in a round table discussion involving the procurements section,
the sales division and the risk management team. The sales department
might show concern about the selling prices that seem to be competing
in a fierce market and therefore the cost of the purchased oranges plays
a significant role in the level of the bottom lines of the company. The
risk management team, in consultation with the procurements
managers, might fear that the actual price (spot price) of the underlying
asset, that is oranges, at the time T when the shipment is due, may be
higher than the price used in the budgets. The lower panel of the figure
labeled Figure 1.1 illustrates a commodity forward contract in which the
company has agreed at time 0 to pay USD y for x tonnes of oranges to
be delivered and paid for at time T.

Figure 1.1 - Illustrative Forward Contracts3

Adopted from Charles W Smithson & Clifford W Smith Jr, Managing Financial Risks, Irwin
Professional Publishing, Page 146

Page 59 of 198
The company actually could have considered using the cash markets to
hedge that is by buying the oranges today at time 0 for shipment at time
T. However, this method would have affected the cash outflow of the
company immediately. The advantage with the forwards is that buyers
who do not have the cash immediately do not have to borrow, and
those who do have the liquidity need not spend it on the contract date.
Forward contracts are by nature credit instruments in that at time T, a
party to the contract who might find that the spot price then is more
favourable than that agreed upon in the forward contract, might decide
to abrogate the contract. This would leave the other party exposed as
much as one would be out a sum of money in the case where a
borrower reneged on a loan. Therefore, it is evident that Forward
contracts entail credit risks. For this reason, realistically, the forward
market is less appropriate for the individual, the sole proprietor or the
small company. The parties in a forward contract fall under four
categories, namely:
1. Businesses who need the underlying asset in the future
2. Businesses who want to supply the underlying asset in the future
3. Speculators
4. Intermediaries

In this case, the parties to the contract are the company and an
intermediary. The foreign exchange forward described above as a tool
available for the company to hedge against fluctuations in the price of
USD for GBP, is contracted with a currency dealer such as a bank. The
commodity price forward is either done with the farmer himself, which
is cumbersome, or done over-the-counter with a merchant or a dealer.
When the forward contracts are agreed with the intermediaries, it is the

Page 60 of 198
intermediaries who set the forward prices. Very often, the forward price
PF exceeds the current spot price PS (contango). The relationship
between PF and PS is usually related to C, the cost of carrying the
underlying asset from now until maturity. In the case of foreign
currency, C would be the interest lost on the domestic currency GBP
that is used to buy the USD minus the interest that the USD itself earns.
That said, the Interest Rate Parity Theorem states that all differences
between spot and forward exchange rates are offset by differences in
interest rates. Therefore, PF is related to PS by the domestic interest rate
rD, the foreign interest rate rF, and the time to maturity in years, T. This
relationship is expressed as follows:
PF = PS [(1+ rD)/ (1+ rF)] T
In the case of the oranges, C would chiefly be the interest lost on the
GBP used to buy them plus the cost of storing them. However, it is
generally thought that PF will be slightly below PE (expected price) by
an amount that reflects the risk premium which faces investors who
agree forward contracts on those commodities. The modern view for
commodities is based on the portfolio theory which states that forward
prices will always be below expected future prices for all those
commodities whose prices tend to rise when the economy expands.
Under this theory, PF is related to PE as follows:
PF = PE (1+r)
(1+r+ βp)
r is the risk-free interest rate,
p is the market portfolio risk premium and
β is the beta4 of the underlying asset.

measure of how the price of the asset responded to market movements
Page 61 of 198
That said, a study by Dusak in 1973 argued that for many commodities
β was close to zero, in which case PF would be very close to PE5.

Figure 1.2 - Payoff profile for a Forward Contract

The above figure illustrates the company’s foreign exchange risk profile.
If the actual price at contract maturity is higher than expected, the
inherent risk results in a decline in the value of the firm. However, this
decline is offset by the profit on the forward contract. Apart from its
payoff profile, the forward contract has two other features:
1. The credit or default risk is two-edged and therefore the contract
owner either receives or makes a payment depending on whether
the price movement of the underlying asset is positive or negative

David N King, Financial Claims and Derivatives, International Thompson Business Press, First edition,
Page 122

Page 62 of 198
2. No payment is made either at origination or during the term of
the contract

Futures Contracts
Futures or Future contracts are contracts that resemble forwards in
many ways.
Similarities with Forwards:
1. They oblige the parties to deal on a future maturity (expiry) date
2. They specify a futures price or some other value to establish the
terms under which the deal is made
3. They are used by both hedgers and speculators
4. The payoff profile illustrated in Figure 1.2 for the purchaser of a
forward contract could also serve to illustrate the payoff to the
holder of a futures contract.

There are however distinguishing features of futures:

1. Futures may only be agreed on recognized futures exchanges
unlike forwards that can be agreed anywhere
2. Futures exchanges insist on standardized contracts stipulating the
quantity that must be agreed in each contract, restricting the
choice of maturity dates and even constraining the futures price,
and in the case of commodity futures, they also stipulate the
quality and delivery points.
3. Credit or default risk can be virtually eliminated in a futures
market through the ‘marked-to-market’ mechanism whereby the
value change is settled at the end of each day rather than at the

Page 63 of 198
expiry of the contract as with forwards6, and through the ‘margin’
which is a form of performance bond
4. Through the exchanges (or clearing houses), the costs of
transacting in futures are reduced

Therefore, referring back to the commodity price risk of the company,

the risk management team may consider that a futures contract may
adequately hedge against the risk of price fluctuations in oranges. The
main reason why the team considers futures is because the company
may want to close out on the contract because the price of the fruit is
more favourable than the contracted price, close to the expiry. Closing
out with forward contracts can be hard because the company would
have to make a second offsetting contract or reversing trade with the
same dealer, who may be reluctant to agree precisely to the same
quantity, quality and delivery point. With forward contracts there are
so many different maturity dates, quantities, qualities and delivery
points that it could even be harder for the company to find someone
other than the dealer willing to take over the contract.

On the other hand, the futures exchange might be able to offer contracts
for only six maturity days a year, say the third Wednesday in January,
March, May, July, September and November. Also, the exchange might
give no choice over the quality or quantity and limited choice on the
delivery points. These are possible limitations of futures markets. There
might also be a possibility that the exchange will not offer contracts for

Fischer Black linked a futures contract to a ‘series of forward contracts in which each day,
yesterday’s contract is settled and today’s contract is written’. Source: Donald H. Chew, Where
Theory meets practice, McGraw-Hill, third edition, page 400

Page 64 of 198
the specific commodity required, in our case oranges. However, with
futures there are appropriate responses that will render hedging far less
of a problem than it might appear. The reason for this is that there are
plenty of people willing to accept standardized futures contracts and
consequently, it is always fairly easy to agree precisely offsetting
contracts. We shall below take a brief canter through some responses
that render hedging with futures less problematic than it seems.

One problem mentioned above is that futures rarely mature on the day
which hedgers would like. In such a case it is always advisable to use
futures that mature after the required date and close out on the date
required. Therefore, assume that the company is required to purchase
200 tonnes of oranges on the 10th October and the closest available
maturity dates are the third Wednesdays of September and December,
say 17th September and 17th December. The best strategy might be to
take the 17th December future contract and close out on the 10th October
because otherwise, if the September maturity is taken, the company will
be exposed during the period 17th September to the 10th October.

Let us for a moment assume that no futures contracts exist for oranges,
even though they are available for orange juice (say from the New York
Commodity Exchange). Assuming also that the prices of oranges and
those for orange juice are perfectly positive correlated, the company’s
best strategy in this case using futures might seem to be to make a
futures contract to buy orange juice and close out just before maturity.
The profit or loss made will offset the loss or profit respectively on the
purchase of oranges at the spot price on that day. This transaction is
called a ‘cross hedge’. If however the prices of oranges and those of

Page 65 of 198
orange juice are not perfectly positive correlated, then the company
shall need to establish the relationship using statistical methods. In this
situation the appropriate response would then be a ‘weighted hedge’.
This might result in a relationship or hedge ratio of say 1.05, or the
requirement to buy 105 tonnes of orange juice to hedge for price
movements of the 100 tonnes of oranges required.

As we have seen that the owner of both a forward and a future contract
has an obligation to perform. An option, on the other hand, gives its
owner a right, not an obligation to perform. We have discussed the risk
profile of the company buying forward oranges or foreign exchange,
starting by Figure 1.1 and developing it to Figure 1.2. We have seen that
the obligation to perform under both forwards and futures will result in
offsetting gains or losses through hedging in the eventuality of either an
increase or a decrease in the price on expiry compared to the agreed
forward or future price. An ideal contract would shift the payoff line in
the lower left quadrant of the pictogram, upwards until horizontal. This
would imply that if the actual price decreased on maturity compared to
the exercise price, then the owner of the contract would have the
possibility to cancel the agreement. This is illustrated in the diagram
below labeled Figure 1.3.

This ideal contract is actually possible through options. With a call

option the party intending to buy such as our company, has the option
or right to call off the deal. With a put option the party intending to sell
has this right. If the company opts for American Style options, then it
would have a right to cancel the option at any point in time. Those
options that allow the owner to cancel only at maturity are termed
Page 66 of 198
European Style options. In return for having this right to cancel, the
party who has it has to pay to the other party a premium or price which
is non-refundable. This is shown diagrammatically on Figure 1.4.
Basically, this diagram illustrates that if the option is exercised by our
company, because the spot price on expiry is higher than the strike
price of the option, the gain realized by exercising the option will be
reduced by the premium. Similarly, if the spot price is lower than the
strike price and the company cancels the option to buy at the spot price,
then its sunk cost would still be the premium amount. Therefore those
who buy options limit their possible losses to the value of their
premiums paid when the options are agreed.

Figure 1.3 - Payoff profile of an Option Contract

Page 67 of 198
Figure 1.4 - Payoff Profile of Option contract including Premium

So far we have considered ‘at-the-money’ options that are options for

which the exercise price is the prevailing expected price. This type of
option is paid for by sacrificing a significant amount of the firm’s
potential gains. If however the company is willing to accept larger
potential losses, then it might consider an ‘out-of-the-money’ option
that attracts a lower premium cost. The comparison between these two
types of options is illustrated in Figure 1.5 on the next page.

Page 68 of 198
Figure 1.5 - Risk profile of different Options

Of particular interest is the foregone downward protection for a lower

premium. This foregone protection will result in a lower increase in
value to the firm for a relative downward price movement when
compared to the ‘at-the-money’ option. The lesson here is that the
option buyer can alter her payoff profile simply by changing the
exercise price.


Risk management aims at adding maximum sustainable value to all the

activities of the organization. The proper balance should be maintained
between risk and return because too much risk can be fatal to a
company, but too little risk can result in missing attractive
Page 69 of 198
opportunities and lowering the return on economic capital. A risk has
been classified by different authors in different ways. Financial risk is
one of the types which is further segmented into market risk, credit risk
& operational risk. There are various approaches, models & methods to
measure & manage these risks. The use of derivative instruments like
forwards, futures, options & swaps, both in isolation & as interrelated is
very popular to avoid the negative impact of financial risks.

Risk management practices are becoming ever more important as

cutthroat competitiveness intertwined with increasing pressures on
management to add to shareholder value are the main concerns of
today’s businesses.

Page 70 of 198

1. Alijoyo, A. F., (2002)., Board member of the forum for Corporate

Governance in Indonesia, Abstract from a panel discussion on
corporate Governance, “Risk management's role in corporate
governance”, 16 December 2002, Yogakarta - Indonesia, 23 December
2002, Bandung - Indonesia., p 8,
archives.htm, Date of access: 04 November 2012.
2. Anson, M.J.P. & Ma., (2003)., “Board role in risk management. The
Corporate Board”, Sep/Oct. Vol.24., Issue 142., p22-p26., Date of access: 02 September
3. BCBS (2003)., “Sound Practices for the Management and Supervision of
Operational Risk”, Bank for International Settlements, Basel.
4. Brealey, R.A., Myers, S.C., (2003)., “Principles of corporate finance”,
Seventh edition, New York: McGraw-Hill/lrwin, p 1071.
5. Christopher, L. Culp., (2001)., “The Risk Management Process: Business
Strategy & Tactics”, John Wiley & Sons, Inc., p 29, 18.
6. Coyle, B., (2000)., “Currency risk management: lntroduction to currency
risk”, United Kingdom: Financial world publishing, p 115.
7. Das, T. K., (2001)., “Strategic risk behaviour and it’s temporalities: between
risk propensity and decision context”, Journal of management studies, Vol.
38, lssue 4, http://www.,
Date of access : 02 September 2012.
8. David, N. King., “Financial Claims and Derivatives”, International
Thompson Business Press, First edition, p 122.
9. Doherty, N.A., (1985)., “Corporate risk management”, United States of
America: McGraw Hill, p 483.

Page 71 of 198
10. Donald, H. Chew., “Where Theory meets practice”, McGraw-Hill, third
edition, p 400.
11. Dun & Bradstreet., (2010)., “Financial Risk Management”, Tata
McGraw Hill Education Private Limited, New Delhi, Seventh reprint
2010, p 3-84.
12. Fatemi, A. & Luft, C., (2002)., “Corporate risk management. Costs and
benefits”, Global Finance journal, Vol. 13, lssue 1., p29 -p38,, Date of access : 09 September
13. Franco, Azzopardi., (2004)., “Financial Risk Management”, M.Sc.
student, University of Leicester, , p1 – p18.
14. “Financial Risk Management”, The Institute of Chartered Financial
Analysts of India, April 2001, p 6.
15. Green, M.R. & Serbein, O.N., (1983)., “Risk management : Text and
cases”, 2nd ed. Reston Publishing company , p 628.
16. Gupta, P.K., (2004)., “Enterprise risk management – sub-optimality to
optimality”, Journal of Insurance & Risk Management, Vol. II No. 4.
17. Gupta, P.K., (2004)., “Insurance & Risk Management”, Himalaya
Publishing House, New Delhi.
18. Heleen Janse Van Vuuren., (May 2006)., “Disclosing Risk Management
Policies in Financial Statements”, Vaal Triangle Campus: North-West
University (Dissertation - M.Comm.), p 13-17, 27-31.
19. Herman, M. L. & Head, G. L., (2002)., “Strategic risk management:
looking at both sides now. The Non-profit risk management centre”,, Date
of access: 24 October 2012.

Page 72 of 198
20. ICAEW (The lnstitute of Chartered Accountants in England &
Whales)., (2002)., Centre for business performance. Briefing 06.02.
No surprises: Working for better risk reporting., Date of access: 02 September
21. Kloman, H.F., (1987)., “Risk management… by many other names", Risk
management June, p 62.
22. Koenig, R. David., (2004)., “The Professional Risk Manager’s Handbook:
A Comprehensive Guide To Current Theory & Best Practices”, Volume III:
Risk Management Practices, PRMIA Publications, Wilmington, P 3.
23. Lam, J., (2001)., “Risk Management – The CRO is Here to Stay”,
Prentice-Hall, New York, NY.
24. Lovemore, F. C. H. & Brummer, L. M., (2003)., “The ABC of financial
management. An introduction to financial management and analysis”, 2 nd
ed., South Africa: Van Schaik publishers, p 252.
25. Lucouw, P., (2004)., “Creating the more. Balancing on the tight rope to
prosperous existence”, South Africa: Corals Publishers, p 192.
26. Napp Ann-Katrin., (September 2011)., “Financial Risk Management in
SME - The Use of Financial Analysis for Identifying, Analysing and
Monitoring Internal Financial Risks”, Master Thesis, Aarhus School of
Business, Aarhus University MSc. in International Economic
Consulting Academic.
27. Olsson, C., (2002)., “Risk management in emerging markets. How to
survive and prosper”, London: Pearson education limited, p 31.
28. Punithavathy, Pandian., (2009)., “Security Analysis and Portfolio
Management” , Vikas Publishing House Noida, p 139-145.
29. Shimpi, P.A., (2001)., “Integrating Corporate Risk Management”,
Texere, New York.

Page 73 of 198
30. Skipper, H.D., (1997)., “International Risk and Insurance”, McGraw-
Hill, New York, NY.
31. Smithson, W. Charles & Clifford, W. Smith Jr., “Managing Financial
Risks”, Irwin Professional Publishing, p 145-146.
32. Tiwari, P. & Verma, H., (October 2010 - March 2011)., “Risk
Management of Indian Corporate Sector-An Empirical Analysis of
Business and Financial Risk”, IJBIT, Volume 4, Issue 1, p 57-58.
33. Valsamakis, A.C., Vivian, R.W. & Du Toit, G.S., (1996)., “ The theory
and principles of risk management”, Heinemann Publishers. Isando,
South Africa, p 356.
34. Wessels, R., (2003)., Senior manager at Deloitte, “Report on risk
management – issues facing directors”,, Date
of access: 02 September 2012.

Page 74 of 198