ppt #1 1

IPGDRM 2013-14
 Introduction
Introduction
t o Risk Management
to Risk 1
.
Management
. Administration
Administration
Administration
nd operational
a and
operational
Risks Operational Risks Risk and
Risks Risk and
Organizational
anizational
Organizational
Planning Planning
Planning
5
Ris
Risk and Return 4
and Return
2
Enterprise Risk Management
syllabus

Risk
Risk in in Risk Management
Risk Management Risk Management
Risk
Organizational
Organizational and RiskManagement
Management
formation
nformation Systems Standards
Standards
Context
Context Information Systems Standards
Systems

1 27
3 6
 Enterprise Risk Management

Historically, within both private and public

organizations,Risk management has traditionally
been segmented and carried out in ‘silos’.

This has arisen for a number of reasons, such as

the way our mind works in problem solving, the
structure of our business organizations and the
evolution of risk management practice.
3
 Enterprise Risk Management

There is clearly the tendency to want to

compartmentalize risks into distinct mutually
exclusive categories and this would appear to be
as a result of the way we sub divide problems to
Credit risk
manage them. Interest rate risk
Equity risk
Currency risk
Commodity risk
Underwriting risk
Operational risk
Reputational risk 4
 Enterprise Risk Management

ERM is a response to the sense of inadequacy in

using a silo based approach to
manage increasingly interdependent
risks.
The discipline of ERM, sometimes referred to as
strategic business risk management,is seen as
a more robust method of managing risk and
opportunity and an answer to the business
1
 Enterprise Risk Management
pressures.

2
ERM is designed to improve business
performance .
It is relatively a new approach, whereby risks are
coordinated and integrated way across an entire
business.
ERM is about understanding interdependencies
between the risks, how materialization of a risk
in one business area may increase the impact of
risks in another business area.
ERM is an illustration of integrated approach to
risk management.
applied Board
Identify events
Strategy setting
Management
Process affected Manage risk
Across enterprise designed

Personnel
ERM is; Achievement objectives

“ – a process, affected by an entity’s board of

directors, management and other personnel
applied in strategy setting and across the
enterprise ,designed to identify potential events
that may affect the entity, and manage risk to be
within its risk appetite, to provide reasonable
assurance regarding the achievement of entity
objectives”
With an ERM approach, the scope of risk
management is enterprise wide and the application
of risk management is targeted to enhancing as
well as protecting the unique combination of
tangible and intangible assets comprising the
organization’s business model.

1
With market capitalizations often significantly
exceeding historical balance sheet values,
the application of risk management to
intangible assets is critically important.

1
Just as potential future events can affect the value
of tangible physical and financial assets, so, too
can they affect the value of intangible assets eg
customer assets, employee/supplier assets and
organizational assets such as entity’s distinctive
brands, differentiating strategies, innovative
processes and proprietary systems.

1
This is the essence of what ERM contributes
to the organization- an elevation of risk
management to a strategic level by
broadening its application to all sources of
value, not just physical and financial ones.

1
 Meaning ,nature of risk-sources of risks
b. Types of risks

c. Concept of risk management

Introduction
d. Purpose and objective of risk management
to risk management
e. Risk Management techniques

f. Limitations of risk management

g. Costs of risk management

1
 Meaning of Risk

Webster says that ‘Risk’ is the possibility of

something unpleasant happening or the chance
of encountering loss or harm.

Risk is the possibility of the actual outcome

being different from the expected outcome.

1
Risk includes both the downside and the upside
potential.
Downside potential is the possibility of the
actual results being adverse compared to the
expected results. On the other hand, upside
potential is the possibility of the actual results
being better than the expected results
 Definition of Risk

The Chinese symbol for risk best captures the positive

and negative outcomes of risk;

The symbol for risk is a combination of danger

(crisis) and opportunity, representing the downside
and upside of risk.
1
 Meaning of Risk

The terms risk and uncertainty often used are

interchangeable. There is a clear distinction between
certainty, uncertainty and Risk.

Certainty is the situation where it is known what will

happen, and happening or non happening of an event
carries 100 % probability.
Uncertainty is where even the probable outcomes are
unknown. It reflects total lack of knowledge of what
might happen
1
 Meaning of Risk

Risk is variable which can be calibrated,

measured and compared. The degree of risk
attached to an event is generally linked to the
likelihood of the occurrence of an event

Risk is a function of the probability of an

outcome being different from that expected,but
also its potential intensity,if it occurs.
.
1
The magnitude of the probable outcomes and
the probability of their occurrence together
determine the riskiness of an event. Risk is
measured using standard deviation.
 Meaning of Risk

Risk is different from peril and hazard.

While risk is the possibility of a loss, peril is
the cause of loss. Hazard is a factor that
may create or increase the possibility of a
loss in the face of an undesired event or
may increase the possibility of the
happening of the undesired event.

1
 Sources of Risk

If a company is exposed to a risk the impact

should finally be felt on the values of its assets and
liabilities. In some cases ,the impact may be direct
while in others it may be indirect.

The concept of risk becomes relevant only

when there are assets and liabilities and are risk
sensitive either immediately or in future- eg fire,a
source of risk- can affect directly the inventory. When a fire destroys the
inventory there can be a consequential indirect impact on the profits of
the company.

1
 ERM: shift in focus

From To
Fragmented Integrated
Negative Positive
Reactive
Proactive
Ad hoc Continuous
Historical looking Forward Looking
Cost based Value- based
Narrowly –focused Broadly focused
Silos Systemic
Functionally driven Process -driven
 Sources of risk
for a business entity

External non recurrent risks such as

consumer boycotts,
technology, patent infringement
External
source External recurrent risks such
as demand and supply
cyclicality competition, supply
chain,

Internal
Internal risks such as failed /delayed product
source
launches
product recall/default,plant safety
Financial source
Credit risk,Market risk like, interest rate changes,
Exchange rate movements,
equity /commodity price changes
1
 Hazard Risk
Typesaccidents,
is related to natural hazards, of Risksfire etc
that can be insured

Hazard Risk
is related to natural
hazards, accidents, fire etc
that can be insured

Financial Risk
has to do with volatility in
interest rates
exchange rates,default on loans
ALM mismatches etc
1
 Operational Risk
is associated with systems,
processes and people and
deals with succession planning,
human resources.
Information technology
control systems and
compliance and
regulation

Strategic Risk
stems from an inability to adjust
to changes inthe environment
such as changes in customer priorities,
Competiveness conditions
and geopolitical developments
 Sources of Risks in General insurance

The underwriting function needs to ensure that a

robust infrastructure is in place so when individual
accounts are underwritten the underwriter has:
i. adequate information on the risk, such that the

exposures can be reasonably known and

understood,
ii. the skills and experience required to analyze the
risk, and
iii. the ability and incentive to design coverage and

price the account properly

1
 Underwriting authority needs to be granted based on skills
and experience and not on managerial hierarchical level.
Referral authorities need to be in place, as well as effective
auditing to ensure compliance with delegated authorities, in
order to minimize opportunities for “rogue” activities. The
underwriting infrastructure also needs to provide training and
oversight such that applicable laws, statutes, regulations,
filings and so forth are rigorously followed. Adherence to
filed rates, forms and similar measures is intended to
reduce the opportunity for money laundering, terrorism
funding, and so forth, and to ensure that customers are
treated fairly.
.
 An underwriting infrastructure also needs to be in place
to allow for the meaningful capture of data on the risks
underwritten. This is necessary to monitor
concentrations, meet any regulatory reporting
requirements and have the ability to manage the
underwriting of individual accounts to remain within
agreed limits on aggregate concentrations.
 Concepts of Risk Management

The essence of good risk management

Principle
Risk is every where is to be able to roll with the punches
1
when confronted with the unexpected

Good risk management is not about

Principle
seeking out
Risk is or avoiding
threat and risk but about
maintaining the right balance between
2 opportunity
the two
We are not always
Managing risk is a human endeavor,
Principle rational about the way
To manage risk the right and
way, weahave
risk management system is only
3 we assess or deal with
Principle risk Not the
to pick rightisperspectiveasongood
all risk risk as
andthe people
stay manning itthrough
consistent
4 created to
the process equal
that perspective.
29
 Principles of Risk Management

We have to understand what the tools

Principle share in common, what they do
Risk can be measured
5 differently and how to use the output from
each tool

The tools to assess risk and the output

Good risk measurement /
Principle from risk assessment should be tailored
assessment should lead
6 to the decision making process rather
to better decisions than the other way round

The key to good risk

Determining
management is deciding which risks to avoid, which
which ones risks
to pass shouldand
through be which to ex
Principle hedged, which should not, ,and which
7 should be taken advantage of is
key to successful risk management
30
 Objectives of risk management

Sl no Objectives
1 To systematically identify and measure various risks faced by the
organization
2 T quantify such risks where possible in terms of likely impact
on profits or capital of the organization
3 High light extreme risks that are not included in the quantification
process and be alert the management on such risks on a regular
basis
4 Improve the organizational awareness and appreciation of various
risks and the need to manage them
5 Improve margins through reduced risks,lower cost of capitaland
improve capital availasbility for for business and regulatory purposes
6 Assist the business and product development divisionsin developing
appropriate products and services
7 Develop objective performance evaluation methods like RAROC. 31
 Principles of Risk Management

The payoff to better risk To manage risk right, we have to

Principle
management is higher understand the levers that
8
value determine the value of a business

Managing risk well is the essence

Principl Risk management
of good business practice and
e9 is part of everyone’s
everyone’s responsibility
job

Successful risk taking To succeed at risk management, we

z organizations do not have to embed it in the organization
get there by through its structure and culture
accident
1
 Risk Management techniques

Avoidance

Loss Control Ris

k becomes relevant if one is holding an
asset/liability which is vulnerable to risk.

Separation
Avoidance refers to not holding such an
asset/liability as a means of avoiding risk.
This model can be adopted more as an
Combination
exception rather than a rule for obvious
reasons.

Transfer
1
 Avoidance

Attempt to reduce either the possibility

of a loss or the quantum of loss.
Loss Control Loss control measures are used in respect
of risks which cannot be avoided. These
risks might have been assumed either
Separation voluntarily or because they could be
avoided.
The objective of the measures is either to
Combination prevent loss or to reduce the probability of
loss -eg, insurance, loans at floating rate of
interest to ensure protection against rising
Transfer interest rates
 Avoidance

The scope for loss by concentrating an

Loss Control asset at a single location can be
reduced by distributing it at different
locations.
Separation
Assets required for consumption such as
inventory can be placed at multiple
Combination
locations so that the loss in case of
accident is minimized.

In the process risk centers get increased.

Transfer
 Avoidance
The risk of default is less when financial
assets are distributed over a number of
Loss Control
number of issuers instead of locking in the
same with a single issuer.

It pays to have multiple suppliers of raw

Separation
materials instead of relying on a sole
supplier.
Combination
A well diversified company has a lower risk
experiencing recession.
Transfer
 Risk Management

Avoidance
Risk reduction can be achieved by
transfer.
Loss Control
The transfer can be of three types;

-The risk can be transferred by

Separation
transferring the asset /liability itself.
-Transferring the risk without transferring
the asset /liability– eg swaps in forex .
Combination
-Making third party pay for losses without
transferring the risk- insurance
Transfer
1
 Limitations of Risk Management

Risk Management cannot prevent the adverse

events from happening.
Quantitative models used in risk management
have limitations. Even the most popular tool like
VaR suffers from limitations.
Risk management is a tool in the hands of
management and the quality of governance
decides the quality of risk management and vice
versa.
1
Risk models are based on historic data and most
models assume that the historical data follows a
uniform distribution .Such assumptions may not
not hold good during bursts of stress in the market.
Risk management is also subject to limitation that
it tries to simplify the risk by arriving at a few risk
numbers.While such quantification of risk prima
facie is alright, the dynamic nature and their ever
changing linkages require a more dynamic
approach to measuring risk using tools like
scenario analysis or sensitivity analysis
Limitations of Risk Management
The governance mechanisms are not being able to
control risks assumed by the management Due to
lack of awareness of various new and complex
financial instruments such as derivatives and the
principles of effective risk management governing
bodies have been criticised of late. Even rating
agencies have been subjected to criticism for
failure to correctly identifying the various
instruments rated by them.
1
Leverage and speculatve positions have led to
failure of many institutions. What is risk taking and
what is speculation need to be spelt out by the Board
 Costs of Risks

There are various costs involved in the

management of risk like the following;
- Risk Identifying Costs

- Risk Handling Costs

- Actual losses

- Social costs

- Loss Financing Costs

- Loss Control Costs

- Cost of residual Uncertainty

1
Risk Identifying Costs

Risk identifying costs are those costs which

an enterprise incurs to identify and analyze
the risk like fees for consultants. Given the
fact that most preventive measures are
estimated on an ex ante basis*, risk identifying
costs are estimates of the cost of losses.

* before the event

 Costs of Risks
Risk Handling Costs

After the risks are identified, certain expenses

of handling them are to be incurred like
insurance premia, alarm installation and loss
prevention devices in addition to the man hours
spent on risk handling

1
 Costs of Risks
Actual Losses
Actual losses imply direct and indirect losses.
Damages caused by fire, death of personnel, loss of
production and finished goods are direct losses. While
indirect losses imply productivity reduction, stoppages
which will happen if the fire takes place.
Social Costs
These are the costs that the company may have to
undertake to compensate the Society for the damages
caused by its actions – eg Union Carbide

1
 Costs of Risks

Loss Financing Costs

These costs also include insurance policies
hedging arrangements and other contractual risk
transfers etc
Loss Control Costs
Loss control costs are the increased precautions
and limits on the risk activities in order to reduce
the chances of recurrence of risks eg, timely
maintenance of machinery.

1
Residual Uncertainty Cost
After the magnitude of losses are eliminated
through various measures like insurance
policies, loss control etc there are certain risks still
remain uncovered. These are usually small in
nature and known a residuary risks.
 Principles of Risk Management

Risk management
Principle
Risk management
should
1 create value
Principle should be an integral part of the
2 Organizational processes

Principle Risk management

3 should be part of decision making

Principle Risk management

4 should explicitly address uncertainty
1
 Principles of Risk Management

Risk management
Principle
Risk management
should
5 be systemic and structured
Principle should be based on the best available
6 information

Risk management
Principle should be tailored o the specific needs
7 of the organization

Principle Risk management

8 should take into account human factors
1
 Principles of Risk Management

Principle
Should be transparent and inclusive Risk management
9
Principle should be dynamic,iterative and
10 responsive to change

Risk management
Principle Should be capable of continual
11 improvement and enhancement

51