Introduction to Risk Management

PGDM 22-24
N K V Roop Kumar

1
Disclaimer :

The views expressed by the trainer(s) are not those of the trainer’(s)
employer, firm, clients, or any other organization.

The opinions expressed do not constitute legal or risk management

advice.

The notes/slides provided, views discussed are for educational purposes

only and provided only for use during this session.

2
Profile :
N.K.V. Roop Kumar RF, RIMS CRMP, FLMI, FRMAI, ARM™

▪ Trainer , Consultant also Chairman RIMS India Chapter for the RIMS (The Risk
Management Society, USA) . last assignment was EVP, Chief of Risk, Info & Cyber Sec.
Mgmt. at SBI Life Insurance India.
▪ Over 34 Years of experience (20 Years in LIC of India & 14 Years in SBI Life Insurance)
handling critical portfolios in Enterprise Risk Management, Cyber Security, Data
Protection, Business Continuity, Fraud Monitoring, Operations,Insurance &
Marketing etc.
▪ Fellow of RIMS, USA (RF), Fellow of Life Management Office Association (FLMI LOMA-
USA), Fellow of Risk Management Association of India (FRMAI) & International
Council Member of the RIMS, USA.
▪ Visiting faculty in various National Institutes & B Schools like National Insurance
Academy (NIA, Pune), Insurance Institute of India (III), BIMtech, IIRM, ASCII.

LinkedIn Profile- linkedin.com/in/roop-kumar-nagumantry-17492043

Personal Cell- +91 7506639798
eMail- roopkumarn@gmail.com
3
Agenda:
➢ 1. Section A :
➢ 1.1 Risk Management Environment

➢ 1.2 Risk Management - Benefits

➢ 1.3 Risk Management - Objectives

➢ 1.4 Basic Risk measures

➢ 1.5 Classification of Risk

➢ 1.6 Fundamentals of ERM

4
 Risk management Environment 1.1
• Introduction :
• After the 2008 financial crisis, international regulatory agencies
required improvements in risk.
• The 2008 Financial Crisis, also called the Global Financial crisis,
was the most severe economic crisis, the world experienced after
the Great Depression in the 1930’s.
• This Financial crisis was triggered by excessive risk taking by
Banks, which got aggravated with the collapse of the USA housing
bubble.
• This first caused the values of mortgage backed securities to
plummet, causing enormous financial damage to Financial
institutions which were involved .
 Risk management Environment 1.1
• Introduction :

• The financial firm Lehman Brothers went bankrupt on September

2008, IndyMac Bank became the largest ever Bank to fail in the
USA.
• Fannie Mae and Freddy Mac, two of the biggest home loan lenders
were seized by the US Govt. , this resulted in a global meltdown.
• Massive bailouts of the Banks and Financial institutions, palliative
changes in Fiscal policies, resulted in sparking a global recession
which lasted from 2007 to 2009
 Risk management Environment 1.1
• Overview:
• Traditionally, risk management has been applied to the risks
associated with accidental losses.
• Now, Risk management includes all risks of the organization and
the potential effects of those risks on the organization’s objectives.
• Risk Management now also considers the interconnections
between internal and external risks.
• Definition : Merriam-Webster defines risk as “the possibility of
loss or injury: peril.”
• Definitions of risk are now being used in different risk management
texts and standards are as follows :
 Risk management Environment 1.1
• Risk Definitions:

• “The effect of Uncertainty on Objectives” : ISO 31000 : 2018.

• “The possibility that an event will occur and adversely affect the
achievement of Objectives” : COSO 2017
• In his book Against the Gods: The Remarkable Story of Risk, Peter
L. Bernstein writes, “The word 'risk’ derives from the early Italian
risicare, which means ‘to dare.’ .
• “Uncertainty about outcomes that can be either negative or
positive.” This definition reinforces Bernstein’s concept that risk is
a choice, not merely something that might happen.
 Risk management Environment 1.1
• Risk Management :

• The website Business Dictionary defines risk management as “the

identification, analysis, assessment, control, and avoidance,
minimization, or elimination of unacceptable risks.”

• “ Coordinated activities to direct and control an organisation with

regard to Risk “ : ISO 3100-2017
• “ The Identification, assessment and response to a risk related to a
specific objective”. : COSO-2017
 Risk management Environment 1.1
• Risk Management :

• In Against the Gods, Bernstein states, “The essence of risk

management lies in maximizing the areas where we have some
control over the outcome while minimizing the areas where we
have absolutely no control over the outcome and the linkage
between effect and cause is hidden from us.”
• “The process of making and implementing decisions that enable an
organization to optimize its level of risk.” This definition reflects
an organization managing risks, both positive and negative, to meet
its objectives.
• Eg : Risk and Opportunity when you create a startup.
 Risk management Environment 1.1
• Risk Management :

• Organisations are recognising the increasing variety, number, and

interaction of risks facing organizations.
• Concept of a holistic approach to risk management :
• It is important for an organisation to manage all of their risks, not
just those that are familiar or easy to quantify.
• Risks that seem insignificant have the potential to create significant
• damage or opportunity when they interact with other events.
• This helps organizations to develop a true perspective on the
significance of various risks.
 Risk management Environment 1.1
• Risk Categories :

• Hazard (or pure) risks Hazard (or pure) risks.

• Operational risks.
• Financial risks.
• Strategic risks.
• These categories can be broken down into subcategories such as
project risk, financial reporting risk, and process risk.
• All of these risks become part of an organization’s overall
riskportfolio, which has its own individual Risk profile
 Risk management Environment 1.1
• Risk Management evolution:
• The failure of Enron and its accounting firm, Arthur Andersen, was
the catalyst for the 2002 Sarbanes-Oxley Act, which contains
• requirements for risk management controls to be disclosed and
discussed by public companies.
• In 2009, the United States Securities and Exchange Commission
issued rules requiring public corporations to disclose information
about risk and risk management, including the
• board’s role in risk oversight.
• The European Union has been working to adopt the Solvency II
and Basel III standards for risk management in financial
organizations
 Risk management Environment 1.1
• Risk Management evolution:

• Although risk management of accidental losses is historically the

most widely practiced type of risk management, the 2011 tsunami
in Japan revealed a need for a reevaluation of earthquake, flood,
and nuclear power risk management. This catastrophe also pointed
out a need for many organizations to evaluate and manage their
supply-chain risks.
 Risk management Environment 1.1
• Change in Risk Management landscape:

• Because of trends in technology, globalization, and finance, the risk

landscape has changed dramatically.
• Organizations operate in a global environment where they face
• Hazard risks such as earthquakes and floods,
• Political risks such as terrorism,
• Economic risks such as a recession, and
• Financial risk such as currency exchange rates
 Risk management Environment 1.1
• Change in Risk Management landscape:

• Risk has also increased because of certain techniques employed to

manage some of these risks, such as derivatives to manage
exchange rate or supply cost risks.
• Interconnection of these risks adds to their complexity and
potential effect on organizations.

• Exercise : Give examples of risks inter connections

 Risk management Environment 1.1
• Change in Risk Management landscape:

• Along with the rapidly evolving external risk management

landscape, organizations face increasing changes in their internal
risk management environment. Regulations requiring improved
risk management processes, compliance, and reporting.
Organizations face newer types of risk, such as cyber security risks,
reputational risks, social media risks etc.
• In its 2011 report on global risks, the World Economic Forum
concluded that the “interconnections between risks require us to
better understand the systems behind risks as well the risk context”
 Risk management Environment 1.1
• Risk Management Challenge :

• The challenge for risk management professionals is to navigate the

evolving risk management environment and develop processes that
will guide their organizations toward meeting their objectives.
• This challenge now involves a holistic approach and recognition of
the interconnections of external and internal risks within a rapidly
changing landscape
 Risk management Environment 1.1
• Glossary :

• Hazard risk : Risk from accidental loss , including the possibility of

loss or no loss.
• Risk Profile : A set of characteristics common to all risks in a
portfolio.

• References : ISO 31000 2017; COSO Executive summary.

• Peter L. Bernstein, Against the Gods: The Remarkable Story of
Risk (New York: John Wiley & Sons, Inc., 1998).
• Sarbannes Oxley Act.
Risk Management – Benefits 1.2
 Risk Management – Benefits 1.2
Introduction :
• Benefits of risk management for an organization and the
economy :
• All organizations face various risks simply by operating.
• Many risks result in a negative outcome only, such as the
possibility of accidental loss, and could prevent an organization
from meeting its objectives.
• Other risks can have either a positive or negative outcome, such as
a new product or a financial investment, and could help an
organization meet its objectives.
• There are various benefits to any organization in managing these
risks
 Risk Management – Benefits 1.2

• Benefits to any organization in managing these risks :

• 1) Reduce Cost of Hazard Risk :
• An organization’s cost of risk associated with a particular asset or
activity is the total of these :
• Costs of accidental losses not reimbursed by insurance or other
outside sources
• Premiums or expenses incurred for noninsurance indemnity.
• Costs of risk control techniques to prevent or reduce the size of
accidental losses
• Costs of administering risk management activities
 Risk Management – Benefits 1.2

• 1) Reduce Cost of Hazard Risk (Contd.) :

• Risk management aims to reduce the long-term overall cost of risk
for the organization.
• Reduction in the overall cost of risk can increase the organization’s
profits.
• Risk management also supports safety.

• 2) Reduce Deterrence Effects of Hazard Risks :

• Risk management reduces the deterrence effects of uncertainty
about potential future accidental losses by making these losses less
frequent, less severe, or more foreseeable
 Risk Management – Benefits 1.2
• 2) Reduce Deterrence Effects of Hazard Risks (Contd.) :
• Reduction in uncertainty benefits an organization in these ways:
• Alleviates management’s fears about potential losses, thereby
• Increasing the feasibility of ventures that once appeared too risky.
• Increases profit potential by greater participation in investment or
production activities
• Makes the organization a safer investment, and, therefore, more
attractive to suppliers of investment capital.
• Shareholders or other investors : an organization’s ability to
attract willing investors depends to a significant degree on the
effectiveness of its risk management program
 Risk Management – Benefits 1.2
• 3) Reduce Downside Risk:
• A company has downside risk whenever it introduces a new
product. A financial institution has downside risk every time it
makes a loan or an investment.
• Downside risks include delays, errors, cost increases, and the
failure of any aspect of the operation.
• To reduce downside risks, organizations can use stop-loss limits.
• An organization can have triggers in place whenever operations hit
a predetermined stop-loss limit, then review what happened and
determine the best course of action in view of the organization’s
risk appetite.
 Risk Management – Benefits 1.2
• 4) Intelligent Risk Taking :
• Successful organizations usually take risks to grow and increase
profit.
• Decisions regarding new opportunities should be based
• on the organization’s risk appetite, which is “the total exposed
amount that an organization wishes to undertake on the basis of
risk-return trade-offs for one or more desired and expected
Outcomes”.
• Risk management provides the organization with a framework to
analyze the risks associated with an opportunity and then to
manage those risks.
 Risk Management – Benefits 1.2
• 5) Maximize Profitability :
• Risk management can help an organization achieve the optimal
“risk-adjusted return” on capital. If an organization does not take
enough risk, its capital may be underutilized. However, if an
• organization takes on too much risk, it may exceed its capability to
withstand potential losses.
• Risk management provides an organization information to evaluate
the potential risk-adjusted return on its activities and to manage
the risks associated with those activities.
• Eg : Whether to increase its dividend to shareholders versus
investing in a new product.
 Risk Management – Benefits 1.2
• 6) Holistic Risk Management :
• Traditional risk management was conducted in silos within an
organization.
• This fragmented approach can miss critical risks to the
• organization and fails to provide senior management with a picture
of the organization’s risk portfolio and profile.
• Eg : A manufacturing organisation
• An integrated, holistic approach that manages risk across all levels
and function within an organization presents a more complete
picture of an organization’s risk portfolio and profile.
• This picture allows for better decisions and improved outcomes for
senior management
 Risk Management – Benefits 1.2
• 7) Legal and Regulatory Requirements :
• In 2009, the Securities and Exchange Commission (SEC)
approved a rule requiring corporate disclosure about risk.
• The Sarbanes-Oxley Act of 2002 requires both the management of
public companies and their auditors to assess and report on
financial risk and controls.
• The DoddFrank Act of 2010 requires that financial bank holding
companies and certain other public companies have a risk
committee, and at least one member of the committee must be a
risk management expert.
• Basel III and Solvency II in Europe also have risk-management
requirements for financial firms and insurers
 Risk Management – Benefits 1.2
• 8) Benefits for the Economy :
• The economy at both local and national levels incurs certain costs
associated with risk and its management, as well as uncertainty
about future losses.
• For example, a major hurricane can have widespread effects on the
national economy, not just on individual organizations.
• An economy’s cost of risk management includes the resources
consumed by or devoted to combating losses.

• Eg : Discuss the Effects

 Risk Management – Benefits 1.2
• 8) Benefits for the Economy (Contd.) :

• a) Reduced Waste of Resources :

• When a Cyclone or an earthquake demolishes a factory or destroys
a highway, that economy’s overall productive resources are
reduced.
• Risk management prevents or minimizes the waste of these
productive resources
• Allocating such resources is a cost because the resources cannot be
used for other purposes that could promote growth
 Risk Management – Benefits 1.2
• Benefits for the Economy (contd.) :
• b) Improved Allocation of Productive Resources :
• When economic uncertainty is reduced for individual
organizations, allocating productive resources is improved.
• c) Reduced Systemic Risk :
• The Dodd-Frank Act, Solvency II, and Basel III all have the
purpose of reducing systemic risk. If a systemically important
organization does not have an effective risk-management program,
that organization’s risks can result in failure not only for the
organization but also for the economy.
• Eg : The financial crisis of 2008-2009 cause widespread negative
consequences, such as recessions and high unemployment
 Risk Management – Benefits 1.2
• Glossary:
• Systemic risk : The potential for a major disruption in the function
of an entire market or financial system.
• Cost of Risk : The total cost incurred by an organisation because of
the possibilty of an accidental loss.

• References : Dodd Frank Act, Solvency II , Basel II and III

• Indian Acts and Regulations .
Risk Management – Objectives 1.3
 Risk Management - Objectives, Goals 1.3
• Introduction :

• Objectives and goals for managing risk :

• A structured, logical, and appropriate program is the foundation on
which an organization’s entire risk management effort rests.
• The support of an organization’s senior management is essential to
an effective risk management program.
• To gain that support, a risk management professional should design
a program with objectives and goals that align with the
organization’s overall objectives.
 Risk Management - Objectives, Goals 1.3
• Risk Management Objectives :
• Each organization should align its risk management objectives with
its overall objectives
• Common objectives for risk management are :
• a) Balancing risk and reward.
• b) Supporting decision-making.
• c) Reflect the organization’s risk appetite.
• d) The organization’s internal and external context.
• e) Risk objectives can emphasize certain goals, such as business
continuity, protection of reputation, or growth
 Risk Management - Objectives, Goals 1.3
• Risk Management Goals :

• The risk management program should have goals to manage the

risks that an organization will face.
• These goals should be incorporated into the risk management
framework and the process designed to meet a particular
organization’s objectives.
 Risk Management - Objectives, Goals 1.3
• Risk Management Goals :

• These are typical risk management goals:

• 1) Tolerable uncertainty.
• 2) Legal and regulatory compliance.
• 3) Survival.
• 4) Business continuity.
• 5) Earnings stability.
• 6) Profitability and growth.
• 7) Social responsibility.
• 8) Economy of risk management operation.
 Risk Management - Objectives, Goals 1.3

• 1) Tolerable Uncertainty :
• It means aligning risks with the organization’s risk appetite (“the
total exposed amount that an organization wishes to undertake
• on the basis of risk-return trade-offs for one or more desired and
expected outcomes”).
• Risk management programs should use measurements that align
with the organization’s overall objectives and take into account the
risk appetite of senior management.

• For example, value at value at risk (VaR).

 Risk Management - Objectives, Goals 1.3

• 2) Legal and Regulatory Compliance :

• Ensure that the organization’s legal obligations are satisfied. Such

legal obligations are typically based on these items:
• a) Standard of care that is owed to others.
• b) Contracts entered into by the organization.
• c) Central, state, district, local laws and regulations
• d) A risk management professional has an essential role in helping
the organization manage regulatory risk and the potential for
liability.
 Risk Management - Objectives, Goals 1.3

• 3) Survival :
• For risk management purposes, an organization can be viewed as a
structured system of resources such as financial assets, machinery
and raw materials, employees, and managerial leadership.
• The organization generates income for its employees and owners
by producing goods or services that meet others’ needs.
• Many risks can threaten the survival of an organization.
• Risk management professionals use techniques such as loss control
and risk transfer to manage hazard risks.
• financial risks such as the value of assets,
• competition, supply-chain risks, and technology .
 Risk Management - Objectives, Goals 1.3
• 4) Business Continuity :
• Continuity of operations is a key goal for many private
organizations and an essential goal for all public entities.
• To be resilient, an organization cannot interrupt its operations for
any appreciable time.
• Risk management professionals must have a clear, detailed
understanding of the specific operations for which continuity is
essential and the maximum tolerable interruption interval for each
operation
 Risk Management - Objectives, Goals 1.3

• Business Continuity (Contd.) :

• Steps an organization should take to provide business continuity
and, therefore, enhance resiliency are :
• a) Identify activities whose interruptions cannot be tolerated.
• b) Identify the types of accidents that could interrupt such activities
• c) Determine the standby resources that must be immediately
available to counter the effects of those accidents
• d) Ensure the availability of the standby resources at even the most
unlikely and difficult times
 Risk Management - Objectives, Goals 1.3

• 5) Earnings Stability :
• Earnings stability is a goal of some organizations.
• Rather than strive for the highest possible level of current profits
(or, for not-for-profit organizations, surpluses) in a given period,
some organizations emphasize earnings stability over time.
• Striving for earnings stability requires precision in forecasting
fluctuations in asset values; liability values; and risk management
costs, such as costs for insurance.
 Risk Management - Objectives, Goals 1.3

• 6) Profitability and Growth :

• An organization’s senior management might have established a
minimum amount of profit (or surplus) that no event should reduce.
• To achieve that minimum amount, risk management professionals
must identify the Risks that could prevent this goal from being
reached and Opportunities that can help the organisation achieve
this goal.
• Ex : For a supply-chain risk , help develop a backup plan.
• Emphasizing growth- Risk managers should also advise senior
management of the potential risk in different growth strategies that
the organization considers.
 Risk Management - Objectives, Goals 1.3

• 7) Social Responsibility :

• It includes the organization’s ethical conduct as well as the

philanthropic commitments that the owners of the organization
have made to the community and society as a whole.
• ESG commitments.
• Such activities enhance the organization’s reputation.
 Risk Management - Objectives, Goals 1.3

• Trade-Offs Among Goals :

• Although an organization’s risk management objectives and goals
are interrelated, sometimes they are not consistent with one
another.
• Ex : Advise senior management that a growth goal may not
• be achievable without adjusting either the risk appetite or the
growth strategy.
• Legality and social responsibility goals may conflict with the
economy of operations goal.
• Safety standards dictated by building codes, are nonnegotiable
 Risk Management - Objectives, Goals 1.3

Glossary :
Value at Risk : A thresh hold value such that the probability of loss on
the portfolio over the given time horizon exceeds this value, assuming
normal markets and no trading in the portfolio
 Risk Management - Objectives, Goals 1.3
• Risk Management Goals :
• Economy of Risk Management Operations :

• Risk management should operate economically and efficiently.

• One way to measure the economy of a risk management program is
through benchmarking,
Basic Risk measures 1.4
 Basic Risk Measures - 1.4
• Introduction :
• The physicist Lord Kelvin said, “To measure is to know” and “If
you cannot measure it, you cannot improve it.”
• Risk management requires Risk measures and measurement in
order to both know the nature of risks and manage them to help an
organization meet its objectives.
• Although it is not possible to measure all the risks that could
potentially affect an organization’s ability to meet its objectives,
• Quantifying those risks that can be measured should form the
basis of risk assessment.
• Ongoing measurement provides benchmarks to monitor and
evaluate the success of an organization’s risk management
program.
 Basic Risk Measures - 1.4
• Introduction :

• These are the basic measures that apply to risk management:

• 1) Exposure
• 2) Volatility
• 3) Likelihood
• 4) Consequences
• 5) Time horizon
• 6) Correlation
 Basic Risk Measures - 1.4

• 1) Exposure :
• Exposure provides a measure of the “maximum potential damage
associated with an occurrence”.
• The risk increases as the exposure increases, assuming the risk is
non-diversifiable.
• Ex : A bank underwrites mortgages to subprime borrowers.
• Underwriting home-owners policies in coastal areas.
• Data breach or Reputational risks, are not as easily quantified.
• The effect of reputational risk could be measured in terms of its
potential influence on an organization’s stock price, customer
loyalty, and employee turnover.
 Basic Risk Measures - 1.4

• 2) Volatiility :

• Risk increases as volatility increases. Volatility can often be

quantified.
• Ex : Stock Market, Commodities, Energy prices.
• Organizations that are highly dependent on fuel, use strategies such
as hedging to manage the risk associated with volatility.
 Basic Risk Measures - 1.4

• 3) Likelihood :
• “The likelihood of an occurrence” is a key measure in risk
management.
• The ability to determine the probability of an event mathematically
is the foundation of insurance and risk management.
• The term “likelihood” is used rather than “probability” because
probability analysis relies on the law of large numbers.
• Ex :Insurers and some other organizations can use the law of large
numbers to accurately determine the probability of various risks.
• Ex :Banks can determine and quantify the likelihood of default on a
loan based on credit scores and other factors in the bank’s extensive
data.
 Basic Risk Measures - 1.4

• 4) Consequences :
• The relationship between likelihood and consequences ie ( Prob.
* impact) is critical for risk management in assessing risk and
deciding whether and how to manage it.
• Therefore, organizations must determine to the extent possible ,the
likelihood of an event and then determine the potential
consequences if the event occurs.
• Consequences are the “measure of the degree to which an
occurrence could positively or negatively affect an organization”.
• The greater the consequences, the greater the risk.
 Basic Risk Measures - 1.4

• Consequences (Contd.) :
• Risks with high likelihood and minor consequences should usually
be managed through an organization’s routine business procedures.
• Risks with potentially major consequences should be managed
even if the likelihood of their occurrence is low.
• Risks with significant likelihood and major consequences require
significant, continuous risk management.
• Ex : An international bank faces exchange rate risk that is likely
and that could result in considerable losses. The bank may use
hedging strategies and other techniques to modify this type of risk.
 Basic Risk Measures - 1.4

• 5) Time Horizon :
• The time horizon of an exposure is another basic measure that is
applied in risk management.
• Ex : The time horizon associated with an investment risk, such as a
stock or bond, can be determined by specified bond duration or by
how quickly a stock can be traded.
• Longer time horizons are generally riskier than shorter ones.
• Ex. : a thirty-year mortgage is usually riskier for a bank than a
fifteen-year mortgage.
 Basic Risk Measures - 1.4

• Time Horizon (Contd.) :

• Diversification in financial investments can help manage the risks
associated with the time horizon of those investments.
• Ex. : An insurance company that matches the durations of its assets
(investments) and liabilities (loss reserves) neutralizes the risks
associated with time horizon.
• Ex. : When real estate prices are highly volatile, an organization
may defer an expansion strategy that involves a long-time horizon,
such as purchasing or building new facilities.
 Basic Risk Measures - 1.4

• 6) Correlation :
• A measure that should be applied to the management of an
organization’s overall risk portfolio.
• If two or more risks are similar, they are usually highly correlated.
• “The greater the correlation, the greater the risk.”
• Ex : If a bank makes mortgage loans primarily to the employees of
a local manufacturer and business loans primarily to that same
manufacturer, the bank’s loan risks are highly correlated.
• Ex. : Supply chain risks in the same geography .
• Diversification is a risk management strategy that can reduce the
risk of correlation.
 Basic Risk Measures - 1.4
• Risk management professionals should evaluate all of these
measures and their overall effect on an organization’s risk portfolio.
• Highly correlated risks with a high likelihood, major
• consequences, high volatility, and significant exposure over a long
time horizon should be a key focus of risk management.
• The Global financial crisis of 2007 resulted in part from the failure
to recognize or address this type of risk.
• Subprime mortgages represented highly correlated risk to the same
types of risky borrowers, large exposure with major consequences,
high volatility due to fluctuations in their market value (and in the
market value of the underlying real estate collateral), and a long
time horizon because of their duration.
 Basic Risk Measures - 1.4
• Glossary :

• Exposure : Any condition that presents a possibility of gain or loss,

whether or not an actual loss occurs.
• Volatility : Frequent fluctuations , such as the price of an asset.
• Law of Large Nos. : A mathematical principle stating that as the
number of similar but independent exposure units increases, the
relative accuracy of predictions about future outcomes (losses) also
increases.
• Time Horizon : Estimated Duration.
• Correlation : A relationship between variables .
Risk Classifications 1.5
 Risk Classifications - 1.5
• Introduction :
• Classifying the various types of risks can help an organization
understand and manage its risks.
• The categories should align with an organization’s objectives and
risk management goals.
• It can help with managing risk, because many risks in the same
• classification can be managed with similar techniques.
• Finally, classification helps with the administrative function of risk
management by helping to ensure that risks in the same
classification are less likely to be overlooked
 Risk Classifications - 1.5

• These classifications of risk are some of the most commonly used:

• 1) Pure and speculative risk

• 2) Subjective and objective risk
• 3) Diversifiable and non-diversifiable risk.
• 4) Systemic risks
• 5) Quadrants of risk (hazard, operational, financial, and strategic).

• These classifications are not mutually exclusive and can be applied

to any given risk
Risk Classifications - 1.5
 Risk Classifications - 1.5

• 1) Pure and speculative risk :

• A pure risk pure risk is a “chance of loss or no loss, but no chance
of gain.”
• For example, the owner of a commercial building faces the risk
associated with a possible fire loss.
• Speculative risk speculative risk “involves a chance of gain.”
• As a result, it can be desirable.
• Every business venture involves speculative risks.
• Ex : An investor who purchases an apartment building to rent to
tenants expects to profit from this investment, so it is a desirable
speculative risk.
 Risk Classifications - 1.5

• Speculative risk (contd.) :

• Speculative risks :
• Price risk—Uncertainty over the size of cash flows resulting from
possible changes in the cost of raw materials and other inputs (such
as lumber, gas, or electricity), as well as cost related changes in the
market for completed products and other outputs.
• Credit risk—Although a credit risk is particularly significant for
banks and other financial institutions, it can be relevant to any
organization with accounts/Loan/Payment dues receivable.
• Financial investments - Purchase of stock shares, involve a
distinct set of speculative risks.
Risk Classifications - 1.5
 Risk Classifications - 1.5

• Insurance deals primarily with risks of loss, not risks of gain; that
is, with pure risks rather than speculative risks.
• However, the distinction between these two classifications of risk is
not always precise—many risks have both pure and speculative
aspects.
• Distinguishing between pure and speculative risks is important
because those risks must often be managed differently.
• For example, although a commercial building owner faces a pure
risk from causes of loss such as fire, he or she also faces the
speculative risk that the market value of the building will increase
or decrease during any one year.
 Risk Classifications - 1.5

• Similarly, although an investor who purchases an apartment

building to rent to tenants faces speculative risk because rental
income may produce a profit or loss, the investor also faces a pure
risk from causes of loss such as fire.
• To properly manage these investments, the commercial building
owner and the apartment owner must consider both the speculative
and the pure risks.
• For example, they may choose to manage the pure risk by buying
insurance or taking other measures to address property loss
• exposures. The speculative risk might be managed by obtaining a
favorable mortgage and maintaining the property to enhance its
resale value.
 Risk Classifications - 1.5

• 2) Subjective and Objective Risk :

• When individuals and organizations must make a decision that
involves risk, they usually base it on the individual’s or
organization’s assessment of the risk.
• The assessment can be based on opinions, which are subjective, or
facts, which are objective.
• Subjective risk assessment may be quite different from the actual
underlying risk that is present.
• The closer an individual’s or organization’s subjective
interpretation of risk is to the objective risk, the more effective its
risk management plan will likely be.
 Risk Classifications - 1.5

• Subjective and Objective Risk (contd.) :

• The reasons that subjective and objective risk can differ
substantially include these :
• Familiarity and control
• Consequences over likelihood
• Risk awareness
• Both risk management and insurance depend on the ability to
objectively identify and analyze risks. However, subjectivity is also
necessary because facts are often not available to objectively assess
risk
 Risk Classifications - 1.5

• 3) Diversifiable and Non-diversifiable Risk :

• a) Diversifiable Risks :
• Not highly correlated and can be managed through diversification,
or spread, of risk.
• Ex. : of a diversifiable risk is a fire, which is likely to affect only
one or a small number of businesses.
• Similarly, business investors often diversify their holdings, as
opposed to investing in only one business, hoping those that
succeed will more than offset those that fail.
 Risk Classifications - 1.5

• Diversifiable and Nondiversifiable Risk (contd.) :

• b) Non_Diversifiable Risks :
• Examples of non-diversifiable risks able risks include inflation,
unemployment, and natural disasters such as hurricanes. Non-
diversifiable risks are correlated—that is, their gains or losses tend
to occur simultaneously rather than randomly.
• For example, under certain monetary conditions, interest rates
increase for all firms at the same time. Fed rate, RBI rate
• If an insurer were to insure firms against interest rate increases, it
would not be able to diversify its portfolio of interest rate risks by
underwriting a large number of insureds, because all of them would
suffer losses at the same time.
 Risk Classifications - 1.5

• 4) Systemic Risks :
• Generally non-diversifiable. For example, if excess leverage by
financial institutions causes systemic risk resulting in an event that
disrupts the financial system, this risk will have an effect on the
entire economy and, therefore, on all organizations.
• Because of the global interconnections in finance and industry,
many risks that were once viewed as non-systemic (affecting only
one organization) are now viewed as systemic.
• For instance, many economists view the failure of Lehman
Brothers in early 2008 as a trigger event: highlighting that the
systemic risk in the banking sector that resulted in the financial
crisis
 Risk Classifications - 1.5

• 5) Quadrants of Risk: Hazard, Operational,Financial, and

Strategic :
• One approach involves dividing them into risk quadrants:
 Risk Classifications - 1.5

• Quadrants of Risk :
• Hazard risks : arise from property, liability, or personnel loss
exposures and are generally the subject of insurance.
• Operational risks : fall outside the hazard risk category and arise
from people or a failure in processes, systems, or controls,
including those involving information technology.
• Financial risks : arise from the effect of market forces on financial
assets or liabilities and include market risk, credit risk, liquidity risk
liquidity risk, and price risk.
• Strategic risks :arise from trends in the economy and society,
including changes in the economic, political, and competitive
environments, as well as from demographic shifts.
 Risk Classifications - 1.5

• Quadrants of Risk (contd.) :

• Hazard and operational risks are classified as pure risks, and
financial and strategic risks are classified as speculative risks.
• The focus of the risk quadrants is different from the risk
classifications previously discussed.
• Whereas the classifications of risk focus on some aspect of the risk
itself, the four quadrants of risk focus on the risk source and who
traditionally manages it.
• For example, the chief financial officer traditionally manages
financial risk, and the risk manager traditionally manages hazard
risk.
 Risk Classifications - 1.5

• Quadrants of Risk (contd.) :

• Just as a particular risk can fall into more than one classification, a
risk can also fall into multiple risk quadrants.
• Ex : Embezzlement of funds by an employee can be considered
both a hazard risk, because it is an insurable pure risk, and an
operational risk, because it involves a failure of controls
Risk Classifications - 1.5
 Risk Classifications - 1.5

• Quadrants of Risk (contd.):

• Organizations define types of risk differently.

• Some organizations consider legal risks as operational risk, and
some may characterize certain hazard risks as operational risk.
Financial institutions generally use the categories of market, credit,
and operational risk (defined as all ther risk, including hazard risk).
• Each organization should select categories that align with its
objectives and processes
 Risk Classifications - 1.5

• Case Study :

• The New Company manufactures electronic consumer products.

• The company’s manufacturing plant is highly automated and
located in the United States. However, it purchases components
from three companies in Asia. The majority of its sales are in the
U.S., but European sales represent a growing percentage.
• Describe the types of risk New Company would have in each of the
four risk quadrants.
 Risk Classifications - 1.5

• Case Study :
• Review: In the hazard risk quadrant, New Company would have
property damage risks to its plant and equipment resulting from
fire, storms, or other events.
• It would also have risk of injury to its employees and liability risks
associated with its products.
• In the operational risk quadrant, New Company would have risks
from employee turnover or the inability to find skilled employees.
It would also have business process risk related to how it manages
its supply chain and information technology risk related to its
automated manufacturing process.
 Risk Classifications - 1.5

• Case Study :
• Review :
• In the financial risk quadrant, New Company would have
exchange rate risk related to its European sales.
• It would also have price risk for raw materials and supplies.
• Strategic risks include competition, economic factors that could
affect consumer demand, and
• the political risk arising from countries in which the company’s
component suppliers are located.
 Risk Classifications - 1.5

• Glossary :
• Pure Risk : A chance of loss or no loss, but no chance of gain.
• Speculative Risk :A chance of loss, no loss, or gain.
• Credit Risk : The risk that customers or other creditors will fail to
make promised payments as they come due.
• Subjective Risk :The perceived amount of risk based on an
individual's or organization’s opinion.
• Objective Risk :The measurable variation in uncertain outcomes
based on facts and data.
• Diversifiable Risks :A risk that affects only some individuals,
businesses, or small groups.
 Risk Classifications - 1.5

• Glossary :
• Non-Diversifiable Risks : A risk that affects a large segment of
society at the same time.
• Systemic Risk :The potential for a major disruption in the function
of an entire market or financial system.
• Market Risk :Uncertainty about an investment’s future value
because of potential changes in the market for that type of
investment.
• Liquidity Risk : The risk that an asset cannot be sold on short
notice without incurring
88