Risk is defined as the effect of uncertainty on objectives (whether positive or negative). Financial risk in an organization is the possibility that the outcome of an action or event could bring up adverse impacts. Such outcomes could either result in a direct loss of earnings / capital or may result in imposition of constraints on an organization’s ability to meet its business objectives. Risks are usually defined by the adverse impact on profitability of several distinct sources of uncertainty. The types and degree of risks an organization may be exposed to depends upon a number of factors such as its size, complexity business activities and volume.

Risk management can therefore be considered the identification, assessment, and prioritization of risks followed by coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events or to maximize the realization of opportunities. It should address methodically all the risks surrounding the organization’s activities past, present and in particular, future.

It must be integrated into the culture of the organization with an effective policy and a programme led by the most senior management. It must translate the strategy into tactical and operational objectives, assigning responsibility throughout the organization with each manager and employee responsible for the management of risk as part of their job description. It supports accountability, performance measurement and reward, thus promoting operational efficiency at all levels. Risk Management is a discipline at the core of every financial institution and encompasses all the activities that affect its risk profile. It involves identification, measurement, monitoring and controlling risks to ensure that a) The individuals who take or manage risks clearly understand it. b) The organization’s Risk exposure is within the limits established by Board of Directors. c) Risk taking Decisions are in line with the business strategy and objectives set by BOD. d) The expected payoffs compensate for the risks taken e) Risk taking decisions are explicit and clear. f) Sufficient capital as a buffer is available to take risk Risk management as commonly perceived does not mean minimizing risk; rather the goal of risk management is to optimize risk-reward trade -off. Notwithstanding the fact that financial

volatility and project opportunity/threat • contributing to more efficient use/allocation of capital and resources within the organisation • reducing volatility in the non essential areas of the business • protecting and enhancing assets and company image • developing and supporting people and the organisation’s knowledge base optimising operational efficiency Risk Management Process • Organizations Strategic Objective . it should be recognized that an institution need not engage in business in a manner that unnecessarily imposes risk upon it: nor it should absorb risk that can be transferred to other participants. Risk management protects and adds value to the organisation and its stakeholders through supporting the organisation’s objectives by: • providing a framework for an organisation that enables future activity to take place in a consistent and controlled manner • improving decision making. Rather it should accept those risks that are uniquely part of the array of bank’s services. planning and prioritisation by comprehensive and structured understanding of business activity.institutions are in the business of taking risk.

• Risk Assessment • Risk Analysis o Identification o Description o Estimation • Risk Evaluation • Risk Reporting o Threats o Opportunities • Decision • Risk Treatment • Residual Risk Reporting • Monitoring Risk Assessment Risk Assessment is defined by the ISO/IEC Guide 73 as the overall process of risk analysis and risk evaluation Risk Analysis Includes Identification. Description and Estimation Identification .

including factors critical to its success and the threats and opportunities related to the achievement of these objectives. as well as the development of a sound understanding of its strategic and operational objectives. political and cultural environment in which it exists. Risk Identification Techniques – examples • Brainstorming • Questionnaires • Business studies which look at each business process and describe both the internal processes and external factors which can influence those processes • Industry benchmarking • Scenario analysis • Risk assessment workshops . All associated volatility related to these activities should be identified and categorized. This requires an intimate knowledge of the organisation. the market in which it operates.Risk identification sets out to identify an organisation’s exposure to uncertainty. the legal. Risk identification should be approached in a methodical way to ensure that all significant activities within the organization have been identified and all the risks flowing from these activities defined. social.

formulating strategy and policies for managing risks and establish adequate systems and controls to ensure that overall risk remain within acceptable level and the reward compensate for the risk taken. It is important to incorporate risk management at the conceptual stage of projects as well as throughout the life of a specific project. Strategic level: It encompasses risk management functions performed by senior management and BOD. for example. project/tactical.• Incident investigation • Auditing and inspection • HAZOP (Hazard & Operability Studies) Risk Description The objective of risk description is to display the identified risks in a structured format. it should be possible to prioritise the key risks that need to be analysed in more detail. . The risk description table overleaf can be used to facilitate the description and assessment By considering the consequence and probability of each of the risks set out in the table. ascertaining institutions risk appetite. by using a table. operational. For instance definition of risks. Identification of the risks associated with business activities and decision making may be categorised as strategic.

Generally the risk management activities performed by middle management or units devoted to risk reviews fall into this category. Probability may be high. For example. Risk Analysis methods and techniques A range of techniques can be used to analyse risks.Macro Level: It encompasses risk management within a business area or across business lines. Different organisations will find that different measures of consequence and probability will suit their needs best.1). Risk Analysis Methods and Techniques – examples . This is the risk management activities performed by individuals who take risk on organization’s behalf such as front office and loan origination functions. semiquantitative or qualitative in terms of the probability of occurrence and the possible consequence. medium or low (see table 4. Risk Estimation Risk estimation can be quantitative. These can be specific to upside or downside risk or be capable of dealing with both. consequences both in terms of threats (downside risks) and opportunities (upside risks) may be high. medium or low but requires different definitions in respect of threats and opportunities.3. The risk management in those areas is confined to following operational procedures and guidelines set by management. Micro Level: It involves ‘On-the-line’ risk management where risks are actually created.

Technological) analysis • Real Option Modelling • Decision taking under conditions of risk and uncertainty • Statistical inference • Measures of central tendency and dispersion • PESTLE (Political Economic Social Technical Legal Environmental) Downside risk • Threat analysis • Fault tree analysis • FMEA (Failure Mode & Effect Analysis) . Social. Opportunities.Upside risk • Market survey • Prospecting • Test marketing • Research and Development • Business impact analysis Both • Dependency modelling • SWOT analysis (Strengths. Political.Weaknesses. Economic.Threats) • Event tree analysis • Business continuity planning • BPEST (Business.

it is necessary to compare the estimated risks against risk criteria which the organisation has established.Risk Profile The result of the risk analysis process can be used to produce a risk profile which gives a significance rating to each risk and provides a tool for prioritising risk treatment efforts. This process allows the risk to be mapped to the business area affected. legal requirements. socioeconomic and environmental factors. Risk evaluation therefore. Risk Reporting and Communication Internal Reporting . is used to make decisions about the significance of risks to the organisation and whether each specific risk should be accepted or treated. concerns of stakeholders. Accountability helps to ensure that ‘ownership’ of the risk is recognised and the appropriate management resource allocated. describes the primary control procedures in place and indicates areas where the level of risk control investment might be increased. decreased or reapportioned.The risk criteria may include associated costs and benefits. etc. This ranks each identified risk so as to give a view of the relative importance. Risk Evaluation When the risk analysis process has been completed.

progress towards objectives . The Board of Directors should: • know about the most significant risks facing the organisation • know the possible effects on shareholder value of deviations to expected performance ranges • ensure appropriate levels of awareness throughout the organisation • know how the organisation will manage a crisis • know the importance of stakeholder confidence in the organisation • know how to manage communications with the investment community where applicable • be assured that the risk management process is working effectively • publish a clear risk management policy covering risk management philosophy and responsibilities Business Units should: • be aware of risks which fall into their area of responsibility.Different levels within an organisation need different information from the risk management process. the possible impacts these may have on other areas and the consequences other areas may have on them • have performance indicators which allow them to monitor the key business and financial activities.

Risk Treatment . forecasts and budgets) • have systems which communicate variances in budgets and forecasts at appropriate frequency to allow action to be taken • report systematically and promptly to senior management any perceived new risks or failures of existing control measures Individuals should: • understand their accountability for individual risks • understand how they can enable continuous improvement of risk management response • understand that risk management and risk awareness are a key part of the organisation’s culture • report systematically and promptly to senior management any perceived new risks or failures of existing control measures External Reporting A company needs to report to its stakeholders on a regular basis setting out its risk management policies and the effectiveness in achieving its objectives.g. Increasingly stakeholders look to organisations to provide evidence of effective management of the organisation’s non-financial performance in such areas as community affairs. health and safety and the environment. human rights. employment practices.and identify developments which require intervention (e.

An organisation must understand the applicable laws and must implement a system of controls to achieve compliance. Risk treatment includes as its major element. Any system of risk treatment should provide as a minimum: • effective and efficient operation of the organisation • effective internal controls • compliance with laws and regulations.There is only occasionally some flexibility where the cost of reducing a risk may be totally disproportionate to that risk. (Example is SOX and BASEL) .Risk treatment is the process of selecting and implementing measures to modify the risk. risk financing. risk transfer. They will need to prioritise risk control actions in terms of their potential to benefit the organisation. Compliance with laws and regulations is not an option. The risk analysis process assists the effective and efficient operation of the organization by identifying those risks which require attention by management. Cost effectiveness of internal control relates to the cost of implementing the control compared to the risk reduction benefits expected. Effectiveness of internal control is the degree to which the risk will either be eliminated or reduced by the proposed control measures. risk avoidance. but extends further to. for example. risk control/mitigation. etc.

It should be remembered that organisations are dynamic and operate in dynamic environments.Residual Risk Reporting The level of risk faced by an organisation after internal controls have been applied is known as the net or residual risk. The monitoring process should provide assurance that there are appropriate controls in place for the organisation’s activities and that the procedures are understood and followed. Monitoring and Review of the Risk Management Process Effective risk management requires a reporting and review structure to ensure that risks are effectively identified and assessed and that appropriate controls and responses are in place. Regular audits of policy and standards compliance should be carried out and standards performance reviewed to identify opportunities for improvement. Any monitoring and review process should also determine whether: . Controls will not eliminate the risk but help to manage it. therefore this is also known as the organisation's "exposure to risk". Changes in the organisation and the environment in which it operates must be identified and appropriate modifications made to systems. Changes in the organisation and the environment in which it operates must be identified and appropriate changes made to systems.

financial risk management requires identifying its sources. and then implement the steps necessary to alleviate the risk. These risks are typically remedied by using certain financial instruments as a method of counteracting possible ramifications. and plans to address them. measuring it. evaluate all possible remedies. Financial risk management cannot prevent a firm from all possible risks because some are unexpected and cannot be addressed quickly enough. Similar to general risk management.• the measures adopted resulted in what was intended • the procedures adopted and information gathered for undertaking the assessment were appropriate • improved knowledge would have helped to reach better decisions and identify what lessons could be learned for future assessments and management of risks Financial risk management is a process of evaluating and managing current and possible financial risk at a firm as a method of decreasing the firm's exposure to the risk. Financial risk managers must identify the risk. How does financial risk arises • Pressure from shareholders • Management working for bonuses • Good ratings from moodys etc • Better share prices .

Credit risk is closely tied to the potential return of an investment.Credit Risk The risk of loss of principal or loss of a financial reward stemming from a borrower's failure to repay a loan or otherwise meet a contractual obligation. Credit risk arises whenever a borrower is expecting to use future cash flows to pay a current debt. The value of investments may decline over a given time period simply . Also referred to as "systematic risk". Moody's and Fitch evaluate the credit risks of thousands of corporate issuers and municipalities on an ongoing basis. Market Risk The day-to-day potential for an investor to experience losses from fluctuations in securities prices. Investors are compensated for assuming credit risk by way of interest payments from the borrower or issuer of a debt obligation. Credit risks are calculated based on the borrowers' overall ability to repay. the higher the rate of interest that investors will demand for lending their capital. This risk cannot be diversified away. This calculation includes the borrowers' collateral assets. Credit risks are a vital component of fixed-income investing. The beta of a stock is a measure of how much market risk a stock faces Risk which is common to an entire class of assets or liabilities. the most notable being that the yields on bonds correlate strongly to their perceived credit risk. which is why ratings agencies such as S&P. revenue-generating ability and taxing authority (such as for government and municipal bonds). The higher the perceived credit risk.

but she is uncertain as to its market value a week from today. swaps and most exotic derivatives are also traded OTC. A trader holds a portfolio of commodity forwards. also called systematic risk. Liquidity Risk . If someone wants to buy or sell a bond. In its simplest form. two parties might agree today to exchange 500.A forward contract—or forward—is an OTC derivative. These instruments are called exchange traded. Market risk is exposure to the uncertain market value of a portfolio. it is a trade that is agreed to at one point in time but will take place at some later time. they call the bank that makes a market in that bond and ask for quotes. including forwards. She faces market risk. Many derivative instruments. For example. Some financial or commodities instruments are traded on established exchanges. large financial institutions serve as derivatives dealers. Examples include most highly-capitalized stocks.because of economic changes or other events that impact large portions of the market. In these markets. which trade on exchanges such as the New York Stock Exchange. She knows what its market value is today.08 a barrel three months from today.000 barrels of crude oil for USD 42. which trade on futures exchanges such as the Chicago Board of Trade. Most debt instruments are traded OTC with investment banks making markets in specific issues. and futures. Asset allocation and diversification can protect against market risk because different portions of the market tend to underperform at different times. An instrument is traded over-the-counter (OTC) if it trades in some context other than a formal exchange. customizing derivatives for the needs of clients.

Unfortunately. and is an important consideration to make when looking at potential investment decisions. A form of risk that summarizes the risks a company or firm undertakes when it attempts to operate within a given field or industry. people and systems or from external events. Operational risk can be summarized as human risk. Operational Risk the risk of direct or indirect loss resulting from inadequate or failed internal processes. and includes risks resulting from breakdowns in internal procedures. it is the risk of business operations failing due to human error. Operational risk will change from industry to industry. while other assets are highly illiquid and have high liquidity risk (such as a house). . Industries with lower human interaction are likely to have lower operational risk. people and systems. Some assets are highly liquid and have low liquidity risk (such as stock of a publicly traded company). An investment may sometimes need to be sold quickly. an insufficient secondary market may prevent the liquidation or limit the funds that can be generated from the asset. Operational risk is the risk that is not inherent in financial. systematic or market-wide risk.The risk that arises from the difficulty of selling an asset. It is the risk remaining after determining financing and systematic risk.

civil money penalties. rules. Regulatory Risk The risk associated with the potential for laws related to a given industry. payment of damages. and the voiding of contracts. reduced franchise value. and procedures. or nonconformance with. country. sector or market. utilities face a significant amount of regulation in the way they operate. For this reason. . For example. including the quality of infrastructure and the amount that can be charged to customers. and an inability to enforce contracts. The risk that a change in laws and regulations will materially impact a security. Compliance risk also arises in situations where the laws or rules governing certain bank products or activities of the Bank’s clients may be ambiguous or untested. reduced expansion potential. business. regulations. or ethical standards. prescribed practices.Compliance Risk Compliance risk is the current and prospective risk to earnings or capital arising from violations of. laws. reduce the attractiveness of investment and/or change the competitive landscape. This risk exposes the institution to fines. limited business opportunities. internal policies. A change in laws or regulations made by the government or a regulatory body can increase the costs of operating a business. Compliance risk can lead to diminished reputation. or type of security to change and impact relevant investments.

Buffet) . if it were to be changed. It exists in the minds of both those with whom we interact directly. It changes all the time.these companies face regulatory risk that can arise from events .” (W. such as bankruptcy.that may make operating the business more difficult. and in the minds of those who become aware of us as word of our actions circulates. While this is an unlikely change. the impact on the stock market would be material as this would force investors to either meet the new margin requirements or sell off their margined positions.such as a change in the fees they can charge . and potential legal proceedings. Legal Risk A description of the potential for loss arising from the uncertainty of legal proceedings. Another type of regulatory risk would be a change by the government in the amount of margin that investment accounts are able to have. Reputational Risk What Is Reputation? The reputation of any individual or organization of any size is complex. reflecting both the things we say and do an the trends and events that change the way our words and actions are interpreted “It takes twenty years to build a reputation and five minutes to destroy it.

therefore. you must be aware of your personal risk tolerance when choosing investments for your portfolio.“If you lose dollars for the firm. whereas high levels of uncertainty (high risk) are associated with high potential returns. capital and reputation. the last is the most difficult to restore. if you want to make money. I will be ruthless.Systematic risk influences a large number of assets. Unsystematic Risk .” (Goldman Sachs Business Principles) What Does Risk-Return Tradeoff Mean? The principle that potential return rises with an increase in risk. Because of the risk-return tradeoff. An example is news that affects a specific stock such as a . If any of these are ever diminished. could affect several of the assets in your portfolio. invested money can render higher profits only if it is subject to the possibility of being lost. Buffet) “Our assets are our people. but still allows you to sleep at night.” (W. Taking on some risk is the price of achieving returns. This kind of risk affects a very small number of assets. A significant political event. for example. It is virtually impossible to protect yourself against this type of that generates some profit.Unsystematic risk is sometimes referred to as "specific risk". Systematic Risk . The goal instead is to find an appropriate balance . If you lose reputation. Low levels of uncertainty (low risk) are associated with low potential returns. you can't cut out all risk. According to the riskreturn tradeoff. I will be understanding.

Diversification is the only way to protect yourself from unsystematic risk. . (We will discuss diversification later in this tutorial).sudden strike by employees.

Sign up to vote on this title
UsefulNot useful