This action might not be possible to undo. Are you sure you want to continue?
Risk Management is the process of measuring, or assessing risk and developing strategies to manage it, the practice by which a firm optimizes the manner in which it takes business risks is called risk management. The point of risk management is not to eliminate it; that would eliminate reward. Hence this Risk needs to be managed.
Fundamentals of Good Risk Management
BOOM TIME DOOM?
Easy for managers to forget about risk There are external as well as internal risks associated with success and it should incite managers to identify the level of internal risk exposure. Many businesses focus on performance while failing to recognize the importance of risk and control activities.
Risk appetite, at the organizational level, is the amount of risk exposure, or potential adverse impact from an event, that the organization is willing to accept/retain. Once the Risk Appetite threshold has been breached, risk management treatments and business controls are implemented to bring the exposure level back within the accepted range. The design of a risk appetite framework does not have to start from scratch. It should build on and unify existing risk and business management processes and reports. Approaches ± TOP DOWN or BOTTOM UP APPROACH The µtop-down¶ desired risk profile must be compared with the µbottom-up¶ reality Organisations use different ways to measure their Risk Appetite, ranging from simple qualitative measures such as defining risk categories and setting target levels around these, to developing complex quantitative models of economic capital and earnings volatility. Again, risk appetite is not a magic number, nor always quantifiable. It is dependent upon the aims of the business and what risks have to be taken to achieve those aims. The final aspect of risk appetite is the target risk/reward balance of the organization. Organizations setting a lower risk/reward premium will be able take on a wider range of opportunities, thus potentially building a larger organization, albeit one with a lower return on capital.
lagging or current in nature. The number of customer complaints is an example of a risk indicator.KEY RISK INDICATORS Key Risk Indicators (KRIs) ± relate to a specific risk and demonstrate a change in the likelihood or impact of the risk event occurring. As customer complaints increase. KRIs Benefits Include: Understand how the risk profile changes in different circumstances Appreciate how risk moves and is affected the business environment Focus attention on risk drivers that are most volatile Ensure controls around the drivers are robust and effective Gain a forward looking perspective on the current risk profile Understand the early warning signals for emerging risks Indictors can be leading. . Most managers want leading or preventative indicators ± to predict problems far enough in advance to prevent or eliminate them or at least mitigate the damage. the probability that there are some underlying and potentially systemic mistakes and errors of judgement being made is likely to rise.
transparency and completeness.All companies face the challenge of developing leading indicators that can effectively provide early warnings of potential future losses. the challenge is to implement KRIs in such a way as to improve consistency. across the industry. relevance. The challenges posed by KRIs include: Absence of data base of known loss events Tendency to focus on well-known risks Can be costly to implement and maintain People can only manage KRIs they understand Incorrect interpretation of data Use of lagging indicators Requires a good understanding of the risk cause (for likelihood drivers) and consequence (for impact drivers) Usefulness varies from risk to risk Out of date indicators Organisational risk maturity and culture . To achieve this. Clearly. some standardisation is required across the firm and.
RISK MANAGEMENT PROCESS Monitor Control Assess Risks Identify Risks Set Objectives .
Risk Manager: He is the risk management process owner. He is responsible to ensures the implementation and compliance with the risk management policy and process.monitoring. but only oversees the risk management process. Chief Risk Officer: The CRO oversights. Audit committee: It ensures adequacy of control framework to manage risks across the organisation . advices. It also promotes and implement monitoring of risk management strategies and policies.Roles and Responsibilities Chief Executive Officer: The CEO ensures the implementation of risk management framework and process and ongoing risk assessment of risks. Risk Management Committee: The RMC defines the risk management policy framework and process. and communicates information regarding the risk appetite of the organisation. He also promotes risk culture and ensures the risk management process is sustained organisation wide. He is not a manager of risk. .
TYPES OF RISKS .
Some of the events that could lead to operational risk include: .OPERATIONAL RISK MANAGEMENT Operational risks: Control risks + Inherent risks for which controls are not in place.
pricing of operational risks for each line of business. Effective internal audit function. including security policy. assurance and effective internal audit. which includes measurement of losses. effective internal controls. RAROC ( Riskadjusted Return on Capital) and measuring capital requirement. STEPS TO MANAGE OPERATIONAL RISK 1. compliance.account for the unexpected losses and to predict them over extended periods. Pricing of operational risk management. Prepare a Risk Plan a) Casual Model . . internal controls and risk management.identify the expected losses and establish relationships between losses and events b) Predictive Model .HOW TO MANAGE OPERATIONAL RISK Operational risk can be divided into three functions: Efficient and effective maintenance of business infrastructure that mostly consists of information systems. which includes assurance about integrity of information systems.
including internal and external audits of systems. processes and controls (this includes IS audit and assurance) Setting up operational risks limits (so businesses will have to reduce one or more of frequency of loss." gives an ability to intervene in the environment and b) c) d) e) f) g) h) i) j) implement the necessary controls. Implementation of Risk Mitigation Techniques: a) Causality . severity of loss or size of operations) Setting up independent operational risk management departments Establishing a disaster recovery plan and backup systems Insurance Outsourcing operations with strict service level agreements so operational risk is transferred .Knowing "what causes what. b) Bottom Up Approach . 3.risks are analyzed for each line of business and their occurrence and losses incurred are identified and measured. Identification and Measurement of Operational Risks: a) Top Down Approach ± financial data from the balance sheet and profit and loss accounts are converted into a risk amount.2. Self assessment Calculating reserves and capital requirements Creating culture supportive of risk mitigation Strengthening internal controls.
Forecasting and Prediction: Every business has to identify the events most relevant to it. . ³VaR´ (Value at Risk) and Scenario Analysis are used as techniques for prediction by taking historical data or simulation and qualitative factors.4. The whole exercise of the operational risk management is the exercise to identify events that are likely to cause losses.
acquisitions. the overall profile of risk management and internal controls has increased. such as information technology. and international ventures Interpreting and reconciling the volume and disparity of risk and control information from across the enterprise Maintaining proper investment and alignment in risk management and internal control approach. Some of the key challenges include: Increasing expectations for effective risk coverage. executive management. career planning. knowledge. and working to implement major change initiatives. sharing of leading practices. technology. major capital programs. resulting in greater responsibilities for those who manage enterprise risk. and retention for experienced risk management and internal control professionals Adding benefit through process and control improvement recommendations. development. and stakeholder demands for stronger corporate governance and transparency Providing risk coverage in areas requiring specialized knowledge. contracts. driven especially by audit committees. .RISK MANAGEMENT AND INTERNAL CONTROLS In today¶s business environment. and learning programs Addressing the ³war for talent´ through staff recruitment. fraud.
RISK MANAGEMENT AND INTERNAL CONTROL In a recent survey. 42% of the companies that responded believe they have key risks that are not being formally managed. .
are reflected in the diagram below: .´ ³People.FRAMEWORK FOR RISK AND CONTROL The three primary components of a risk and control framework include ³Governance.´ and related subcomponents.´ and ³Methods and Practices.
Flood.INFORMATION SYSTEM RISK MANAGEMENT The cardinal rule of security is that ± ³No one thing makes a computer secure´ Types of System Risk I. Intentional Threats Natural Calamities like Fire. etc Energy variations Hardware failures Unauthorized access Unauthorized alteration to data Leakage of sensitive information . Earthquake. Accidental Threats II.
a signal may be sent automatically to permanently manned fire station. When a fire alarm is activated. Use sprinkler system/ halogen gas to put off fire. Place master switches for power. Following are the major features of a well-designed fire protection system: Installation of both automatic and manual fire alarms at strategic locations. Place smoke detectors.ACCIDENTAL THREATS Fire damage: Fire is a major threat to the physical security of a computer installation. All staff members should know how to use the system. Fire extinguishers and fire exits should be clearly marked. . Installation of manual fire extinguishers at strategic locations.
cyclones. In flood areas have the installation above the high water level. Use a dry pipe automatic sprinkler system. Cover hardware with a protective fabric when it is not in use.Water damage: Water damage to a computer installation can be the outcome of a fire. etc. It may also result from other resources such as floods. Have a master switch for all water mains. Some of the major ways of protecting the installation against water damage are as follows: Have waterproof ceilings and walls. . the specific system sprays water that enters hardware. Ensure an adequate drainage system exists.
ENERGY VARIATION Energy Variations Increase in power Loss of power Temporary Sustained Temporary Sustained Stabilizer/ Voltage Regulator Circuit breakers Battery Back-Up Generator .
or flood. Backing-up data: Backing up data is the single most important step in preventing data loss. Develop a written backup plan Your database and accounting files are your most critical data assets. break-in. Ideally. For most organizations. They should be backed up before and after any significant use. . yet many organizations learn this lesson the hard way. Following are some rules of thumb to guide you in developing a solid backup strategy. There could also be cases of system failures which cause the whole segment of memory to be dumped to disks and printers resulting in unintentional disclosure of confidential information.Hardware Failures: There are cases when hardware failures cause the operating system to crash. By far the best method of taking a back-up is replication of data to an off-site location using local mirrors of systems. Regular backups are vital insurance against a data-loss catastrophe. this means backing up these files daily. you should store your backups in a safety-deposit box. Store a copy of your backups off-site to insure against a site-specific disaster such as a fire. Nonprofits that do a lot of data entry should consider backing up their databases after each major data-entry session.
Back-up Plan . policies and procedures related to preparing for recovery of technology and infrastructure critical to an organization after a natural or human-induced disaster. Emergency Plan 2. Recovery Plan 3. Example: 9/11 Terror attacks on World Trade Center Objectives of DRP: Assures the management that normalcy would be restored in a set time Minimization of losses General Components of DRP: 1.DISASTER RECOVERY PLAN (DRP) Disaster Recovery is the process.
with the aim of avoiding larger losses in the event that the business cannot continue to function due to loss of IT infrastructure and data.It is estimated that most large companies spend between 2% and 4% of their IT budget on disaster recovery planning. Of companies that had a major loss of business data: .
Alternatively. the intruder may eavesdrop on the installation by wire tapping. Mitigation Techniques for Unauthorized Intrusion: There should be a separate visitor lounge. The Intentional attacks can be from Intruders outside the organization or even from privileged personnel who abuse their authority (Ex: Disgruntled employees). Entry should be granted only to IT personnel and using biometric devices. . unused accounts are just that many more passwords for someone to find out. The intruder by physically entering the room may steal assets or carry out sabotage. such as fingerprints. voice prints. Install security patches to the operating system.INTENTIONAL THREATS: Unauthorized intrusion can take two forms. Security checking software. Old. or signature characteristics. retina prints. installing an electronic bug or using a receiver that picks up electromagnetic signals. Use alarms to alert entry made by an intruder.
Encryption 5. Firewalls 4.ADMINISTRATIVE CONTROLS: 1. Log on Procedures 2. Anti-Virus Software 6. Hiring Tiger Teams . Call Back Devices 3.
HISTORY OF FINANCIAL RISK Early Market Scenario New Era of Finance . while financial exposure is the possibility of loss. Financial risk arises as a result of financial exposure.FINANCIAL RISK MANAGEMENT Financial Exposure v/s Financial Risk Financial risk refers to the probability of loss.
exchange rates. and transactions with. customers. particularly people. . and commodity prices. Financial risks arising from the actions of. Financial risks resulting from internal actions or failures of the organization. and systems. processes. such as interest rates. and counterparties in derivatives transactions. other organizations such as vendors.HOW DOES FINANCIAL RISK ARISE? Financial risks arising from an organization¶s exposure to changes in market prices.
Diversifiable Risk & Non-diversifiable Risk: Essentially diversifiable risk is that which can be mitigated through a process of pooling risks and vice-versa for non-diversifiable. Speculative Risk: A risk in which either a gain or a loss may occur.TYPES OF FINANCIAL RISK Pure Risk: The situation in which a gain will not occur. The best possible outcome is that of no loss occurring. .
operational staff.WHAT IS FINANCIAL RISK MANAGEMENT? Financial risk management is a process to deal with the uncertainties resulting from financial markets. It involves assessing the financial risks facing an organization and developing management strategies consistent with internal priorities and policies. . Addressing financial risks proactively may provide an organization with a competitive advantage. It also ensures that management. and the board of directors are in agreement on key issues of risk. stakeholders.
and refine as needed. 3. monitor. 2. . Hedge a portion of exposures by determining which exposures can and should be hedged. accept all risks. Implement risk management strategy in accordance with policy. Determine an appropriate level of risk tolerance. There are three broad alternatives for managing risk: 1. or passively by default. Hedge all exposures possible. Do nothing and actively. report. Measure.PROCESS OF FINANCIAL RISK MANAGEMENT The process can be summarized as follows: Identify and prioritize key financial risks.
WAYS OF FINANCIAL RISK MANAGEMENT Different ways of Financial Risk Management Hedging Using Capital Asset Pricing model (CAPM) Hedging Using Market Instruments .
(Rm ± Rf). Beta ( ) calculates the volatility/exposure of a security¶s return to the entire market (CAPM) portfolio. the only risk that remains is the systematic risk.HEDGING USING CAPITAL ASSET PRICING MODEL (CAPM) CAPM or the Capital Asset Pricing model is the most frequently used financial model to enable portfolio diversification.. A well diversified portfolio would have less fluctuation than returns on individually held financial assets. Given that non-systematic risk is virtually nullified by a large portfolio (CAPM assumes such a large portfolio). According to the CAPM Model. Market Rate. risk averse individuals diversify risk in their holding of assets. they do not naturally hedge against each other.e. the only type of risk for which and investor would earn a return would be the systematic risk. Cost of Capital (Ke) = Rf + Where. is the Beta of the portfolio and Rm is the . i. Thus. Rf is the Risk Free Rate. This systematic risk is measured as Beta. If returns on risky assets have less than perfect correlation.
a hedge is a position established in one market in an attempt to offset exposure to the price risk of an equal but opposite obligation or position in another market ² usually.In finance. as long as the entire contract is settled by the end date.WHAT IS HEDGING? Hedge . in the context of one's commercial activity. Open Forwards . SPOT CONTRACTS FORWARD CONTRACTS Closed Forward .Closed forwards must be settled on a specified date.Open forwards set a window of time during which any portion of the contract can be settled. but not always. one can: Protect costs on products and services purchased abroad Protect profit margins on products and services sold abroad Lock-in exchange rates as much as a year in advance . Using FX forwards.
The exporter has collected following information.76% What option does the exporter have to hedge his position for the FX fluctuation risk? Solution: Money market cover: The exporter has a receivable exposure.8075/1.8065 3-m forward (CHF/$) :1.396) ( 1+0. In this case the exporter shall go for forward cover. the exporter can get (1.807.000. The amount can be converted today into CHF (983.381) (1.000. the exposure can be covered in the money market by borrowing in USD. . Amount.000] / [1+0.8075)= CHF 1. if the exporter takes forward cover then he can get this at CHF / USD 1.8054/1.396.775. Spot (CHF/$) :1.000 after 3 months. USD $ 6. Forward Cover: Instead of using money market cover.8083 3-m LIBOR (assumed) : CHF 5%.8075 which will give him cash flow in CHF of (1. If this is invested for 3 months. The receivables can be used to pay.000. which can be borrowed today = [1.381.EXAMPLE FOR FX FORWARDS A Swiss exporter company accepts to receive $ 1.0676 * 3/12] = USD $ 983.8054)= CHF 1.000)(1.500.775.off the loan with interest while the dollars borrowed today can be converted into CHF and invested. Hence.797.00.05 * 3/12) = CHF 1.588.
Options on the 5-year rate (ticker symbol FVX) are based on the yield-to-maturity of the most recently auctioned 5-year Treasury note.Interest Rate Options ± Interest Rate Options are options on the spot yield of U. Options on the 30-year rate (ticker symbol TYX) are based on the yield-to-maturity of the most recently auctioned 30-year Treasury bond. Options on the 10-year rate (ticker symbol TNX) are based on the yield-to-maturity of the most recently auctioned 10-year Treasury note. Available to meet the investor¶s needs are options on short.S. Treasury securities. medium and long-term rates. . The following contracts are available for trading at the Chicago Board Options Exchange: Options on the short-term rate (ticker symbol IRX) are based on the annualized discount rate on the most recently auctioned 13-week Treasury bill.
a yield-based put option holder will profit if. the underlying interest rate rises above the strike price plus the premium paid for the call. increasing the value of the put position. by expiration. Conversely. Contract size: Interest Rate Options use the same $100 multiplier as options on equities and stock indexes European-style exercise: The holder of the option can exercise the right to buy or sell only at expiration. A yield-based call option holder will profit if. . by expiration. This eliminates the risk of early exercise and simplifies investment decisions. the interest rate has declined below the strike price less the premium. Interest Rate Options features: Cash settled: Interest Rate Options are settled in cash.How do interest rate options work? A call buyer anticipates interest rates will go up. There is no need to own or deliver any Treasury securities upon exercise. increasing the value of the call position. A put buyer anticipates that rates will go down.
the standard interest rate for the term and currency of the debenture loan are swapped. the company would be faced with the situation where the interest payments would be in USD whereas the income would be in EUR. The company therefore decides to enter into a CC Swap whereby it receives the USD interest rate and pays the EUR interest rate.A financial foreign currency contract whereby the buyer and seller exchange equal initial principal amounts of two different currencies at the spot rate. The following three examples show how. The cash flows will also be in euros. through a CC Swap. Example: A company needs to borrow euros to fund an investment project. in that case. It transpires that by issuing a loan in USD the company can obtain the required funds more cheaply than by issuing a loan in EUR. . However.Foreign Currency Swaps .
Principal in USD ABC Principal in EUR ING Bank Swap of interest flows during the CC Swap USD interest rate USD interest rate ING Bank ABC on debenture loan EUR interest rate Swap of the principal amounts at maturity of the CC Swap Principal in USD Principal in USD ABC Maturity of debenture Loan in USD Principal in EUR ING Bank .Swap of the principal amounts at the beginning of the CC Swap Principal in USD Debenture issue in USD.
Interest Rate Swaps ± A financial interest rate contracts whereby the buyer and seller swap interest rate exposure over the term of the contract.3 0.5 1.3 2.1 0.4 % 3.0 0.0 % 5.3 2.7 2.3 2. The most common swap contract is the fixed-to-float swap whereby the swap buyer receives a floating rate from the swap seller.1  0.0 2.6 % 5.0 3.4 1.0 0.2 ±0.6 0.3 2.0 2.2 ±0.5 ±0.8 % 3.8 % .3 102. 6Time Month (years) Libor Fixed Floating Swap Rate Rate Net Cash Cash Cash Flows Flows Flows  ±100.0 1.3 2.2 2.5 3.2  ±  0.4 % 4.2 % 5. and the swap seller receives a fixed rate from the swap buyer.6 102.1 2.3 2.5 4.0 1.3  ±100.2 % 4.0  2.9 0.5 2.5 2.8 2.4 % 4.
2. 2. 4. 3. Credit Derivatives Credit Default Total Return Swap Credit Linked Note . 5. 3. Futures Commodity Interest Rate Currency Index Stock 1.OTHER FINANCIAL INSTRUMENTS FOR HEDGING 1.
accept. but as a competency that allows your organization to realize its potential ² whether that means driving top line growth. and develop plans to manage. or making better use of capital assets. enhancing reputation and brand. financial. Organizations need to understand all of their business risks ² strategic. eliminating costs.RISK MANAGED ? Risk management isn¶t just about protecting your business ² it¶s also about making it better. the same cannot be achieved unless Risk Minimisation is paid heed to. . compliance ² align their risk functions and activities to eliminate overlaps and gaps. Although Return Maximization is an objective holding paramount importance for an organisation¶s long term goals. Hence it is essential that an appropriate balance is struck between Risks and Return. Risk management shouldn¶t be thought of as a stand-alone compliance or control activity. operational. or capitalize on those risks.
THANK YOU .
This action might not be possible to undo. Are you sure you want to continue?
We've moved you to where you read on your other device.
Get the full title to continue reading from where you left off, or restart the preview.