1 PDFCLASS.

COM

Risk Management
Risk Background
While risk has always been part of financial activity, the 1990's saw risk management become a
key business function within banks and other financial institutions. A major reason for its growth
in importance were the massive losses incurred by some huge global companies during the
1990's, which shocked financial institutions into placing more emphasis on risk management and
controls.

However, industry globalisation and consolidation, product complexity and the increasingly
sophisticated requirements of customers were already leading to a greater emphasis on ensuring
that losses were not incurred due to adverse market conditions, counter party failure, or
inappropriate controls, systems or people.

These factors led to increased regulation, and banking and financial institutions now have to
adhere to the principles of banking regulation advocated by the Basel Capital Accord. They must
strengthen internal controls, enhance disclosure and transparency of financial information and
ensure effective supervision, in order to maintain the sound operation of the banking and
financial markets. This includes identifying and quantifying various risks in advance, as well as
establishing and carrying out effective risk management.

Introduction to Risk management

Risk management is formally defined as the process by which an organization assesses and
addresses its risks. Historically, the role of risk management has been associated with insurance-
buying, occupational safety and health, and legal liability management. In recent years managers
and physicians alike have begun to recognize that organizational risks are pervasive, that these
risks are extraordinarily diverse and complex, and that these risks are not just confined to
"insurable" or accident-related situations. They may include risks arising from actions of
regulatory bodies, third party payers, hospitals, partners, and employees, in addition to the
physiatrist's personal or business investment, management and clinical practice. Furthermore,
changing customer and patient preferences and/or expectations make the assessment of risk an
even more dynamic and continuous process.

The Nature of Risk: Losses and Opportunities

In his novel A Tale of Two Cities, set during the French Revolution of the late eighteenth
century, Charles Dickens wrote, ―It was the best of times; it was the worst of times.‖ Dickens
may have been premature, since the same might well be said now, at the beginning of the
twenty-first century.
 2 PDFCLASS.COM

When we think of large risks, we often think in terms of natural hazards such as hurricanes,
earthquakes, or tornados. Perhaps man-made disasters come to mind—such as the terrorist
attacks that occurred in the United States on September 11, 2001. We typically have overlooked
financial crises, such as the credit crisis of 2008. However, these types of man-made disasters
have the potential to devastate the global marketplace. Losses in multiple trillions of dollars and
in much human suffering and insecurity are already being totaled as the U.S. Congress fights
over a $700 billion bailout. The financial markets are collapsing as never before seen.

Many observers consider this credit crunch, brought on by subprime mortgage lending and
deregulation of the credit industry, to be the worst global financial calamity ever. Its
unprecedented worldwide consequences have hit country after country—in many cases even
harder than they hit the United States. The world is now a global village; we’re so fundamentally
connected that past regional disasters can no longer be contained locally.

We can attribute the 2008 collapse to financially risky behavior of a magnitude never before
experienced. Its implications dwarf any other disastrous events. The 2008 U.S. credit markets
were a financial house of cards with a faulty foundation built by unethical behavior in the
financial markets:

1. Lenders gave home mortgages without prudent risk management to under qualified home
buyers, starting the so-called subprime mortgage crisis.
2. Many mortgages, including subprime mortgages, were bundled into new instruments
called mortgage-backed securities, which were guaranteed by U.S. government agencies
such as Fannie Mae and Freddie Mac.
3. These new bundled instruments were sold to financial institutions around the world.
Bundling the investments gave these institutions the impression that the diversification
effect would in some way protect them from risk.
4. Guarantees that were supposed to safeguard these instruments, called credit default
swaps, were designed to take care of an assumed few defaults on loans, but they needed
to safeguard against a systemic failure of many loans.
5. Home prices started to decline simultaneously as many of the unqualified subprime
mortgage holders had to begin paying larger monthly payments. They could not refinance
at lower interest rates as rates rose after the 9/11 attacks.
6. These subprime mortgage holders started to default on their loans. This dramatically
increased the number of foreclosures, causing nonperformance on some mortgage-backed
securities.
7. Financial institutions guaranteeing the mortgage loans did not have the appropriate
backing to sustain the large number of defaults. These firms thus lost ground, including
one of the largest global insurers, AIG (American International Group).
8. Many large global financial institutions became insolvent, bringing the whole financial
world to the brink of collapse and halting the credit markets.
9. Individuals and institutions such as banks lost confidence in the ability of other parties to
repay loans, causing credit to freeze up.
 3 PDFCLASS.COM

10. Governments had to get into the action and bail many of these institutions out as a last
resort. This unfroze the credit mechanism that propels economic activity by enabling
lenders to lend again.

Risk Management objectives

There are two main areas of focus for Risk Management, each with its own set of objectives:

Internal

To reassure management that the business is aware of, and in control of, current and future
business risks

· To safeguard business assets and reputation

· To help improve the business's operating performance and shareholder value

· To improve efficiency by reducing risk exposure inherent in the business processes

· To support the achievement of strategic goals

External

· To ensure compliance with regulatory requirements

· To deliver competitive advantage

· To reassure stakeholders and interest groups that the business is actively managing risk

Risk Management Process

Four foundational elements frame what executive management and directors need to consider
when evaluating the best way to implement enterprise risk management (ERM). These four
elements – process, integration, culture and infrastructure – are intended to be flexible in
application because strategies, organizational structures, operating philosophies and risk profiles
vary in complexity across industries and firms. We discuss the process element below.

Like any other worthwhile business activity, risk management requires a process with a clear
purpose, reliable inputs, well-designed activities and value-added outputs. The risk management
process typically includes such activities as the identification, sourcing, measurement,
evaluation, mitigation and monitoring of risk.

A well-articulated process view of risk management provides a benchmark for companies to help
them formulate THEIR proprietary view of THEIR process that is responsive to THEIR needs.
 4 PDFCLASS.COM

We discuss each activity of the risk management process below.

Identify Risk

An enterprise risk assessment process identifies and prioritizes a company’s risks, providing
quality inputs to decision makers for the purpose of formulating effective risk responses
including information about the current state of capabilities around managing the priority risks.

Risk assessment spans the entire organization, including critical business units and functional
areas. Effectively applied using business strategy as a context, risk assessment considers such
attributes as impact, likelihood, velocity and persistence.

Source Risk

Once priority risks are identified, they are traced to their root causes. If management understands
the drivers of risk, it is easier to design risk metrics and proactive risk responses at the source.

Measure Risk

There is an old adage that says, ―If you can’t measure risk, you can’t manage it.‖ Because not all
risks are quantifiable, increasing transparency by developing quantitative and qualitative risk
measures is common practice.

Measurement methodologies may be simple and basic, e.g., risk rating or scoring, claims
exposure and cost analysis, sensitivity analysis, stress testing and tracking key variables relating
to an identified exposure. More complex methodologies for companies with more advanced
capabilities might include value at risk, earnings at risk, rigorous analytics that are proprietary to
the company and risk-adjusted performance measurement.

Just remember: Inability to measure a risk doesn’t make it go away.

Evaluate Risk

Based on the priority risks identified, their drivers or root causes and their susceptibility to
measurement, management decides on the appropriate risk response. There are four categories of
risk responses – avoid, accept, reduce and share. These responses may be applied to groups of
related risks consisting of natural families of risks sharing fundamental characteristics (e.g.,
common drivers, positive or negative correlations, etc.) consistent with a portfolio view.

The organization first decides whether to accept or reject a risk based on an assessment of
whether the risk is desirable or undesirable. A desirable risk is one that is inherent in the entity’s
business model or normal future operations and that the company believes it can monitor and
manage effectively. An undesirable risk is one that is off-strategy, offers unattractive rewards or
cannot be monitored or managed effectively.
 5 PDFCLASS.COM

If an entity chooses to accept a risk, it can accept it at its present level, reduce its severity and/or
its likelihood of occurrence (typically through internal controls), or share it with a financially
capable, independent party (typically through insurance or a hedging arrangement).

Mitigate Risk

Depending on the risk response selected, management identifies any gaps in risk management
capabilities and improves those capabilities as necessary to implement the risk response. Over
time, the effectiveness of risk mitigation activities should be monitored.

Monitor Risk

Models, risk analytics and web-enabled technologies make it possible to aggregate information
about risks using common data elements to support the creation of a risk management dashboard
or scorecard for use by risk owners, unit managers and executive management.

Dashboard and scorecard reporting should be flexible enough to enable the design of reports to
address specific needs, including reporting to the board of directors. Examples of dashboard
reporting, which often features ―heat maps‖ or ―traffic light‖ indicators, are provided in the
Application Techniques of the COSO Enterprise Risk Management Integrated Framework.
Monitoring also includes activities of an internal audit function.

The purpose of the risk management process varies from company to company, e.g., reduce risk
or performance variability to an acceptable level, prevent unwanted surprises, facilitate taking
more risk in the pursuit of value creation opportunities, etc. Regardless of purpose, the good
news is that a large body of knowledge on the risk management process is readily available so
that companies can adopt a process view that best fits their circumstances.

Types of Risk Management

Assessment of the risk, obtaining options for handling the risk, and analyzing the risks in order to
determine the ways in which the same may change are some ways to deal with risk. There are
different types of risks and management must be aware of all the kinds. The risks can be
financial risks, process risks, intangible risks, time risks, human risks, legal risks, and physical
risks. Brief notes on various types of risks;

Financial Risk: Financial risk is the loss of key resources like funding, etc. In this case the
company will not have adequate cash flow to meet financial obligations. Credit risk, liquidity
risk, market risk, operational risk are different types of financial risks.

Credit Risk and Investment Risk: When the borrower becomes default and was unable to
make payments as promised it is said to be Credit risk, also called default risk. Investment risk
was associated with this where the investor losses his principal and interest too.
 6 PDFCLASS.COM

Liquidity Risk: Sometimes due to lack of liquidity in the market an asset cannot be sold to make
the profit or to prevent a loss this is what called as Liquidity risk.

Market Risk: Due to the change in value of the market risk factors value of investment portfolio
or the value of a trading portfolio will decrease. Foreign exchange rates, stock prices, interest
rates, and commodity prices are the standard Market risk factors.

Operational Risk: A risk arising from execution of an organisation's business functions is

Operational risk. Risks arising from the people, systems and processes through which an
organisation operates. Fraud risks, legal risks, physical or environmental risks are other
categories included under this.

Process Risk: Risky business processes that could lead to project failure are Process risks.

Intangible Risk: Those risks that are often associated with damage to the reputation of an
organisation or its brand are Intangible risks.

Time Risk: Risks which often involve things connected to time are Time risks.

Human Risk: Loss of critical employees or knowledge which are connected to manpower are
Human risks.

Legal Risk: Losses include government regulations and the same having an impact on the
operations of the company are Legal Risks.

Physical Risk: Physical risks are those loses of physical resources such as equipment, buildings,
land, etc due to natural disasters or manmade.

The benefits of Risk Management

Proper risk management allows a financial institution to prosper through taking and avoiding
risks. Well run companies are now taking a closer interest in what its management is doing to
mitigate risk exposure, allowing for a more efficient, effective and prudently run business.

Good risk management will greatly improve the transparency of how an organisation operates,
providing a roadmap to achieve strategic goals and objectives and reassurance over the
management of risks.

The recently published Turnbull Guidance on Internal Control has focused attention not just on
downside risk, but also on the positive aspects of risk. For the first time, the link between risk
management and improved business performance is acknowledged in governance regulations.

Good risk management enables companies to seize opportunities, as well as prevent disasters.
 7 PDFCLASS.COM

It is vital to the well being of a company, therefore, that managers at all levels take risk
management seriously and not simply during an annual certification process.

A risk based approach can make a company more flexible and responsive to market fluctuations,
making it better able to satisfy the needs of its various stakeholders, in a constantly changing
environment. Companies can also gain an advantage over competitors by identifying and
adapting to circumstances faster than their rivals.

REFERENCES
Google.com

Pdfclass.com

Wikipedia.org

Studymafia.org