Currency Risk management by rbi

8/6/2019 Currency Risk management by rbi

1/27

Currency risk can be termed a sudden fall in the value of a particular currency. Thishappens due to unexpected shifts in the currency exchange rates. To avoid or minimizelosses caused by these incidents, proper currency risk management strategy is veryessential.

Currency risks are related to the floating exchange rates. The currency exchangesare done for a number of reasons. Nowadays, cross border commercial activities are

growing at a rapid pace. Almost everything starting from goods to technologies are

exchanged between the traders of different countries. These transactions are subjected

to currency risk because floating exchange rates are minimizing the chances of fixing the

value of a particular currency.

On the other hand, there are the forex market traders who are involved in trading of

currencies of different countries. These traders participate in the activities of one of the

most liquid world financial markets.

A large number of banks, individuals as well as several national governments are

involved in these activities. These institutions as well as the individual investors are also

in need of currency risk management because the forex market rates and trends change

very quickly.

Two types of risks are managed by currency risk management strategies. These are the

systematic risk and unsystematic risk. Systematic risks are all those risks that affect

each and every kind of investments. Interest rate risk, market risk as well as inflation

risk, all are considered as systematic risks. On the other hand, there are the

unsystematic risks like business and financial risk. Unsystematic risk affects some

definite businesses and not the entire market.

One of the most common currency risk management tool is the forward exchange

contract. According to these contracts that are signed between the potential seller and

purchaser of a particular currency, the exchange rates are fixed before the actual

transaction. The transaction takes place in the future but due to the contract, if the

exchange rate of that currency changes at the time of transaction, the purchaser and the

seller are not affected.

There should also be a definite trading strategy that can be very helpful in hedging the

currency risks. These strategies should be developed after analyzing the market

averages or market indexes properly. On the other hand, there are certain theories

regarding the trading process in the currency market. These are also very helpful for

currency risk management. All these are specialized things and one may seek

professional assistance from the currency risk management firms for the purpose.


2/27

Risk management is the identification, assessment,and prioritization ofrisks(defined in ISO 31000 as the

effect of uncertainty on objectives, whether positive ornegative) followed by coordinated and economicalapplication of resources to minimize, monitor, andcontrol the probability and/or impact of unfortunateevents[1] or to maximize the realization of opportunities.Risks can come from uncertainty in financial markets,project failures, legal liabilities, credit risk, accidents,

natural causes and disasters as well as deliberateattacks from an adversary. Several risk managementstandards have been developed including the ProjectManagement Institute, the National Institute of Scienceand Technology, actuarial societies, and ISOstandards.[2][3] Methods, definitions and goals varywidely according to whether the risk management

method is in the context of project management,security, engineering, industrial processes, financialportfolios, actuarial assessments, or public health andsafety.

The strategies to manage risk include transferring therisk to another party, avoiding the risk, reducing thenegative effect of the risk, and accepting some or all of

the consequences of a particular risk.Certain aspects of many of the risk managementstandards have come under criticism for having nomeasurable improvement on risk even though theconfidence in estimates and decisions increase.[1]

Contents

[hide]

1 Introduction
http://en.wikipedia.org/wiki/Riskhttp://en.wikipedia.org/wiki/ISO_31000http://en.wikipedia.org/wiki/Project_Management_Institutehttp://en.wikipedia.org/wiki/Project_Management_Institutehttp://en.wikipedia.org/wiki/National_Institute_of_Science_and_Technologyhttp://en.wikipedia.org/wiki/National_Institute_of_Science_and_Technologyhttp://en.wikipedia.org/wiki/Risk_analysis_(engineering)http://en.wikipedia.org/wiki/Risk_managementhttp://en.wikipedia.org/wiki/ISO_31000http://en.wikipedia.org/wiki/Project_Management_Institutehttp://en.wikipedia.org/wiki/Project_Management_Institutehttp://en.wikipedia.org/wiki/National_Institute_of_Science_and_Technologyhttp://en.wikipedia.org/wiki/National_Institute_of_Science_and_Technologyhttp://en.wikipedia.org/wiki/Risk_analysis_(engineering)http://en.wikipedia.org/wiki/Risk_managementhttp://en.wikipedia.org/wiki/Risk


3/27

1.1 Method

1.2 Principles of risk management

2 Process

2.1 Establishing the context

2.2 Identification

2.3 Assessment

3 Composite Risk Index

4 Risk Options

4.1 Potential risk treatments

4.2 Create a risk management plan

4.3 Implementation

4.4 Review and evaluation of the plan

5 Limitations

6 Areas of risk management

6.1 Enterprise risk management

6.2 Risk management activities as applied to project

management

6.3 Risk management for megaprojects

6.4 Risk management of Information Technology

6.5 Risk management techniques in petroleum and

natural gas

7 Risk management and business continuity

8 Risk communication

8.1 Bow tie diagrams

8.2 Seven cardinal rules for the practice of risk

communication

9 See also

10 References

11 Further reading

12 External links


4/27

[edit]Introduction

This section provides an introduction to the principlesof risk management. The vocabulary of riskmanagement is defined in ISO Guide 73, "Riskmanagement. Vocabulary."[2]

In ideal risk management, a prioritization process isfollowed whereby the risks with the greatest loss andthe greatest probability of occurring are handled first,and risks with lower probability of occurrence andlower loss are handled in descending order. In practicethe process can be very difficult, and balancingbetween risks with a high probability of occurrence butlower loss versus a risk with high loss but lowerprobability of occurrence can often be mishandled.

Intangible risk management identifies a new type of arisk that has a 100% probability of occurring but isignored by the organization due to a lack ofidentification ability. For example, when deficientknowledge is applied to a situation, a knowledge riskmaterializes. Relationship risk appears whenineffective collaboration occurs. Process-engagementrisk may be an issue when ineffective operationalprocedures are applied. These risks directly reduce theproductivity of knowledge workers, decrease costeffectiveness, profitability, service, quality, reputation,brand value, and earnings quality. Intangible riskmanagement allows risk management to createimmediate value from the identification and reductionof risks that reduce productivity.

Risk management also faces difficulties in allocatingresources. This is the idea ofopportunity cost.Resources spent on risk management could have
http://en.wikipedia.org/w/index.php?title=Risk_management&action=edit&section=1http://en.wikipedia.org/wiki/Risk_managementhttp://en.wikipedia.org/wiki/Probabilityhttp://en.wikipedia.org/wiki/Knowledgehttp://en.wikipedia.org/wiki/Opportunity_costhttp://en.wikipedia.org/w/index.php?title=Risk_management&action=edit&section=1http://en.wikipedia.org/wiki/Risk_managementhttp://en.wikipedia.org/wiki/Probabilityhttp://en.wikipedia.org/wiki/Knowledgehttp://en.wikipedia.org/wiki/Opportunity_cost


5/27

been spent on more profitable activities. Again, idealrisk management minimizes spending and minimizesthe negative effects of risks.

[edit]MethodFor the most part, these methods consist of thefollowing elements, performed, more or less, in thefollowing order.

1. identify, characterize, and assess threats

2.assess the vulnerability of critical assets to

specific threats3.determine the risk (i.e. the expectedconsequences of specific types of attacks onspecific assets)

4. identify ways to reduce those risks

5.prioritize risk reduction measures based on astrategy

[edit]Principles of risk management

The International Organization forStandardization (ISO) identifies the following principlesof risk management:[4]

Risk management should:

create value

be an integral part of organizational processes be part of decision making

explicitly address uncertainty

be systematic and structured

be based on the best available information

be tailored

take into account human factors
http://en.wikipedia.org/w/index.php?title=Risk_management&action=edit&section=2http://en.wikipedia.org/w/index.php?title=Risk_management&action=edit&section=3http://en.wikipedia.org/wiki/International_Organization_for_Standardizationhttp://en.wikipedia.org/wiki/International_Organization_for_Standardizationhttp://en.wikipedia.org/wiki/Risk_managementhttp://en.wikipedia.org/w/index.php?title=Risk_management&action=edit&section=2http://en.wikipedia.org/w/index.php?title=Risk_management&action=edit&section=3http://en.wikipedia.org/wiki/International_Organization_for_Standardizationhttp://en.wikipedia.org/wiki/International_Organization_for_Standardizationhttp://en.wikipedia.org/wiki/Risk_management


6/27

be transparent and inclusive

be dynamic, iterative and responsive to change

be capable of continual improvement andenhancement

[edit]Process

According to the standard ISO 31000 "Riskmanagement -- Principles and guidelines onimplementation,"[3] the process of risk managementconsists of several steps as follows:

[edit]Establishing the contextEstablishing the context involves:

1. Identification of risk in a selected domain ofinterest

2. Planning the remainder of the process.

3. Mapping out the following:

the social scope of risk management the identity and objectives of stakeholders

the basis upon which risks will be evaluated,constraints.

4. Defining a framework for the activity and anagenda for identification.

5.

Developing an analysis of risks involved in theprocess.

6. Mitigation or Solution of risks using availabletechnological, human and organizationalresources.

[edit]Identification

After establishing the context, the next step in the

process of managing risk is to identify potential risks.
http://en.wikipedia.org/w/index.php?title=Risk_management&action=edit&section=4http://en.wikipedia.org/wiki/ISO_31000http://en.wikipedia.org/w/index.php?title=Risk_management&action=edit&section=5http://en.wikipedia.org/w/index.php?title=Risk_management&action=edit&section=6http://en.wikipedia.org/w/index.php?title=Risk_management&action=edit&section=4http://en.wikipedia.org/wiki/ISO_31000http://en.wikipedia.org/w/index.php?title=Risk_management&action=edit&section=5http://en.wikipedia.org/w/index.php?title=Risk_management&action=edit&section=6


7/27

Risks are about events that, when triggered, causeproblems. Hence, risk identification can start with thesource of problems, or with the problem itself.

Source analysis[citation needed] Risk sources may beinternal or external to the system that is the target ofrisk management.

Examples of risk sources are: stakeholders of aproject, employees of a company or the weather overan airport.

Problem analysis[citation needed] Risks are related toidentified threats. For example: the threat of losingmoney, the threat of abuse of privacy information orthe threat of accidents and casualties. The threatsmay exist with various entities, most important withshareholders, customers and legislative bodies suchas the government.

When either source or problem is known, the eventsthat a source may trigger or the events that can lead toa problem can be investigated. For example:stakeholders withdrawing during a project mayendanger funding of the project; privacy informationmay be stolen by employees even within a closednetwork; lightning striking an aircraft during takeoffmay make all people onboard immediate casualties.

The chosen method of identifying risks may depend onculture, industry practice and compliance. Theidentification methods are formed by templates or thedevelopment of templates for identifying source,problem or event. Common risk identification methodsare:

Objectives-based risk identification[citation

needed] Organizations and project teams have
http://en.wikipedia.org/wiki/Wikipedia:Citation_neededhttp://en.wikipedia.org/wiki/Wikipedia:Citation_neededhttp://en.wikipedia.org/wiki/Wikipedia:Citation_neededhttp://en.wikipedia.org/wiki/Wikipedia:Citation_neededhttp://en.wikipedia.org/wiki/Wikipedia:Citation_neededhttp://en.wikipedia.org/wiki/Wikipedia:Citation_neededhttp://en.wikipedia.org/wiki/Wikipedia:Citation_neededhttp://en.wikipedia.org/wiki/Wikipedia:Citation_neededhttp://en.wikipedia.org/wiki/Wikipedia:Citation_needed


8/27

objectives. Any event that may endanger achievingan objective partly or completely is identified as risk.

Scenario-based risk identification In scenario

analysis different scenarios are created. Thescenarios may be the alternative ways to achieve anobjective, or an analysis of the interaction of forcesin, for example, a market or battle. Any event thattriggers an undesired scenario alternative isidentified as risk - see Futures Studies formethodology used by Futurists.

Taxonomy-based risk identification The taxonomyin taxonomy-based risk identification is a breakdownof possible risk sources. Based on the taxonomy andknowledge of best practices, a questionnaire iscompiled. The answers to the questions reveal risks.[5]

Common-risk checking In several industries, lists

with known risks are available. Each risk in the listcan be checked for application to a particularsituation.[6]

Risk charting[7] This method combines the aboveapproaches by listing resources at risk, Threats tothose resources Modifying Factors which mayincrease or decrease the risk and Consequences it

is wished to avoid. Creating a matrix under theseheadings enables a variety of approaches. One canbegin with resources and consider the threats theyare exposed to and the consequences of each.Alternatively one can start with the threats andexamine which resources they would affect, or onecan begin with the consequences and determine
http://en.wikipedia.org/wiki/Scenario_analysishttp://en.wikipedia.org/wiki/Scenario_analysishttp://en.wikipedia.org/wiki/Futures_Studieshttp://en.wikipedia.org/wiki/Futuristshttp://en.wikipedia.org/wiki/Risk_managementhttp://en.wikipedia.org/wiki/Risk_Matrixhttp://en.wikipedia.org/wiki/Scenario_analysishttp://en.wikipedia.org/wiki/Scenario_analysishttp://en.wikipedia.org/wiki/Futures_Studieshttp://en.wikipedia.org/wiki/Futuristshttp://en.wikipedia.org/wiki/Risk_managementhttp://en.wikipedia.org/wiki/Risk_Matrix


9/27

which combination of threats and resources wouldbe involved to bring them about.

[edit]Assessment

Once risks have been identified, they must then beassessed as to their potential severity of loss and tothe probability of occurrence. These quantities can beeither simple to measure, in the case of the value of alost building, or impossible to know for sure in the caseof the probability of an unlikely event occurring.Therefore, in the assessment process it is critical to

make the best educated guesses possible in order toproperly prioritize the implementation of the riskmanagement plan.

The fundamental difficulty in risk assessment isdetermining the rate of occurrence since statisticalinformation is not available on all kinds of pastincidents. Furthermore, evaluating the severity of the

consequences (impact) is often quite difficult forimmaterial assets. Asset valuation is another questionthat needs to be addressed. Thus, best educatedopinions and available statistics are the primarysources of information. Nevertheless, risk assessmentshould produce such information for the managementof the organization that the primary risks are easy to

understand and that the risk management decisionsmay be prioritized. Thus, there have been severaltheories and attempts to quantify risks. Numerousdifferent risk formulae exist, but perhaps the mostwidely accepted formula for risk quantification is:

Rate of occurrence multiplied by the impact of theevent equals risk

[edit]Composite Risk Index
http://en.wikipedia.org/w/index.php?title=Risk_management&action=edit&section=7http://en.wikipedia.org/wiki/Risk_management_planhttp://en.wikipedia.org/wiki/Risk_management_planhttp://en.wikipedia.org/w/index.php?title=Risk_management&action=edit&section=8http://en.wikipedia.org/w/index.php?title=Risk_management&action=edit&section=7http://en.wikipedia.org/wiki/Risk_management_planhttp://en.wikipedia.org/wiki/Risk_management_planhttp://en.wikipedia.org/w/index.php?title=Risk_management&action=edit&section=8


10/27

The above formula can also be re-written in terms of aComposite Risk Index, as follows:

Composite Risk Index = Impact of Risk event x

Probability of OccurrenceThe impact of the risk event is assessed on a scale of0 to 5, where 0 and 5 represent the minimum andmaximum possible impact of an occurrence of a risk(usually in terms of financial losses).

The probability of occurrence is likewise assessed ona scale from 0 to 5, where 0 represents a zeroprobability of the risk event actually occurring while 5represents a 100% probability of occurrence.

The Composite Index thus can take values rangingfrom 0 through 25, and this range is usually arbitrarilydivided into three sub-ranges. The overall riskassessment is then Low, Medium or High, depending

on the sub-range containing the calculated value of theComposite Index. For instance, the three sub-rangescould be defined as 0 to 8, 9 to 16 and 17 to 25.

Note that the probability of risk occurrence is difficult toestimate since the past data on frequencies are notreadily available, as mentioned above.

Likewise, the impact of the risk is not easy to estimate

since it is often difficult to estimate the potentialfinancial loss in the event of risk occurrence.

Further, both the above factors can change inmagnitude depending on the adequacy of riskavoidance and prevention measures taken and due tochanges in the external business environment. Henceit is absolutely necessary to periodically re-assess


11/27

risks and intensify/relax mitigation measures asnecessary.

[edit]Risk Options

This section needs additional citations for verification.Please help improve this article by adding reliable references.Unsourced material may be challenged andremoved.(August 2010)

Risk mitigation measures are usually formulatedaccording to one or more of the following major riskoptions, which are:

1. Design a new business process with adequate built-

in risk control and containment measures from thestart.

2. Periodically re-assess risks that are accepted inongoing processes as a normal feature of businessoperations and modify mitigation measures.

3. Transfer risks to an external agency (e.g. an

insurance company)4. Avoid risks altogether (e.g. by closing down aparticular high-risk business area)

Later research[citation needed] has shown that the financialbenefits of risk management are less dependent onthe formula used but are more dependent on the

frequency and how risk assessment is performed.In business it is imperative to be able to present thefindings of risk assessments in financial terms. RobertCourtney Jr. (IBM, 1970) proposed a formula forpresenting risks in financial terms.[8] The Courtneyformula was accepted as the official risk analysismethod for the US governmental agencies. The

formula proposes calculation of ALE (annualised loss
http://en.wikipedia.org/w/index.php?title=Risk_management&action=edit&section=9http://en.wikipedia.org/wiki/Wikipedia:Verifiabilityhttp://en.wikipedia.org/w/index.php?title=Risk_management&action=edithttp://en.wikipedia.org/wiki/Wikipedia:Identifying_reliable_sourceshttp://en.wikipedia.org/wiki/Wikipedia:Identifying_reliable_sourceshttp://en.wikipedia.org/wiki/Template:Citation_neededhttp://en.wikipedia.org/wiki/Wikipedia:Citation_neededhttp://en.wikipedia.org/wiki/File:Question_book-new.svghttp://en.wikipedia.org/w/index.php?title=Risk_management&action=edit&section=9http://en.wikipedia.org/wiki/Wikipedia:Verifiabilityhttp://en.wikipedia.org/w/index.php?title=Risk_management&action=edithttp://en.wikipedia.org/wiki/Wikipedia:Identifying_reliable_sourceshttp://en.wikipedia.org/wiki/Template:Citation_neededhttp://en.wikipedia.org/wiki/Wikipedia:Citation_needed


12/27

expectancy) and compares the expected loss value tothe security control implementation costs (cost-benefitanalysis).

[edit]Potential risk treatmentsOnce risks have been identified and assessed, alltechniques to manage the risk fall into one or more ofthese four major categories:[9]

Avoidance (eliminate, withdraw from or not becomeinvolved)

Reduction (optimize - mitigate) Sharing (transfer - outsource or insure)

Retention (accept and budget)

Ideal use of these strategies may not be possible.Some of them may involve trade-offs that are notacceptable to the organization or person making therisk management decisions. Another source, from

the US Department of Defense, Defense AcquisitionUniversity, calls these categories ACAT, for Avoid,Control, Accept, or Transfer. This use of the ACATacronym is reminiscent of another ACAT(forAcquisition Category) used in US Defense industryprocurements, in which Risk Management figuresprominently in decision making and planning.

[edit]Risk avoidance

This includes not performing an activity that couldcarry risk. An example would be not buyinga property or business in order to not take on the legalliability that comes with it. Another would be not flyingin order not to take the risk that the airplane were tobe hijacked. Avoidance may seem the answer to all

risks, but avoiding risks also means losing out on the
http://en.wikipedia.org/wiki/Cost-benefit_analysishttp://en.wikipedia.org/wiki/Cost-benefit_analysishttp://en.wikipedia.org/w/index.php?title=Risk_management&action=edit&section=10http://en.wikipedia.org/wiki/Risk_managementhttp://en.wikipedia.org/wiki/US_Department_of_Defensehttp://en.wikipedia.org/wiki/Defense_Acquisition_Universityhttp://en.wikipedia.org/wiki/Defense_Acquisition_Universityhttp://en.wikipedia.org/wiki/Acquisition_Categoryhttp://en.wikipedia.org/w/index.php?title=Risk_management&action=edit&section=11http://en.wikipedia.org/wiki/Real_propertyhttp://en.wikipedia.org/wiki/Legal_liabilityhttp://en.wikipedia.org/wiki/Legal_liabilityhttp://en.wikipedia.org/wiki/Fixed-wing_aircrafthttp://en.wikipedia.org/wiki/Aircraft_hijackinghttp://en.wikipedia.org/wiki/Cost-benefit_analysishttp://en.wikipedia.org/wiki/Cost-benefit_analysishttp://en.wikipedia.org/w/index.php?title=Risk_management&action=edit&section=10http://en.wikipedia.org/wiki/Risk_managementhttp://en.wikipedia.org/wiki/US_Department_of_Defensehttp://en.wikipedia.org/wiki/Defense_Acquisition_Universityhttp://en.wikipedia.org/wiki/Defense_Acquisition_Universityhttp://en.wikipedia.org/wiki/Acquisition_Categoryhttp://en.wikipedia.org/w/index.php?title=Risk_management&action=edit&section=11http://en.wikipedia.org/wiki/Real_propertyhttp://en.wikipedia.org/wiki/Legal_liabilityhttp://en.wikipedia.org/wiki/Legal_liabilityhttp://en.wikipedia.org/wiki/Fixed-wing_aircrafthttp://en.wikipedia.org/wiki/Aircraft_hijacking


13/27

potential gain that accepting (retaining) the risk mayhave allowed. Not entering a business to avoid the riskof loss also avoids the possibility of earning profits.

[edit]Hazard Prevention

Main article: Hazard prevention

Hazard prevention refers to the prevention of risks inan emergency. The first and most effective stage ofhazard prevention is the elimination of hazards. If thistakes too long, is too costly, or is otherwise impractical,the second stage is mitigation.

[edit]Risk reduction

Risk reduction or "optimization" involves reducing theseverity of the loss or the likelihood of the loss fromoccurring. For example, sprinklersare designed to putout a fire to reduce the risk of loss by fire. This methodmay cause a greater loss by water damage andtherefore may not be suitable. Halon fire suppressionsystems may mitigate that risk, but the cost may beprohibitive as a strategy.

Acknowledging that risks can be positive or negative,optimising risks means finding a balance betweennegative risk and the benefit of the operation oractivity; and between risk reduction and effort applied.

By an offshore drilling contractor effectively applyingHSE Management in its organisation, it can optimiserisk to achieve levels of residual risk that are tolerable.[10]

Modern software development methodologies reducerisk by developing and delivering softwareincrementally. Early methodologies suffered from the

fact that they only delivered software in the final phaseof development; any problems encountered in earlier
http://en.wikipedia.org/w/index.php?title=Risk_management&action=edit&section=12http://en.wikipedia.org/wiki/Hazard_preventionhttp://en.wikipedia.org/w/index.php?title=Risk_management&action=edit&section=13http://en.wikipedia.org/wiki/Fire_sprinklerhttp://en.wikipedia.org/wiki/Firehttp://en.wikipedia.org/wiki/Halonhttp://en.wikipedia.org/wiki/Strategyhttp://en.wikipedia.org/w/index.php?title=Risk_management&action=edit&section=12http://en.wikipedia.org/wiki/Hazard_preventionhttp://en.wikipedia.org/w/index.php?title=Risk_management&action=edit&section=13http://en.wikipedia.org/wiki/Fire_sprinklerhttp://en.wikipedia.org/wiki/Firehttp://en.wikipedia.org/wiki/Halonhttp://en.wikipedia.org/wiki/Strategy


14/27

phases meant costly rework and often jeopardized thewhole project. By developing in iterations, softwareprojects can limit effort wasted to a single iteration.

Outsourcing could be an example of risk reduction ifthe outsourcer can demonstrate higher capability atmanaging or reducing risks.[11] For example, acompany may outsource only its softwaredevelopment, the manufacturing of hard goods, orcustomer support needs to another company, whilehandling the business management itself. This way,

the company can concentrate more on businessdevelopment without having to worry as much aboutthe manufacturing process, managing thedevelopment team, or finding a physical location for acall center.

[edit]Risk sharing

Briefly defined as "sharing with another party the

burden of loss or the benefit of gain, from a risk, andthe measures to reduce a risk."

The term of 'risk transfer' is often used in place of risksharing in the mistaken belief that you can transfer arisk to a third party through insurance or outsourcing.In practice if the insurance company or contractor gobankrupt or end up in court, the original risk is likely to

still revert to the first party. As such in the terminologyof practitioners and scholars alike, the purchase of aninsurance contract is often described as a "transfer ofrisk." However, technically speaking, the buyer of thecontract generally retains legal responsibility for thelosses "transferred", meaning that insurance may bedescribed more accurately as a post-event

compensatory mechanism. For example, a personal
http://en.wikipedia.org/wiki/Outsourcinghttp://en.wikipedia.org/w/index.php?title=Risk_management&action=edit&section=14http://en.wikipedia.org/wiki/Legal_riskhttp://en.wikipedia.org/wiki/Outsourcinghttp://en.wikipedia.org/w/index.php?title=Risk_management&action=edit&section=14http://en.wikipedia.org/wiki/Legal_risk


15/27

injuries insurance policy does not transfer the risk of acar accident to the insurance company. The risk stilllies with the policy holder namely the person who has

been in the accident. The insurance policy simplyprovides that if an accident (the event) occurs involvingthe policy holder then some compensation may bepayable to the policy holder that is commensurate tothe suffering/damage.

Some ways of managing risk fall into multiplecategories. Risk retention pools are technically

retaining the risk for the group, but spreading it overthe whole group involves transfer among individualmembers of the group. This is different fromtraditional insurance, in that no premium is exchangedbetween members of the group up front, but insteadlosses are assessed to all members of the group.

[edit]Risk retention

Involves accepting the loss, or benefit of gain, from arisk when it occurs. True self insurance falls in thiscategory. Risk retention is a viable strategy for smallrisks where the cost of insuring against the risk wouldbe greater over time than the total losses sustained. Allrisks that are not avoided or transferred are retainedby default. This includes risks that are so large or

catastrophic that they either cannot be insured againstor the premiums would be infeasible. Waris anexample since most property and risks are not insuredagainst war, so the loss attributed by war is retained bythe insured. Also any amounts of potential loss (risk)over the amount insured is retained risk. This may alsobe acceptable if the chance of a very large loss is

small or if the cost to insure for greater coverage
http://en.wikipedia.org/wiki/Insurancehttp://en.wikipedia.org/w/index.php?title=Risk_management&action=edit&section=15http://en.wikipedia.org/wiki/Self_insurancehttp://en.wikipedia.org/wiki/Warhttp://en.wikipedia.org/wiki/Insurancehttp://en.wikipedia.org/w/index.php?title=Risk_management&action=edit&section=15http://en.wikipedia.org/wiki/Self_insurancehttp://en.wikipedia.org/wiki/War


16/27

amounts is so great it would hinder the goals of theorganization too much.

[edit]Create a risk management plan

Select appropriate controls or countermeasures tomeasure each risk. Risk mitigation needs to beapproved by the appropriate level of management. Forinstance, a risk concerning the image of theorganization should have top management decisionbehind it whereas IT management would have theauthority to decide on computer virus risks.

The risk management plan should propose applicableand effective security controls for managing the risks.For example, an observed high risk of computerviruses could be mitigated by acquiring andimplementing antivirus software. A good riskmanagement plan should contain a schedule forcontrol implementation and responsible persons for

those actions.According to ISO/IEC 27001, the stage immediatelyafter completion of the risk assessment phase consistsof preparing a Risk Treatment Plan, which shoulddocument the decisions about how each of theidentified risks should be handled. Mitigation of risksoften means selection ofsecurity controls, which

should be documented in a Statement of Applicability,which identifies which particular control objectives andcontrols from the standard have been selected, andwhy.

[edit]Implementation

Implementation follows all of the planned methods formitigating the effect of the risks. Purchase insurancepolicies for the risks that have been decided to be
http://en.wikipedia.org/w/index.php?title=Risk_management&action=edit&section=16http://en.wikipedia.org/wiki/ISO/IEC_27001http://en.wikipedia.org/wiki/Risk_assessmenthttp://en.wikipedia.org/wiki/Security_controlshttp://en.wikipedia.org/w/index.php?title=Risk_management&action=edit&section=17http://en.wikipedia.org/w/index.php?title=Risk_management&action=edit&section=16http://en.wikipedia.org/wiki/ISO/IEC_27001http://en.wikipedia.org/wiki/Risk_assessmenthttp://en.wikipedia.org/wiki/Security_controlshttp://en.wikipedia.org/w/index.php?title=Risk_management&action=edit&section=17


17/27

transferred to an insurer, avoid all risks that can beavoided without sacrificing the entity's goals, reduceothers, and retain the rest.

[edit]Review and evaluation of the planInitial risk management plans will never be perfect.Practice, experience, and actual loss results willnecessitate changes in the plan and contributeinformation to allow possible different decisions to bemade in dealing with the risks being faced.

Risk analysis results and management plans shouldbe updated periodically. There are two primaryreasons for this:

1. to evaluate whether the previously selectedsecurity controls are still applicable and effective,and

2. to evaluate the possible risk level changes in the

business environment. For example, informationrisks are a good example of rapidly changingbusiness environment.

[edit]Limitations

If risks are improperly assessed and prioritized, timecan be wasted in dealing with risk of losses that arenot likely to occur. Spending too much time assessing

and managing unlikely risks can divert resources thatcould be used more profitably. Unlikely events dooccur but if the risk is unlikely enough to occur it maybe better to simply retain the risk and deal with theresult if the loss does in fact occur. Qualitative riskassessment is subjective and lacks consistency. Theprimary justification for a formal risk assessment

process is legal and bureaucratic.
http://en.wikipedia.org/w/index.php?title=Risk_management&action=edit&section=18http://en.wikipedia.org/wiki/Risk_analysis_(business)http://en.wikipedia.org/w/index.php?title=Risk_management&action=edit&section=19http://en.wikipedia.org/w/index.php?title=Risk_management&action=edit&section=18http://en.wikipedia.org/wiki/Risk_analysis_(business)http://en.wikipedia.org/w/index.php?title=Risk_management&action=edit&section=19


18/27

Prioritizing the risk management processes too highlycould keep an organization from ever completing aproject or even getting started. This is especially true if

other work is suspended until the risk managementprocess is considered complete.

It is also important to keep in mind the distinctionbetween risk and uncertainty. Risk can be measuredby impacts x probability.

[edit]Areas of risk management

As applied to corporate finance, risk management isthe technique for measuring, monitoring andcontrolling the financial oroperational riskon afirm's balance sheet. See value at risk.

The Basel II framework breaks risks into marketrisk (price risk), credit risk and operational risk andalso specifies methods for calculatingcapital

requirements for each of these components.[edit]Enterprise risk management

Main article: Enterprise Risk Management

In enterprise risk management, a risk is defined as apossible event or circumstance that can have negativeinfluences on the enterprise in question. Its impact canbe on the very existence, the resources (human and

capital), the products and services, or the customers ofthe enterprise, as well as external impacts on society,markets, or the environment. In a financial institution,enterprise risk management is normally thought of asthe combination of credit risk, interest rate risk orassetliability management, market risk, and operational risk.

In the more general case, every probable risk canhave a pre-formulated plan to deal with its possible
http://en.wikipedia.org/wiki/Uncertaintyhttp://en.wikipedia.org/w/index.php?title=Risk_management&action=edit&section=20http://en.wikipedia.org/wiki/Corporate_financehttp://en.wikipedia.org/wiki/Operational_riskhttp://en.wikipedia.org/wiki/Balance_sheethttp://en.wikipedia.org/wiki/Value_at_riskhttp://en.wikipedia.org/wiki/Basel_IIhttp://en.wikipedia.org/wiki/Market_riskhttp://en.wikipedia.org/wiki/Market_riskhttp://en.wikipedia.org/wiki/Credit_riskhttp://en.wikipedia.org/wiki/Capital_requirementshttp://en.wikipedia.org/wiki/Capital_requirementshttp://en.wikipedia.org/w/index.php?title=Risk_management&action=edit&section=21http://en.wikipedia.org/wiki/Enterprise_Risk_Managementhttp://en.wikipedia.org/wiki/Interest_rate_riskhttp://en.wikipedia.org/wiki/Asset_liability_managementhttp://en.wikipedia.org/wiki/Asset_liability_managementhttp://en.wikipedia.org/wiki/Uncertaintyhttp://en.wikipedia.org/w/index.php?title=Risk_management&action=edit&section=20http://en.wikipedia.org/wiki/Corporate_financehttp://en.wikipedia.org/wiki/Operational_riskhttp://en.wikipedia.org/wiki/Balance_sheethttp://en.wikipedia.org/wiki/Value_at_riskhttp://en.wikipedia.org/wiki/Basel_IIhttp://en.wikipedia.org/wiki/Market_riskhttp://en.wikipedia.org/wiki/Market_riskhttp://en.wikipedia.org/wiki/Credit_riskhttp://en.wikipedia.org/wiki/Capital_requirementshttp://en.wikipedia.org/wiki/Capital_requirementshttp://en.wikipedia.org/w/index.php?title=Risk_management&action=edit&section=21http://en.wikipedia.org/wiki/Enterprise_Risk_Managementhttp://en.wikipedia.org/wiki/Interest_rate_riskhttp://en.wikipedia.org/wiki/Asset_liability_managementhttp://en.wikipedia.org/wiki/Asset_liability_management


19/27

consequences (to ensure contingencyif the riskbecomes a liability).

From the information above and the average cost per

employee over time, orcost accrual ratio, a projectmanager can estimate:

the cost associated with the risk if it arises,estimated by multiplying employee costs per unittime by the estimated time lost (costimpact, Cwhere C = cost accrual ratio * S).

the probable increase in time associated with a risk(schedule variance due to risk, Rs where Rs = P *S):

Sorting on this value puts the highest risks to theschedule first. This is intended to cause thegreatest risks to the project to be attempted firstso that risk is minimized as quickly as possible.

This is slightly misleading as schedulevariances with a large P and small S and viceversa are not equivalent. (The risk ofthe RMSTitanic sinking vs. the passengers' mealsbeing served at slightly the wrong time).

the probable increase in cost associated with a risk(cost variance due to risk, Rcwhere Rc = P*C =

P*CAR*S = P*S*CAR) sorting on this value puts the highest risks to the

budget first.

see concerns about schedule variance as this is afunction of it, as illustrated in the equation above.

Risk in a project orprocess can be due eitherto Special Cause Variation orCommon CauseVariation and requires appropriate treatment. That is to
http://en.wikipedia.org/wiki/Cost_accrual_ratiohttp://en.wikipedia.org/wiki/RMS_Titanichttp://en.wikipedia.org/wiki/RMS_Titanichttp://en.wikipedia.org/wiki/RMS_Titanichttp://en.wikipedia.org/wiki/Projecthttp://en.wikipedia.org/wiki/Business_processhttp://en.wikipedia.org/wiki/Special_Cause_Variationhttp://en.wikipedia.org/wiki/Common_Cause_Variationhttp://en.wikipedia.org/wiki/Common_Cause_Variationhttp://en.wikipedia.org/wiki/Cost_accrual_ratiohttp://en.wikipedia.org/wiki/RMS_Titanichttp://en.wikipedia.org/wiki/Projecthttp://en.wikipedia.org/wiki/Business_processhttp://en.wikipedia.org/wiki/Special_Cause_Variationhttp://en.wikipedia.org/wiki/Common_Cause_Variationhttp://en.wikipedia.org/wiki/Common_Cause_Variation


20/27

re-iterate the concern about extremal cases not beingequivalent in the list immediately above.

[edit]Risk management activities as applied to project

managementIn project management, risk management includes thefollowing activities:

Planning how risk will be managed in the particularproject. Plans should include risk managementtasks, responsibilities, activities and budget.

Assigning a risk officer - a team member other thana project manager who is responsible for foreseeingpotential project problems. Typical characteristic ofrisk officer is a healthy skepticism.

Maintaining live project risk database. Each riskshould have the following attributes: opening date,title, short description, probability and importance.Optionally a risk may have an assigned personresponsible for its resolution and a date by which therisk must be resolved.

Creating anonymous risk reporting channel. Eachteam member should have possibility to report riskthat he/she foresees in the project.

Preparing mitigation plans for risks that are chosen

to be mitigated. The purpose of the mitigation plan isto describe how this particular risk will be handled what, when, by who and how will it be done to avoidit or minimize consequences if it becomes a liability.

Summarizing planned and faced risks, effectivenessof mitigation activities, and effort spent for the riskmanagement.

[edit]Risk management for megaprojects
http://en.wikipedia.org/w/index.php?title=Risk_management&action=edit&section=22http://en.wikipedia.org/wiki/Project_managementhttp://en.wikipedia.org/w/index.php?title=Risk_management&action=edit&section=23http://en.wikipedia.org/w/index.php?title=Risk_management&action=edit&section=22http://en.wikipedia.org/wiki/Project_managementhttp://en.wikipedia.org/w/index.php?title=Risk_management&action=edit&section=23


21/27

Megaprojects (sometimes also called "majorprograms") are extremely large-scale investmentprojects, typically costing more than US$1 billion per

project. Megaprojects include bridges, tunnels,highways, railways, airports, seaports, power plants,dams, wastewater projects, coastal flood protectionschemes, oil and natural gas extraction projects, publicbuildings, information technology systems, aerospaceprojects, and defence systems. Megaprojects havebeen shown to be particularly risky in terms of finance,

safety, and social and environmental impacts. Riskmanagement is therefore particularly pertinent formegaprojects and special methods and specialeducation have been developed for such riskmanagement.[12][13]

[edit]Risk management of Information Technology

Main article: IT risk management

Information technology is increasing pervasive inmodern life in every sector.[14][15][16]

IT risk is a risk related to information technology. Thisrelatively new term due to an increasing awarenessthat information security is simply one facet of amultitude of risks that are relevant to IT and the realworld processes it supports.

A number ofmethodologies have been developed todeal with this kind of risk.

ISACA's Risk IT framework ties IT risk to Enterpriserisk management.

[edit]Risk management techniques in petroleum andnatural gas
http://en.wikipedia.org/wiki/Megaprojectshttp://en.wikipedia.org/w/index.php?title=Risk_management&action=edit&section=24http://en.wikipedia.org/wiki/IT_risk_managementhttp://en.wikipedia.org/wiki/Information_technologyhttp://en.wikipedia.org/wiki/IT_riskhttp://en.wikipedia.org/wiki/Information_securityhttp://en.wikipedia.org/wiki/ISACAhttp://en.wikipedia.org/wiki/Risk_IThttp://en.wikipedia.org/wiki/Enterprise_risk_managementhttp://en.wikipedia.org/wiki/Enterprise_risk_managementhttp://en.wikipedia.org/w/index.php?title=Risk_management&action=edit&section=25http://en.wikipedia.org/wiki/Megaprojectshttp://en.wikipedia.org/w/index.php?title=Risk_management&action=edit&section=24http://en.wikipedia.org/wiki/IT_risk_managementhttp://en.wikipedia.org/wiki/Information_technologyhttp://en.wikipedia.org/wiki/IT_riskhttp://en.wikipedia.org/wiki/Information_securityhttp://en.wikipedia.org/wiki/ISACAhttp://en.wikipedia.org/wiki/Risk_IThttp://en.wikipedia.org/wiki/Enterprise_risk_managementhttp://en.wikipedia.org/wiki/Enterprise_risk_managementhttp://en.wikipedia.org/w/index.php?title=Risk_management&action=edit&section=25


22/27

For the offshore oil and gas industry, operational riskmanagement is regulated by the safety case regime inmany countries. Hazard identification and risk

assessment tools and techniques are described in theinternational standard ISO 17776:2000, andorganisations such as the IADC (InternationalAssociation of Drilling Contractors) publish guidelinesfor HSE Case development which are based on theISO standard. Further, diagrammatic representationsof hazardous events are often expected by

governmental regulators as part of risk management insafety case submissions; these are known as bow-tie diagrams. The technique is also used byorganisations and regulators in mining, aviation,health, defence, industrial and finance.[17]

[edit]Risk management and business continuity

Risk management is simply a practice of

systematically selecting cost effective approaches forminimising the effect of threat realization to theorganization. All risks can never be fully avoided ormitigated simply because of financial and practicallimitations. Therefore all organizations have to acceptsome level of residual risks.

Whereas risk management tends to bepreemptive, business continuity planning (BCP) wasinvented to deal with the consequences of realisedresidual risks. The necessity to have BCP in placearises because even very unlikely events will occur ifgiven enough time. Risk management and BCP areoften mistakenly seen as rivals or overlappingpractices. In fact these processes are so tightly tied

together that such separation seems artificial. For
http://en.wikipedia.org/wiki/Safety_casehttp://en.wikipedia.org/w/index.php?title=Risk_management&action=edit&section=26http://en.wikipedia.org/wiki/Business_continuity_planninghttp://en.wikipedia.org/wiki/Safety_casehttp://en.wikipedia.org/w/index.php?title=Risk_management&action=edit&section=26http://en.wikipedia.org/wiki/Business_continuity_planning


23/27

example, the risk management process createsimportant inputs for the BCP (assets, impactassessments, cost estimates etc.). Risk management

also proposes applicable controls for the observedrisks. Therefore, risk management covers severalareas that are vital for the BCP process. However, theBCP process goes beyond risk management'spreemptive approach and assumes that thedisasterwill happen at some point.

[edit]Risk communication

Risk communication is a complex cross-disciplinaryacademic field. Problems for risk communicatorsinvolve how to reach the intended audience, to makethe risk comprehensible and relatable to other risks,how to pay appropriate respect to the audience'svalues related to the risk, how to predict the audience'sresponse to the communication, etc. A main goal of

risk communication is to improve collective andindividual decision making. Risk communication issomewhat related to crisis communication.

[edit]Bow tie diagrams

A popular solution to the quest to communicate risksand their treatments effectively is to use bowtie diagrams. These have been effective, for example,in a public forum to model perceived risks andcommunicate precautions, during the planning stage ofoffshore oil and gas facilities in Scotland. Equally, thetechnique is used for HAZID (Hazard Identification)workshops of all types, and results in a high level ofengagement. For this reason (amongst others) anincreasing number of government regulators for major

hazard facilities (MHFs), offshore oil & gas, aviation,
http://en.wikipedia.org/w/index.php?title=Risk_management&action=edit&section=27http://en.wikipedia.org/w/index.php?title=Risk_management&action=edit&section=28http://en.wikipedia.org/w/index.php?title=Risk_management&action=edit&section=27http://en.wikipedia.org/w/index.php?title=Risk_management&action=edit&section=28


24/27

etc. welcome safety case submissions which usediagrammatic representation of risks at their core.

Communication advantages of bow tie diagrams: [17]

Visual illustration of the hazard, its causes,consequences, controls, and how controls fail.

The bow tie diagram can be readily understood at allpersonnel levels.

"A picture paints a thousand words."[edit]Seven cardinal rules for the practice of risk

communication(as first expressed by the U.S. EnvironmentalProtection Agency and several of the field'sfounders[18])

Accept and involve the public/other consumers aslegitimate partners.

Plan carefully and evaluate your efforts with a focus

on your strengths, weaknesses, opportunities, andthreats.

Listen to the public's specific concerns.

Be honest, frank, and open.

Coordinate and collaborate with other crediblesources.

Meet the needs of the media. Speak clearly and with compassion.[edit]

\Understanding the Risk Management Process

Author : Exforsys Inc. Published on: 25th Mar 2009

Risk management is a process which could be best described as being

systematic. Risk management must never be taken lightly by any
http://en.wikipedia.org/w/index.php?title=Risk_management&action=edit&section=29http://en.wikipedia.org/w/index.php?title=Risk_management&action=edit&section=30http://en.wikipedia.org/w/index.php?title=Risk_management&action=edit&section=29http://en.wikipedia.org/w/index.php?title=Risk_management&action=edit&section=30


25/27

organization. It is designed to deal with risks that may occur in regards

to any aspect of a project.

Ads

While risk management is crucially important, there are a number of

additional things that project teams can do to ensure their projects are

completed properly and safely. Risk management can be broken down

into a number of different steps, and the first of these steps is to take

the time to assess the risks that a project faces.

By assessing the risks, you are essentially taking the time to think of

the things that could go wrong. Once you have an understanding of all

the risks that a project faces, you will next need to prioritize them.

By prioritizing the risks, you will essentially take the time to figure out

which risks are the most important, in other words, you will rate the

risk by how dangerous they are, as well as the probability of the risk

actually occurring. Risk priority numbers will generally be used to

determine the amount of risk the organization faces.

Once this step has been completed, the next step is to take the time to

handle the abatement actions. To do this, you will need to take the

time to plan and put in place the actions which are needed to lower the

impact or the chance of the risk actually occurring. There are a number

of different techniques that can be used within the field of risk

management.


26/27

The techniques will often differ based on the manner in which the risks

have been analyzed. For instance, the risk could be evaluated or

ranked dependent on the severity, as well as the probability of

occurrence. Both effects analysis and failure mode may also be used

for the purpose of analyzing and measuring risk.

No matter how you look at it, the fact remains that the risk

management process is very important when it comes to managing a

project in the proper manner. There are often times when the risk

management process must be repeated multiple times throughout the

life cycle for a given project. The project team must study the risksand then prioritize them.

How Teams Use Risk Management

The team which is working on the project will typically take the time to

carry out risk management tasks and record the things that it learned

from the project. What this means is that many of the things which

have been learned from past projects will need to be used in future

projects.

While this takes up an enormous amount of effort, the time and money

which is wasted could be saved if a certain process was available which

allowed the things learned from any given project to be distributed to

other projects. This process is described by a Japanese word calledyokoten. In basically translates into "one place to another," meaning

that information from one project is immediately transferred to other

projects. This transfer of data can prove to be quite valuable.

One way in which knowledge can be transferred from one project to

another is simply to make use of documents such as FMEA or even the


27/27

risk sheets. However, these methods can prove to be tedious and they

come with a number of problems.

The problem with this method is that it requires an enormous amount

of effort, because the new project will need to analyze the risk

management document from all the projects which have been

completed. There is also the issue of time. Sharing the information

with all the concurrent projects can prove to be very challenging. Then

there is the location issue. If the projects are being conducted in

different locations, sharing information can be quite challenging.

How Projects are Shared

Having said that, it is important to come up with a database tool that

is automated, one that can share information seamlessly between

projects, regardless of the location, time, or related factor

Currency Risk management by rbi

Documents

Transcript of Currency Risk management by rbi