Introduction to Risk Management

Risk Management Fall 2013

Risk Defined

• Risk – possibility of a deviation between actual and

expected outcomes

• Comes from an early Italian word risicare, meaning “to

dare”

• Thus, risk is considered a choice rather than a fate

• Consider a risk that is not taken voluntary

• Risk is not synonymous with “possibility of loss” or “cause

of loss”

• Example of starting a new businesso Positive vs. negative risks

Traditional vs. Contemporary View

• Traditionally, risk and risk management focused on

accidental and hazard exposures, with only negative

outcomeso Pure risk exposures only

• Risk and Risk Management has evolved to take a more

holistic approach to encompass negative and positive

possible outcomeso Pure and speculative risk exposures

Impetus for Change in Risk Management Focus• Numerous high-profile large organizations failures

o Enrono Arthur Andersono Washington Mutualo Tycoo WorldCom

• Financial Crisis of the 2000’s• 2011 Tsunami in Japan – killed approximately 16,000 people• These events made it clear that organizations need to evaluate

and manage supply chain risk• Sarbanes-Oxley Act of 2002

o Requires controls to be disclosed and announced by public companies and their registered auditors in financial information.

o OECD (Organization for Economic Co-operation and Development and World Bank initiatives and the European Union promoted initiatives and Solvency standards for risk management in financial organizations.

Important Risk Dichotomies

• Hazard (or pure) risks and speculativeo Traditional focus on specific, catastrophic exposures

o Examination of exposures in isolation

o Speculative risks include Price and Credit Risk (p. 1.24)

• Subjective and objective risk (table p. 1.24)

• Diversifiable and non-diversifiable risko Diversifiable – affects only some individuals, businesses or groups

• Fire, theft, embezzlemento Non-diversifiable affects a large segment of society

• Unemployment, inflation, and natural disasters

Categories of Risk

• Hazardo Includes property, liability, or personnel loss exposures

• Operational Risko Result from the failure in processes, systems, or controls

• Financial Risko Result from the effect of market forces on financial assets or liability;

includes market risk, credit risk, liquidity risk, and price risk

• Strategic Risko Arises from trends in the economy and society; changes in the

demographic, economic, political, and competitive environments

Why Do We Need Risk Management?

• “Ben Bernanke said in 2008 that a significant factor

causing the 2008 financial crisis was risk-management

weaknesses at large global financial institutions.

• “Banks Bundled Bad Debt, Bet Against it and Won” article

o http://www.nytimes.com/2009/12/24/business/24trading.html?pagewanted=all&_r

=1

&

• Risk Mitigation and Risk Transfer benefit not only the individual

organization but the economy as a whole.

Benefits of Risk Managements to Society

• Reduced waste in resources

• Improved allocation of productive resources

• Reduced systemic risk

RM Tools

• Risk Management techniques:o risk avoidance

o risk control

• hazard or loss reductiono risk retention

o risk transfer

• Hedging and sub-contracting• Insurance

Total Cost of Hazard Risk

• Includes

• Costs of losses not covered by insurance or other sources

• Insurance premiums or expenses incurred for

noninsurance indemnity

• Costs of risk control techniques to reduce accidental losses

• Costs of administering risk management initiatives

Focus of Risk Management

• Reduce the potential loss frequency and loss severity

• Reduce deterrence effects of Hazard risks

• Reduce and managing the downside risko Potential loss from new product from delays, errors, cost

increases, market decline.

o May use stop-loss limits in insurance

• Intelligent Risk Taking

• Maximizing Profitability

Risk Management Goals

• Tolerable Uncertainty

• Legal and Regulatory Compliance

• Survival

• Business Continuity

• Earnings Stability

• Profitability and Growth

• Social Responsibility

• Economy of Risk Management Operations

Changes and trade-offs in Goals?

• Profitability and tolerable uncertainty

• Economy of operations and legality or social responsibility

• Growth vs. tolerable uncertainty

Holistic Risk Management

• Manages risk across all levels and functions within an

organization

• Provides a more complete picture of an organization’s risk

portfolio and profile

• Provides for better decisions and improved outcomes for

senior management

• Facilitates a complete understanding of the risks involved

Regulatory Requirements

• Sarbanes-Oxley Act of 2002o Requires both the management of public companies and their

auditors to assess and report on financial risk and controls

• Dodd-Frank Act of 2010 requires that financial bank

holding companies and certain other public companies

have a risk committee and at least one member of the

committee must be a risk management expert

• Basel III and Solvency II in Europe provide risk

management requirements for financial firms and insurers.

Enterprise Risk Management (ERM)

• Holistic approach to risk management

• Provides a way to manage all of an organization’s risks, including

operational, financial, and strategic risk.

• Three theoretical pillars to explain ERMo Interdependency – should not consider exposures as “silo events”

• Eg., mortgage loans in different geographic areas are not independent

o Correlation – increases risk

• Eg., if all suppliers are in hurricane areao Portfolio Theory – assumes both individual risk and their interactions;

• Eg., an airline may have increased portfolio risk with increased fuel prices; this will also impact consumer demand

Organizational Relationships

• CRO - Chief Risk Officer – reports to both the chief

executive officer and the board risk committeeo Responsibility includes helping create culture in which

divisions, units, and employees become Risk Owners.

Requirements for Implementing ERM

• Risk managers must have authority to make and enforce

necessary changes, often against significant resistance

• Effective Communication

• Knowledge of the type of information the CEO and other

senior managers need to understand the organization’s

risk portfolio.

• The ability to avoid “entrenched silos”, decisions made

without considering the impact on other divisions or on the

overall organization.

Risk Management Framework and Process – Chapter 5

• Components and sets of the RM model

Traditional Steps in the RM Process

• Identify and analyze loss exposures

• Examine feasibility of alternative management techniques

• Select risk management technique

• Implement

• Monitor and improve risk management program

How do we identify the Risk Management exposures?

• survey/questionnaire

• loss history of an organization

• financial statements

• other records and documents

• flowchart of organization’s operations

• personal inspection of facilities

• Professional experts

Examine the feasibility of RM Techniques

risk control techniques- exposure avoidance- loss prevention- loss reduction- segregation of loss exposures - contractual transfers for risk control

risk financing techniques- retention- transfer

Risk Financing

• Retentiono Current expensing of losseso Unfunded reserveo Funded reserveo Borrowing o Captive• Transfer

o Contractual transfer for risk financingo Commercial insuranceo Hedging

Focus of Analysis

• Potential loss frequency

• Potential loss severity

• Risk Control to Prevent losses

• Risk financing to reimburse for losses

• most risk control and risk financing techniques can be

adapted to deal with business risks

Select the RM Technique

• forecasts o The frequency and severity of the

expected losso The effects of various RC and RF

techniques will have on the predictability, frequency, and severity of loss

o The cost of the technique• selection criteria

o Financial and other constraints

Implement the RM Decision

• technical decisions

• managerial decisions

Monitor the RM Program

• establish standards of acceptable performance• compare actual results with standards• correct substandard performance

Steps to the Enterprise-wide RM Process

• Scan the Environment

• Identify risks

• Analyze risks

• Treat risks

• Monitor and make sure the process is effective

• (chart p. 5.19)

Four components of the ERM framework

• Lead and establish accountability

• Align and integrate

• Allocate resources

• Communicate and report

Establishing Accountability

• Identify RISK OWNERS and their roles in the organizationo Someone who is accountable for the identification, assessment,

treatment, and monitoring of risks in a specific environment• Establish Key performance Indicators (KPI)

o A measurement that defines how successfully an organization is progressing toward its long term goal

• Establish key risk indicators (KRI) and use them to evaluate performance

• Develop risk criteria to evaluate the significance of risks

Power, Inc. Case.

• Page 5.22-5.5.30