CHAPTER-1

BACKGROUND

1.1 BACKGROUND

The following table provides an overview of the major risks that can be managed by financialinstruments with corresponding classes of instruments as per different project types.

Risk Nature of Risk FRM Instruments

Risks associated with Large Scale Projects

Project Development/ Pre-construction PhaseFeasibility analysis indicates project not

Concept to feasible/viable Grants, Contingentimplementation Regulatory clearances delayed/denied Grants (GEF)

Financial closure not achievedConstruction Phase

Time overrunInsurance –

Construction/Cost overrunProject does not meet technical specifications Construction All

Completion Risk Changes to project assumptions make the project Risks (CAR/EAR)unviable

Surety bonds -Counterparty Risk that the Construction Contractor does not PerformanceRisk perform as per contract guarantees

Liquidation damagesOperating Phase

PerformanceTechnical performance

InsuranceManaging the facilityRisk Physical damage to the facility

Counterparty Risk that the O & M Contractor does not performSurety bonds -

PerformanceRisk as per contract guarantees

Liquidation damages

Fuel Supply Intermittent/Irregular fuel supply Weather Insurance/

Risk Derivatives

Credit RiskRelated to default by off taker i.e. inability of the Guarantees

off-taker/ utility running to meet their payment Credit derivativesobligations.

Generic – All Phases

Financial RiskFluctuations in interest rate, currency exchange Standard derivative

rate, etc products

Currency inconvertibility Political RiskInsuranceExpropriation

Political Risk MFI GuaranteesPolitical violence Export CreditBreach of contract

guaranteesForce Majeure Natural Catastrophe Insurance

Risk Man-made interruptions – war, strike, etc Catastrophe bondsRisks associated with small scale projects

Project Developer

DevelopmentLack of start- up capital

Guarantee FundsProject sponsors with limited track records, poor(Credit) Risk

credit historyEnd User

Risks ofphysical

Theft/damage to the facility Micro-insurancedamageincluding theft

Credit Risk Poor financial credibility of end usersGuaranteesCredit lines

Risks associated with Carbon Financed projects

Market RiskDemand Risk – uncertainty on evolution of CER Standard derivative

markets post 2012 products to hedgePrice risk – linked to demand risk against price

Insurance – carbonCER delivery Project fails to generate projected CERs. This is delivery guarantee,Risk linked to the intermittent nature of resource supply permit delivery

guarantee

1.2 AVAILABILITY SURVEY• Secure contracts (such as PPA, EPC contract, O&M agreement and Fuel supply agreement), equipment warranties, insurance products and various national government guarantees are the most utilized risk management instruments to facilitate the construction and operation of renewable energy projects in the focus countries. Naturally, the underlying business case for generating renewable energy (tariff structures, and privatization etc) will determine RE investments in the first case.

• Non-insurance financial instruments (with the exception of weather and credit derivatives) are generally used only to hedge the financial market risk (currency and interest rate) component of large-scale RE project finance deals once terms are in place. However, most of the difficulties in RE finance arrive at the front end of a deal when there is the greatest amount of uncertainty.

• The risk management products available from the multilaterals (such as Partial Credit Guarantees) are better understood by market participants. However, there appears to be little enthusiasm amongst project financiers interviewed for working alongside multilaterals unless there is a guiding strategic motive or large profit incentive.

• Local developing country insurers have generally limited expertise to write renewable energy business. However, where foreign insurers have access to developing country markets most traditional products relevant to RE projects – Property, Construction/Erection all risks; Business interruption, Machinery Breakdown etc- are available for mature RET projects. However, foreign insurer’s access to local insurance market is restricted by local insurance regulations.• With over USD2 billion of combined capacity of about 20 insurance companies participating in this survey, in theory sufficient capacity is available to meet the insurance requirements of the

renewable energy industry. However in reality there are still a number of technical underwriting concerns and barriers associated with for example technology performance risks and the harsh offshore locations, which can restrict / limit participation.

• The ability to deploy insurance capacity in developing countries is also hampered by local insurance regulations which restrict foreign market access. Insurance availability in developing countries is restricted by a lack of adequate financial, legal and service infrastructure as well as lack of credit worthy local insurers, restrictive local insurance regulations and limited distribution channels.

• As most renewable technologies (with the exception of onshore wind) are perceived to be prototypical in nature the limited data on commercial operating history presents a huge challenge to the insurance industry who are unable to accurately model future loss projections and price risk in an economic and sustainable manner. Further practical evaluation of the scope for improving actuarial data and technical risk information flow and studies into new risk based pricing methodologies would serve as useful interventions in catalyzing new thinking for RE projects in insurance market.

CHAPTER-2

OVERVIEW OF RISKS

2.1 INTRODUCTION

Risk : The meaning of ‘Risk’ as per Webster’s comprehensive dictionary is “a chance of encountering harm or loss, hazard, danger” or “to expose to a chance of injury or loss”. Thus, something that has potential to cause harm or loss to one or more planned objectives is called Risk. The word risk is derived from an Italian word “Risicare” which means “To Dare”. It is an expression of danger of an adverse deviation in the actual result from any expected result. Banks for International Settlement (BIS) has defined it as- “Risk is the threat that an event or action will adversely affect an organization’s ability to achieve its objectives and successfully execute its strategies.

Risk can also be termed as peril or hazard. Peril is a cause of loss or a situation of serious and

immediate danger. e.g. - fire, windstorm, theft, flood, collusion, etc. Hazard is a chance of suffering

from danger or peril which may increase profitability of loss.

There are four types of hazard:

Physical hazard – This is a danger likely to happen due to the physical characteristics of an object, which increases the chance of loss. For example defective wiring in a building which enhances the chance of fire.

Moral hazard – It is an increase in the probability of loss due to dishonesty or character defects of an insured person. For example, Burning of unsold goods that are insured in order to increase the amount of claim is a moral hazard.

Morale hazard – It is an attitude of carelessness or indifference to losses, because the losses were insured. For example, careless acts like leaving a door unlocked which makes it easy for a burglar to enter, or leaving car keys in an unlocked car increase the chance of loss.

Legal hazard – It is the severity of loss which is increased because of the regulatory framework or the legal system. For example actions by government departments restricting the ability of insurers to withdraw due to poor underwriting results or a new environment law that alters the risk liability of an organization.

2.2 RISK AS REALITY

Risk is inherent in all activities. It is a normal condition of existence. Risk is the potential for a negative future reality that may or may not happen. Risk is defined by two characteristics of a possible negative future event: probability of occurrence (whether something will happen), and consequences of occurrence (how catastrophic if it happens). If the probability of occurrence is not known then one has uncertainty, and the risk is undefined.

Risk is not a problem. It is an understanding of the level of threat due to potential problems. A problem is a consequence that has already occurred.

In fact, knowledge of a risk is an opportunity to avoid a problem. Risk occurs whether there is anattempt to manage it or not. Risk exists whether you acknowledge it, whether you believe it, whether if it is written down, or whether you understand it. Risk does not change because you

hope it will, you ignore it, or your boss’s expectations do not reflect it. Nor will it change just because it is contrary to policy, procedure, or regulation. Risk is neither good nor bad. It is just how things are. Progress and opportunity are companions of risk. In order to make progress, risksmust be understood, managed, and reduced to acceptable levels.

2.3 . DEGREE OF RISK

Degree of risk refers to the intensity of objective risk, which is the amount of uncertainty in a given situation. It can be assessed by finding the difference between expected loss and actual loss. The formula used is

Degree of risk = loss Expected loss actual and expected the between Difference

Degree of risk is measured by the probability of adverse deviation. If the probability of the

occurrence of an event is high, then greater is the likelihood of deviation from the outcome that

is hoped for and greater the risk, as long as the probability of loss is less than one. In the case of

exposures in large numbers, estimates are made based on the likelihood of the number of losses

that will occur. With regard to aggregate exposures the degree of risk is not the probability of a

single occurrence but it is the probability of an outcome which is different from that expected or

predicted. Therefore insurance companies make predictions about the losses that are expected to

occur and formulate a premium based on that.

2.4 CERTAINTY, RISK AND UNCERTAINTY

Certainty is when there is no doubt of the outcome of an event. But uncertainty is when there is doubt in the achievement of the desired outcome and the potential deviation in the outcome is called risk. The uncertainty in an event arises because of the knowledge which is not sufficient to predict the outcome with certainty. Uncertainty implies that the person does not have thorough knowledge and hence can only make a vague assessment about an objective risk situation. Uncertainty is a perceptual phenomenon that exists in different degrees to different people. It can be represented on a straight line called continuum. This continuum can be divided into different levels of uncertainty.

Certainty Uncertainty

Uncertainty is zero Uncertainty is very high at this

level

At level zero, the exposure to uncertainty is zero and at the right extremity the exposure to uncertainty is 100%.

Level 0 (certainty) – There is no uncertainty at this level. The outcome of an event is known in certain. Events that come under the law of nature such as laws of physics and chemistry fall in this category.

Level 1 (objective probability) – Lowest level of uncertainty, events occurring in this level are categorized by the likelihood of their occurrence. For example tossing of a coin, has an established fact that there are two outcomes either heads or tails, each with a probability 0.5. Level 2 (subjective probability) – In this level, the degree of uncertainty increases. The outcomes of the events in this level are known but assigning probabilistic values to these outcomes is difficult. Probability is assigned with respect to a person, scenario or circumstances. Therefore it is referred to as subjective probability.

Level 3 (complete uncertainty) – The degree of uncertainty is the highest here. The outcomes of the events in this level are difficult to predict and hence the probability of occurrence is not known.

2.5 CLASSIFICATION OF RISK .

Risks are classified or grouped into a similar category in the insurance industry to quantify risk and define the insurance premium to be charged. Classification of risks also helps in placing individual risks with similar expectations of loss in a group or class of risks. By classifying we can also estimate risks from probabilities associated with occurrence, timing and magnitude of events.

2.5.1 Pure and speculative risk

Pure risks are defined as situation in which there are only two outcomes that is the possibility of loss or no loss to an organization but no gain – the event either happens or does not happen. When this risk happens, the chance of making any profit is very badly low. Few examples of pure risk are earthquake, theft, accident, fire etc. A car may or may not meet with an accident. If an insurance policy is bought for the car, then if accident occurs the insurance company incurs loss but on the contrary if accident does not occur there is no gain to the insured. Speculative risks describe situations in which there is a possibility of gain as well as loss. The element of gain is inherent or structured based on the situation. Few examples are gambling on horses, investing in a stock market, merging with an organisation. Thus most of the speculative risks are business related and some speculative risks are optional and can be avoided if desired.

The distinguishing characteristics of pure and speculative risks which is of importance to insurers are the following:

The contract of insurance is usually applicable only to pure risks but not to speculative risks. Insurance is meant to assure us against losses that arise as pure risk, but not to outcomes that lead to both loss and gain. Moreover a particular type of risk may appear speculative for the insurance company but a pure risk for the organisation.

The law of large numbers is easily applicable to pure risks than to speculative risks. The law is important to insurers since it predicts future loss experience. An exception is the example of gambling, where the casino operators apply the law of large numbers in a most efficient way. Speculative risk may profit the society even if a loss occurs. It carries some inherent advantages to the economy. For example speculative activity in the stock market may lead to more efficient allocation of capital. The same does not apply to pure risk. A fire, flood, earthquake cannot benefit the society.

Since pure risk is usually insurable, the discussion on risk is skewed towards pure risks only.

Pure risk is broadly classified into the following four categories: º Property risk. º Personal risk. º Liability risk. º Loss of income risk.

Property risk This is a risk to a person in possession of the property which faces loss because of some unforeseen events. Property includes both movable and immovable possessions. Movable assets are personal assets like personal computer, any appliance. Immovable assets are land, building which suffers loss due to natural calamities. Property risk is further divided into direct and indirect loss. Direct loss – A direct loss is defined as a physical damage due to a given calamity or peril in a direct way. For example, if an office building is damaged by fire, the damage incurred in the direct way is the direct loss.

Indirect loss – The additional expense incurred due to the destruction of the property is the indirect loss. Thus in addition to the physical damage after a fire, the office would lose profits for several months because of reconstruction. The loss of profits is a consequential loss as a consequence of the damage incurred.

Personal risk Personal risks are risks that directly affect the individual’s income. This may either be loss of earned income or extra expenditure or depletion of financial assets. There are four major types of personal risks: Risk of premature death.

Risk of insufficient income during old age.

Risk of poor health.

Risk of unemployment.

Risk of premature death – Premature death occurs when the bread earner of a family dies with unfulfilled financial obligations. Therefore this can cause financial problems only if the deceased has dependents to support. There are four costs which results from this. First, the present value of the family’s share of the deceased breadwinner’s future earnings is lost. Secondly, additional expenses like funeral expenses, uninsured medical bills, inheritance taxes can result. Thirdly, due to insufficient income, the family of the deceased has trouble in making ends meet. Finally, intangible costs due to loss of role model, guidance, and counseling result. Risk of insufficient income during old age – The risk arises when retired people do not have sufficient income after their retirement and it leads to social insecurity. Retired people need to have financial assets from which they can draw income or have access to other sources like private pension.

Risk of poor health – The sudden disability of a person to earn income for living happens to be a disadvantage or sudden risk to that person. The risk of poor health includes payment of medical bills and the loss of earned income. The loss of earned income is a financial insecurity if the disability is severe. Employee benefits may be lost or reduced, savings are depleted and extra care must be taken for the disabled person.

Risk of unemployment – This risk is due to socio-economic factors resulting in financial insecurity. Unemployment results due to business cycle down swings, technology and structure changes in the economy and imperfections in the labor market.

Liability risk This risk arises to a person when there is a possibility of an unintentional damage caused by him to another person because of negligence. Therefore this risk arises when one’s activity causes adversity to another person. For example, construction of factories or dams which results in dislocating number of villagers. This risk arises due to government regulations and acts. It is quite different from the other risks as there is no maximum upper limit to the amount of the loss. A lien can be placed on one’s income and financial assets to satisfy legal judgment and the cost of legal defense could be huge.

Loss of income risk This risk is due to an indirect loss from a certain given risk. For example if a firm is not able to operate due to legal issues or destruction by peril, it takes time to resume its normal operations. Therefore in this period, production stoppage will lead to loss of income.

2.5.2 Fundamental and particular risk

This classification is based on the people who are affected by the event. Those risks which affect an entire economy or a large group within the economy are termed as fundamental risks. For example, cyclic unemployment, epidemics, drought, political and economic changes, and terrorist attacks of recent times affect a large group of people and hence these are fundamental risks. On the other hand, losses that arise out of individual events and are felt by particular individuals and not by a community or a group is termed as particular risks. Examples are burning of a house or an automobile accident. The distinction between a fundamental and a particular risk is that an individual or a concern can have control over particular risk but fundamental risks can hardly be controlled. Social insurance and government insurance compensates for the loss incurred by a fundamental risk but in case of particular risk an individual or a particular enterprise bears the burden of loss.

2.5.3 Static and dynamic risk

Based on the nature of the environment, risks are classified as static and dynamic. Static risks are those which happen within a stable environment and are constant over an observed period of time. They have a regular pattern of occurrence and can be reasonably predicted. Dynamic risks arise from changes in the environment like economic, social, technological and political changes. They are generally less predictable because they do not occur in any degree of regularity. Static risks are immune to the changes in the environment. Dynamic risk resembles speculative risk and static risk resembles pure risk.

2.5.4 Enterprise risk

This is a risk which includes all major risks faced by a business firm. It encompasses risks such as pure risk, speculative risk, strategic risk, operational risk and financial risk. We already studied about pure and speculative risks. Strategic risk is when an organization is uncertain about its goals and objectives. Operational risks may result due to a firm’s business operations. Financial risk is when there is uncertainty of loss because of changes in interest rates, foreign exchange rates and value of money. Enterprise risk plays a vital role in commercial risk management, which is a process in an organization to treat all minor and major risks. Major risks can be addressed by bringing them all together and treating them as one single program. By doing so, the firm can offset one risk against another and also if some risks are negatively correlated overall risk can significantly be reduced.

CHAPTER-3

INTRODUCTION OF RISK MANAGEMENT

3.1 RISK MANAGEMENT

RISK MANAGEMENT DEFINITION : “IDENTIFICATION, ANALYSIS & ECONOMIC CONTROL

OF THOSE RISKS WHICH CAN THREATEN THE ASSETS OR THE EARNING CAPACITY OF AN

ENTERPRISE”

Risk management underscores the fact that the

survival of an organization depends heavily on

its capabilities to anticipate and prepare for the

change rather than just waiting for the change

and react to it. The objective of risk management

is not to prohibit or prevent risk taking activity,

but to ensure that the risks are consciously taken with full knowledge, purpose and clear understanding so that it can be measured and mitigated. It also prevents an institution from suffering unacceptable loss causing an institution to suffer or materially damage its competitive position. Functions of risk management should actually be bank specific dictated by the size and quality of balance sheet, complexity of functions, technical/ professional manpower and the status of MIS in place in that bank.  

Risk management: It is the identification, assessment, and prioritization of risks (defined in ISO 31000 as the effect of uncertainty on objectives, whether positive or negative) followed by coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events or to maximize the realization of opportunities. Risks can come from uncertainty in financial markets, project failures (at any phase in design, development, production, or sustainment life-cycles), legal liabilities, credit risk, accidents, natural causes and disasters as well as deliberate attack from an adversary, or events of uncertain or unpredictable root-cause. Several risk management standards have been developed including the Project Management Institute, the National Institute of Standards and Technology, actuarial societies, and ISO standards. Methods, definitions and goals vary widely according to whether the risk management method is in the context of project management, security, engineering, industrial processes, financial portfolios, actuarial assessments, or public health and safety.

Risk management process ensures that risk management is regularly monitored and that there are mechanisms that alert the management of the entity about arising risks or changes in already managed risks and that the appropriate control devices in order to minimize them are identified.

The role of the internal audit is to conduct assessments on all components and financial and accounting activities or activities with financial implications and to track how public funds are

used, namely if they are used efficiently and effectively and weather the financial information given to the management is appropriate and can contribute to achieving the planned results.

The strategies to manage risk typically include transferring the risk to another party, avoiding the risk, reducing the negative effect or probability of the risk, or even accepting some or all of the potential or actual consequences of a particular risk.

In ideal risk management, a prioritization process is followed whereby the risks with the greatest loss (or impact) and the greatest probability of occurring are handled first, and risks with lower probability of occurrence and lower loss are handled in descending order. In practice the process of assessing overall risk can be difficult, and balancing resources used to mitigate between risks with a high probability of occurrence but lower loss versus a risk with high loss but lower probability of occurrence can often be mishandled.

3.2 PRINCIPLES OF RISK MANAGEMENT

The International Organization for Standardization (ISO) identifies the following principles of risk management:

Risk management should:

create value – resources expended to mitigate risk should be less than the consequence of inaction, or (as in value engineering), the gain should exceed the pain

be an integral part of organizational processes be part of decision making process explicitly address uncertainty and assumptions

be systematic and structured be based on the best available information be tailor able take human factors into account be transparent and inclusive be dynamic, iterative and responsive to change be capable of continual improvement and enhancement be continually or periodically re-assessed

3.3 FACTORS OF RISKS

The risks are measured by the factors hampering business growth. If the profitability potential outweighs risk, then the organisation proceeds with the business operations else it is halted. The risks arise due to innumerable factors. They are broadly classified into two types. They are:

Internal risks – It refers to the risks arising from the events within the business organisations. These risks can be forecasted and their probability of occurrence can be determined. Hence it can be controlled to an appreciable extent. The various factors determining internal risks are:

o Human factors – The employees form an important cause for internal risks. Sometime they result in strikes and lock outs by unions, negligence and dishonesty towards work, accidents or deaths, incompetence of the manager. The suppliers most of the time fails to supply materials on time and default payments by debtors may adversely affect the business organisation.

o Technological factors – It refers to the unpredicted changes in production or distribution techniques. The technological advancements results in higher quality products which insists the organisations to adopt new technology. Hence the organisations practicing traditional techniques might face risk of losing the market for its inferior quality products.

o Physical factors – It refers to the failure of business machinery and equipment, fire or theft in the industry, damages in goods transit. This factor results in loss or damage to the organisation’s property.

External risks – It refers to the risks arising due to the events occurring outside the organisation. These events are generally uncontrolled and hence the resulting risks and their probability of occurrences cannot be forecasted and determined accurately. The various factors determining external risks are:

o Economic factors – It forms the major cause for external risks. The changes in the prevailing market conditions results economic factors. It includes changes in demand for product, price fluctuations, changes in consumer’s preferences and output of trade cycles. The various conditions like increased product competition, inflationary tendency in economy, unemployment, and fluctuations in world economy may adversely affect the business organisation. Such risks caused due to economy changes are known as dynamic risks. These risks are less predictable and may not result in losses because it contains an element of gain to the organisation.

o Natural factors – It refers to the natural calamities over which the organisation has little or no control. It results from events like earthquake, flood, cyclone, famine. Such events may cause loss of life or property to the organisation.

o Political factors – It plays an important role in functioning of long and short term business. It occurs due to the political changes in government, communal violence, civil wars. The changes in government policies and regulations may affect the position and profits of an organisation.

The risks are inevitable and hence it cannot be eliminated completely but can be controlled through proper preventive and corrective measures of risk management.

3.4 RISK CATEGORIES

3.4.1 Credit risk

Credit risk comprises counterparty risk, settlement risk and concentration risk. These risk types are defined as follows:

Counterparty risk is the risk of credit loss to the group as a result of failure by a counterparty to meet its financial and/or contractual obligations to the group. This risk type has three components: • primary credit risk, which is the exposure at default (EAD) arising from lending and related banking product activities including their underwriting; • pre-settlement credit risk, which is the EAD arising from unsettled forward and derivative transactions. This risk arises from the default of the counterparty to the transaction and is measured as the cost of replacing the transaction at current market rates; and • issuer risk, which is the EAD arising from traded credit and equity products including their primary market underwriting.

Settlement risk is the risk of loss to the group from settling a transaction where value is exchanged, but where it fails to receive all or part of the counter value.

Credit concentration risk is the risk of loss to the group as a result of excessive build-up of exposure to, among others, a single counterparty or counterparty segment, an industry, a market, a product, a financial instrument or type of security, a country or geography, or a maturity. This concentration typically exists where a number of counterparties are engaged in similar activities and have similar characteristics, which could result in their ability to meet contractual obligations being similarly affected by changes in economic or other conditions.3.4.1.1 Tools of Credit Risk Management.

The instruments and tools, through which credit risk management is carried out, are detailed below:

a) Exposure Ceilings: Prudential Limit is linked to Capital Funds – say 15% for individual borrower entity, 40% for a group with additional 10% for infrastructure projects undertaken by the group, Threshold limit is fixed at a level lower than Prudential Exposure; Substantial Exposure, which is the sum total of the exposures beyond threshold limit should not exceed 600% to 800% of the Capital Funds of the bank (i.e. six to eight times).

b) Review/Renewal: Multi-tier Credit Approving Authority, constitution wise delegation of powers, Higher delegated powers for better-rated customers; discriminatory time schedule for review/renewal, Hurdle rates and Bench marks for fresh exposures and periodicity for renewal based on risk rating, etc are formulated.

c) Risk Rating Model: Set up comprehensive risk scoring system on a six to nine point scale. Clearly define rating thresholds and review the ratings periodically preferably at half yearly intervals. Rating migration is to be mapped to estimate the expected loss.

d) Risk based scientific pricing: Link loan pricing to expected loss. High-risk category borrowers are to be priced high. Build historical data on default losses. Allocate capital to absorb the unexpected loss. Adopt the RAROC framework.

e) Portfolio Management : The need for credit portfolio management emanates from the necessity to optimize the benefits associated with diversification and to reduce the potential adverse impact of concentration of exposures to a particular borrower, sector or industry. Stipulate quantitative ceiling on aggregate exposure on specific rating categories, distribution of borrowers in various industry, business group and conduct rapid portfolio reviews. The existing framework of tracking the non-performing loans around the balance sheet date does not signal the quality of the entire loan book. There should be a proper & regular on-going system for identification of credit weaknesses well in advance. Initiate steps to preserve the desired portfolio quality and integrate portfolio reviews with credit decision-making process.

f) Loan Review Mechanism : This should be done independent of credit operations. It is also referred as Credit Audit covering review of sanction process, compliance status, review of risk rating, pick up of warning signals and recommendation of corrective action with the objective of improving credit quality. It should target all loans above certain cut-off limit ensuring that at least 30% to 40% of the portfolio is subjected to LRM in a year so as to ensure that all major credit risks embedded in the balance sheet have been tracked. This is done to bring about qualitative improvement in credit administration. Identify loans with credit weakness. Determine adequacy of loan loss provisions. Ensure adherence to lending policies and procedures. The focus of the credit audit needs to be broadened from account level to overall portfolio level. Regular, proper & prompt reporting to Top Management should be ensured.

Credit Audit is conducted on site, i.e. at the branch that has appraised the advance and where the main operative limits are made available. However, it is not required to visit borrowers factory/office premises.

3.4.2 Country risk

Cross-border transfer risk, herein referred to as country risk, is the uncertainty that a client or counterparty, including the relevant sovereign, will be able to fulfil its obligations to the group outside the host country due to political or economic conditions in the host country.

The management of country risk is delegated by the GCC to the group country risk management committee (GCRC), a subcommittee of GROC. The GCRC recommends country risk appetite for individual countries and ensures, through compliance with the country risk standard, that country risk is effectively governed, identified, measured, managed, controlled and reported in the group. An internal rating model is used to determine the rating of each country in which the group has an exposure. The model inputs are continually updated to reflect economic and political changes in countries. The country risk model output provides an internal risk grade which is calibrated to a 1 to 25 rating scale. Reviews of all countries to which the group is exposed are conducted annually. In determining ratings, the group’s network of operations, country visits and external sources of information are used extensively.

3.4.3 Liquidity risk

Liquidity risk arises when the group, despite being solvent, cannot maintain or generate sufficient cash resources to meet its payment obligations as they fall due, or can only do so at materially disadvantageous terms. This type of event may arise where counterparties who provide the bank with funding withdraw or do not roll over that funding, or as a result of a generalised disruption in asset markets which results in normally liquid assets becoming illiquid.Group unencumbered surplus liquidity

3.4.3.1 Liquidity Gap Report

A liquidity gap is the difference between the due balances of assets and liabilities over time.

At any point of time, a positive gap between assets and liabilities is equivalent to shortage of cash. The marginal gap refers to the difference between the changes of assets and liabilities over time. A positive marginal gap means that the change in the values of assets exceeds that of liabilities. The gap profile changes as and when new assets and liabilities are added. The gap profile is represented either in the form of tables or charts. All the assets and liabilities are accounted in liquidity gap report and it is dependent on the dates of maturity and the actual date.

3.4.3.2 Alternative scenarios

Alternative scenario method is used to calculate the adequate liquidity in banks. Depending on the behaviour of cash flow the alternative scenario calculates a banks’ liquidity in different conditions.

There are three scenarios for a bank that provides useful benchmarks. They are:

� Going concern

� Bank specific crisis

� General market crisis

A bank should try to account for any major liquidity changes (positive or negative) that could occur in these scenarios.

Going concern/general market conditions

The going concern/general market conditions scenario is helpful for banks in establishing a standard for the normal business behaviour. Banks use general market conditions to handle the deposit and other debts. With the help of general market conditions the banks avoid the impact of temporary constraints and manage their NFRs. Due to this concern, the banks never face a very large need of cash to be paid on any given day.

Bank specific crisis

The bank specific crises are liquidity crises for individual banks. The crises remain restricted to the banks and provide a sort of worst-case benchmark. The main idea in bank specific crisis is that, the banks liabilities cannot be replaced or rolled over. The banks must pay the liabilities at the time of maturity. If a bank can survive these types of worst-cases, then the bank can survive any kind of small problems.

General market crisis

The general market crises are the ones under which liquidity affects every bank in more than one market. Some banks might think that the nation’s Central bank would ensure that the key markets would continue to function in some form. For bank management, the scenario represents a second type of "worst-case". While surveying the liquidity profile of entire banking sector, the Central bank might find this scenario to be of particular interest. The combined results will suggest the size of the total liquidity buffer in the banking system. The result also suggests the likely distribution of liquidity problems among large institutions.

A bank needs to assign the time for cash flow for each category of asset. The decision about the exact time and size of cash flows is an essential part of the construction of the maturity ladder under every situation.

3.4.3.3 Assumptions in preparation of gap report in terms of assets, liabilities and off balance sheet items

Since the future liquidity position of a firm cannot always be predicted based on the factors, assumptions play an important role in determining the continuing due to the rapidly changing banking markets. But the number of assumptions to be made should be limited. The assumptions can be made based on three aspects. They are assets, liabilities, and off-balance sheet assets.

Assets

Assets are nothing but any item of economic value owned by an individual or corporation. Assumptions regarding a bank’s future stock of assets include their possible marketability and use an asset as a guarantee of existing assets which could increase flow of cash and others.

To determine the marketability of an asset, the method segregates the assets into three categories according to their degree of relative liquidity:

� The highly liquid group of assets consists of components such as interbank loans, cash and securities. Some of the assets might instantaneously be converted into cash at existing market values under almost any situation whereas others, such as interbank loans might lose liquidity in a common crisis.

� A less liquid group of assets consists of bank's saleable loan portfolio. The assignment here is to develop assumptions about a reasonable plan for the clearance of a bank's assets. Some assets, while marketable, might be viewed as unsaleable within the time frame of the liquidity analysis.

� The least liquid group of assets consist of basically unmarketable assets such as loans that are not capable of being readily sold, bank premises and investments in subsidiaries.

Because of the difference in the banks internal asset-liability management, different banks can allot the same assets to different groups on maturity ladder.

While categorising the assets, banks should take care of the effects on the asset’s liquidity under the various conditions. Under normal conditions, there may be assets which are much liquid then during a time of crisis. Therefore a bank may classify the assets according to the type of scenario it is forecasting.

Liabilities

To check the cash flows occurring due to a bank's liabilities, a bank should first examine the behaviour of its liabilities under normal business situations. This would include forming:

� The level of roll-overs of deposits and other liabilities remain normal.

� The actual maturity of deposits with non-contractual maturities, such as demand deposits and others; the normal growth in new deposit accounts.

While examining the cash flow arising from a bank's liabilities during the two crisis scenario, a bank would look at four basic questions. The first two questions represent the proceedings in the flow of cash that tend to reduce the cash outflows planned directly from contractual maturities. The four questions are as follows:

� What are the different sources of funding that are likely to stay with a bank under any situation, and can the count of these sources be increased?

Other than the liabilities identified from this step, a bank's capital and term liabilities that are not maturing within the prospect of the liquidity analysis provide a liquidity buffer.

The total liabilities identified in the first category may be assumed to stay with the bank even when it’s a worst scenario. Some core deposits generally remain with a bank because retail and small scale industry depositors may rely on the public-sector security net to shield them from occurring loss, or because the cost of changing banks, especially for some business services that include transactions accounts, is unaffordable in the very short term.

� What are the sources of funding that can be estimated to run off gradually if problems occur, and at what rate? Is deposit pricing a way for controlling the rate of runoff?

The second category consists of liabilities that have chances of staying back with the bank during the period of slight difficulties and can be used during crisis. Liabilities, includes core deposits that are not already included in the first category. In some countries, other than core deposits, some of the interbank deposits and government funding remains with the bank even though they are considered volatile .for these kinds of cash flows a bank's very own past experience related to liabilities and the experiences of other such firms with similar problems may come handy. And help in creating a time table.

� Which maturing liabilities can be estimated to run off instantly at the first warning of trouble?

The third category consists of the maturing liabilities that remained, including some without contractual maturities, such as wholesale deposits. Under each case, this approach adopts a conservative stand and assumes that these remaining liabilities will be paid back at as early as possible before the maturity date, especially when there is high crisis, as such money may flow to government securities and other safe refuges.

Factors such as diversification and relationship building are considered important during the evaluation of the degree of the outflow of funds and a bank's capacity to replace funds. Nevertheless, in a general market crisis, sometimes high scale firms may find that they receive larger than the usually got wholesale deposit inflows, even though there are no cash inflows existing for other firms in the market.

� Does the bank have a reliable back-up facility?

For example, small banks in local areas may also have credit lines that they can bring down to offset cash discharges. These facilities are rarely found in larger banks but however it depends on the assumptions made on the bank’s liabilities. Such facilities usually need to undergo many changes but only to a limit, especially in a bank specific crisis.

Off balance sheet item

A bank should also examine the availability of sufficient cash flows from its off balance sheet activities (other than the loan commitments already considered), even if they are not a portion of the bank’s recent liquidity analysis.

In addition, the Contingent liabilities, such as letters of credit and financial guarantees, represent potentially significant cash outflow for a bank, but are usually not dependent on a bank's condition. A bank may be able to create a "normal" level of out flow of cash on a regulatory basis, and then estimate the possibility a raise in these flows during periods of stress. However, a general market crisis may generate a considerable increase in the total invocation of letters of credit because of an increase in defaults and liquidations in the market.

Other possible sources of cash outflows are swaps, written Over-The-Counter (OTC) options, and forward foreign exchange rate contracts. For instance, consider that a bank has a large swap book; it would then want to study the circumstances under which it could become a net payer, and whether or not the total net pay-out is significant.

Consider another situation wherein a bank acts as a swap market-maker, with a possibility that in a bank-specific or general market crisis, customers with in-the-money swaps (or a net in-the-money swap position) would try to reduce their credit exposure to the bank by requesting the bank to buy the swaps back. Similarly, a bank would like to review its written OTC options book and any warrants that are due, along with hedges if any against these positions, since certain types of crises sometimes arouse an increase in early exercises or requests that the banks should buy the offer back. These activities could result in an unexpected cash loss, if hedges can neither be quickly liquidated to generate cash nor provide insufficient cash.

Other assumptions

Until now the discussion was centered on the assumption about the behaviour of the specific instrument under different scenarios. At the time of looking the components exclusively, there might be some of the factors that might have a major impact on the cash flows.

The need for liquidity arises from business activities. The banks too need excess funds to support extra operations.

For example, the majority of the banks provide clearing services to financial institutions and correspondent banks. These institutions generate a major sum of cash inflow and cash outflows and unpredicted variations in these services can reduce a bank’s funds to a large extent.

The other expenses such as rent and salary however are not given much importance in the analysis of the bank’s liquidity. But they can be sources of cash outflows in some cases.

3.4.4 Market risk

This is the risk of a change in the actual or effective market value or earnings of a portfolio of financial instruments caused by adverse movements in market variables such as equity, bond and commodity prices; currency exchange and interest rates; credit spreads; recovery rates and correlations; as well as implied volatilities in all of the above.

3.4.5 Operational risk

Operational risk is the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events. This includes information and legal risk but excludes reputational and strategic risk.

3.4.5.1 Responsibility and approach to operational risk management

Operational risk is recognized as a distinct risk category which the group manages within acceptable levels through sound operational risk management practices. The group’s approach to managing operational risk is to adopt practices that are fit for purpose to suit the organizational maturity and particular business environments.

Executive management defines the operational risk appetite at a business unit and group level. This operational risk appetite supports effective decision making and is central to embedding risk management in business decisions and reporting.

3.4.6 Business risk

Business risk relates to the potential revenue shortfall compared to the cost base due to strategic and/or reputational reasons. From an economic capital perspective, business risk capital

requirements are calculated as the potential loss arising over a one-year timeframe, within a certain level of confidence, as implied by the group’s chosen target rating. The group’s ability to generate revenue is impacted by, among others, the external macroeconomic environment, its chosen strategy and its reputation in the markets in which it operates.

Economic capital by risk type June 2010 Rm

December 2009 Rm

Credit risk 28 597 31 336Equity risk 1 865 1 293Market risk 1 768 1 747Operational risk 6 814 6 965Business risk 1 817 1 504Interest rate risk in the banking book

1 620 1 917

Banking activities – economic capital

42 481 44 762

Available financial resources

86 830 81 503

Capital coverage ratio 2,04 1,82

3.4.7 Reputational risk

Reputational risk results from damage to the group’s image among stakeholders, which may impair its ability to retain and generate business. Such damage may result from a breakdown of trust, confidence or business relationships.

3.4.8 Insurance risk This is the risk that future claims and related expenses will exceed the allowance for expected claims and expenses, as determined through measuring policyholder liabilities and in reference to product pricing principles. Insurance risk arises due to uncertainty regarding the timing and amount of future cash flows from insurance contracts, whether due to variations in mortality, morbidity or withdrawal rate, or due to deviations from investment performance assumptions in the case of life products, and claims incidence and severity assumptions in the case of short-term insurance products.

3.4.9 Legal risk

Legal risk arises where: the group’s businesses or functions may not be conducted in accordance with applicable laws in the countries in which it operates; incorrect application of regulatory requirements takes place; the group may be liable for damages to third parties; and contractual obligations may be enforced against the group in an adverse way, resulting from legal proceedings being instituted against it.

Although the group has processes and controls in place to manage its legal risk, failure to manage risks effectively could result in legal proceedings impacting the group adversely, both financially and reputational.

3.4.10 Foreign- Exchange Risk

Foreign exchange risk occurs during the change of investments value occurring due to the changes in currency exchange rates. It refers to the probability of loss occurring due to an adverse movement in foreign exchange rates. For example – Consider an investor residing in United States purchases a bond denominated in Japanese Yen. By this the investor experiences decline in rate of return at which the Yen exchanges for dollars.

The three types of foreign exchange risk or exposure are:

Transaction risk – It is the possibility of affecting future transactions of the organisation due to the changes in currency exchange rates.

Economic risk – It measures the impact of changes in exchange rate risk on the organisation’s cash flows and earnings.

Translation risk – It measures the impact of changes in exchange rate of organisation’s financial statements. It is also known as accounting exposure.

Foreign exchange risk management policies

Well defined policies, set forth the objectives of the bank’s foreign exchange risk management strategy and its parameters. The foreign exchange risk management policies include the following:

� A statement of forex risk principles and objectives - Before setting up the foreign exchange risk limits and management controls it is necessary for banks to decide the goals of foreign exchange risk management plan and in particular, readiness of the bank to assume risk. Therefore, the objective of foreign exchange risk management is to manage the influence of exchange rate changes within self-imposed limits after considering a wide range of possible foreign exchange rate scenarios.

� Limits of forex risks - Risk limits are established according to the relationship between the foreign exchange position and the capital, or according to the foreign exchange volume which includes total cash and the number of transactions. The foreign exchange risk limits cover the following:

- The currencies in which the institution is permitted to experience risk exposure.

- The level of foreign currency exposure that the bank is willing to assume.

� Delegation of authority - Clearly defined levels of delegated authority helps in ensuring that a bank’s foreign exchange positions does not surpass the limits established under the foreign exchange risk management policies. The delegation of authority needs to be clearly recognized, and must include the following:

- The absolute and/or incremental authority to be delegated.

- The units, entities, positions or committees to whom authority is being delegated.

- The ability of receivers to further delegate authority.

- The restrictions placed on the use of delegated authority

The various methods to reduce foreign exchange risks are:

Hedging with futures and forwards contract – The best way to manage foreign exchange risk is by balancing foreign currency holdings or expected revenue with futures or forwards.

Trade options – The foreign currencies contain options which allow the buyers to buy or sell financial assets at a specified price and time. The process to hedge foreign currency with options is similar to hedging futures and forwards, which minimizes the risk of loss in currency trade.

Purchasing swaps – It refers to the exchange of future income streams in different currencies. The organizations’ use swaps sparingly for portions of their foreign holdings.

Open a foreign bank account – The method of depositing foreign currency in foreign banks creates gain in interest rate. When the exchange rate increases, the value of foreign currency also increases.

3.4.11 Environmental risk

The organisations must be able to monitor certain risks with respect to their daily operations. The organisations must identify the specific risk that is concerned with local and global environments. The various factors causing environmental risks include accidents, assaults, and

natural events like earthquake, volcano, tornado, floods, and famine. Hence the organizations must induce environmental risk management which helps in implementing a system of metrics to prevent the environmental problems.

The organizations must emphasize the process of environmental risk management which includes certain protocols to manage the uncertainties within the organizational operations. The procedures must be applied in daily activities and overall infrastructure assessments to eliminate the damages caused in the organisation. The first step is to ensure whether the environmental risk management is effective within the organisation to identify the most critical assets. It is also important for the organizations to determine whether the assets are hampering the long term stability of the environment and their impact on the business. For example if a company uses large amount of paper then the threat of decline in tree growth arises. Hence the organisation must devise recycle paper program method to solve the problem.

The organisation must assess the environment of the specific region in which it desires to make investments. The environmental forecasts are necessary as far as there are no physical hindrances to the organisation. Environmental issues can have significant impact on a company’s stock price.

Raising awareness and training will be an ongoing element of managing environmental risk and identifying opportunities and business solutions to global environmental and social concerns.

3.4.12 Interest rate risk

Interest rate risk occurs due to the change in absolute level of interest rates causing variations in the value of investments. Such changes usually affect the securities like shares, bonds, mutual funds or money market instruments and can be reduced by diversifying or hedging techniques. The evaluation of interest rate risk should consider illiquid hedging products or strategies, and potential impact on fee income which are sensitive to changes in interest rates. They are classified into the following:

Term structure risk (yield curve risk) – It arises from the variations in the movement of interest rates across maturity spectrum. It consists of changes in relationship between interest rates of various maturities of similar market. The changes in relationships occur when the shape of yield curve for a market flattens, steepens, or becomes inverted during interest rate cycle. The yield curve variations can emphasize a bank’s risk position by increasing the effect of maturity mismatches.

Basis risk – It occurs due to the changes in relationship between interest rates for different market sectors.

Options risk – It arises when bank or bank customer gains privileges to alter the level and timing of cash flows of asset, liability or off balance sheet instruments. The option holder has the rights to buy or sell the financial instruments over a specified period of time. But the option holder faces limited downside risks (amount paid for option) and unlimited upside reward. The

option seller faces unlimited downside risk (option exercised during the time of disadvantage) and limited upside reward (retaining premium).

3.4.12.1 Factors Affecting Interest Rate

Interest rate is the amount claimed by a lender from a borrower for the use of the borrowed money. Interest is an opportunity cost in terms of a lender’s perspective and is the cost of capital according to a borrower’s perception. Interest rate is a vital component in market assessments and so it is an important economic indicator. Interest rate is important to companies as well as governments because it is an important constituent of the capital cost.

The following are the factor that influences the level of market interest rate:

Intensity of inflation – Inflation is defined as an increase in the typical price level of goods and services in an economy over a period of time. Inflation reduces the procuring power of a currency. So people with excess funds claim higher interest rates, as they want to protect their investment returns against the unfavorable conditions of higher inflation.

Fluctuation of monetary policy – The central bank of a country controls the money supply in the economy through its monetary policy. In India, the monetary policy of RBI focuses at the price stability and economic growth. If RBI loosens its monetary policy then the interest rate gets reduced which leads to higher inflation. Whereas, if RBI strengthens its monetary policy then interest rate increases, this thereby limits the inflation. Repo rate is used by RBI to inject or remove liquidity from the monetary system.

General economic conditions – If the economic growth of an economy improves then the demand for money goes up. It ultimately compels the interest rates to move forward.

Global liquidity – If global liquidity is high then the domestic liquidity of a country will also be high which ultimately reduces the pressure on interest rates.

Foreign exchange market activity – Foreign investor demand for debt securities influences the interest rate. Higher inflows of foreign capital lead to increase in domestic money supply which in turn leads to higher liquidity and lower interest rates.

Credit and payment history – Making timely mortgage or rent payment is very important. Late payments on credit cards, car payments and other bills affect the interest rate.

Debt to income ratio – The higher the debt to income ratio, the higher will be the interest rate.

Property type – The interest rate depends upon the type of property owned by an individual. The less risky is the property, the better the interest rate proposed.

Loan amount – The amount of money the borrower borrows makes a difference in the interest rate.

Reduced paperwork activities – Many lenders offer reduced paperwork alternatives. These alternatives increase the suitability of getting a loan for the consumer. It also increases the risks for the lender.

Property state – Varying property states have different regulations and requirements that results in fluctuating business costs. These costs are often passed to the consumer in the form of an interest rate for the lenders.

Budgetary deficit – Budgetary deficit and increased borrowing programme of the Government will lead to increase in interest rates as the demand for funds increases. With increase in interest rates, costs go up and this will result in inflation

3.4.12.2 Methods To Reduce Interest Rate Risks :

Diversifying maturities – The rate of return is usually not fixed across all maturity dates. Usually long term securities pay higher return than short term dated securities. Hence these factors can be hedged by spreading fixed income investments across entire yield curve from short term dated maturities to long term bonds. Doing this effectively will provide expectations about future interest rate movements.

Buy fixed or floating swaps – The swaps is an agreement to exchange capital streams from assets to qualities within a period of time. The fixed or floating swaps allow the fixed rate debtor to exchange capital stream debt of identical maturity by paying floating interest rate. Hence, if the interest rate rises, then the debtors receive difference in interest revenues through swaps.

Use real interest rate strategy – It is important to analyse the presence of risk. One way to determine is by using real interest rate, the nominal interest rate (interest earned on a high yield savings account) minus rate of inflation.

Real interest rate = Nominal interest rate – Rate of inflation

The yield curve shows high interest rate risk when it is steep or flat. Hence using such indicator can provide investor with information to diversify across various maturities

Figure : Yield Curve Indicating High Interest Rate Risk

The rising line indicates the steeper curve and the falling line indicates flatter curve

3.5 ELEMENTS OF RISK MANAGEMENT

Risk management is an organized method for identifying and measuring risk and for selecting,developing, and implementing options for the handling of risk. It is a process, not a series ofevents. Risk management depends on risk management planning, early identification and analysis of risks, continuous risk tracking and reassessment, early implementation of corrective actions, communication, documentation, and coordination.

As depicted in Figure all of the parts are interlocked to demonstrate that after initial planning the parts begin to be dependent on each other.

Risk planning

Risk Planning is the continuing process of developing an organized, comprehensive approach to risk management. The initial planning includes establishing a strategy; establishing goals and objectives; planning assessment, handling, and monitoring activities; identifying resources, tasks,and responsibilities; organizing and training risk management IPT members; establishing a method to track risk items; and establishing a method to document and disseminate information on a continuous basis.

Risk Assessment

Risk assessment consists of identifying and analyzing the risks associated with the life cycle ofthe system.

Risk identification activities establish what risks are of concern. These activities include:• Identifying risk/uncertainty sources and drivers,• Transforming uncertainty into risk,• Quantifying risk,• Establishing probability, and• Establishing the priority of risk items.

After identifying the risk items, the risk level should be established. One common method is through the use of a matrix such as shown in Figure 15-5. Each item is associated with a block inthe matrix to establish relative risk among them.

On such a graph risk increases on the diagonal and provides a method for assessing relative risk. Once the relative risk is known, a priority list can be established and risk analysis can begin.

Fig: Risk Matrix

Risk identification efforts can also include activities that help define the probability or consequences of a risk item, such as:

• Testing and analyzing uncertainty away,• Testing to understand probability and consequences, and• Activities that quantify risk where the qualitative nature of high, moderate, low estimates areinsufficient for adequate understanding

Analysis Activities

Risk analysis activities continue the assessment process by refining the description of identifiedrisk event through isolation of the cause of risk, determination of the full impact of risk, and the determination and choose of alternative courses of action. They are used to determine what risk should be tracked, what data is used to track risk, and what methods are used to handle the risk.Risk analysis explores the options, opportunities, and alternatives associated with the risk. It addresses the questions of how many legitimate ways the risk could be dealt with and the best way to do so. It examines sensitivity, and risk interrelationships by analyzing impacts and sensitivity of related risks and performance variation. It further analyzes the impact of potential and accomplished, external and internal changes.

Risk analysis activities that help define the scope and sensitivity of the risk item include findinganswers to the following questions:

• If something changes, will risk change faster, slower, or at the same pace?

• If a given risk item occurs, what collateral effects happen?• How does it affect other risks?• How does it affect the overall situation?• Development of a watch list (prioritized list of risk items that demand constant attention by management) and a set of metrics to determine if risks are steady, increasing, or decreasing.• Development of a feedback system to track metrics and other risk management data.• Development of quantified risk assessment.

Risk Handling

Once the risks have been categorized and analyzed, the process of handling those risks is initiated. The prime purpose of risk handling activities is to mitigate risk. Methods for doing this are numerous, but all fall into four basic categories:• Risk Avoidance,• Risk Control,• Risk Assumption, and• Risk Transfer.

Monitoring and Reporting

Risk monitoring is the continuous process of tracking and evaluating the risk management process by metric reporting, enterprise feedback on watch list items, and regular enterprise input on potential developing risks. (The metrics, watch lists, and feedback system are developed and maintained as an assessment activity.) The output of this process is then distributed throughout the enterprise, so that all those involved with the program are aware of the risks that affect their efforts and the system development as a whole.

CHAPTER-4

PROCESS OF RISK MANAGEMENT

4.1 PROCESS OF RISK MANAGEMENT

Risk management is a process designed and established by management and implemented by the entire staff within the finance and accounting department. This process consists of: defining the risk strategy; identifying and evaluating risks; cost control; monitoring; reviewing and reporting situation of the risks.The process should not be linear, risk management may have impact on other risks as well and measures identified as being effective in limiting a risk and keeping it within acceptable limits may prove beneficial in controlling other risks.

According to the standard ISO 31000 , the process of risk management consists of several steps as follows:

4.1.1. Risk identification :

“How can the assets be or earning capacity of an organization can be threatened?”

Risks are about events that, when triggered, cause problems or benefits. Hence, risk identification can start with the source of our problems and those of our competitors (benefit), or with the problem itself.

Source analysis - Risk sources may be internal or external to the system that is the target of risk management (use mitigation instead of management since by its own definition risk deals with factors of decision-making that cannot be managed).

Examples of risk sources are: stakeholders of a project, employees of a company or the weather over an airport.

Problem analysis - Risks are related to identified threats. For example: the threat of losing money, the threat of abuse of confidential information or the threat of human errors, accidents and casualties. The threats may exist with various entities, most important with shareholders, customers and legislative bodies such as the government.

When either source or problem is known, the events that a source may trigger or the events that can lead to a problem can be investigated. For example: stakeholders withdrawing during a project may endanger funding of the project; confidential information may be stolen by employees even within a closed network; lightning striking an aircraft during takeoff may make all people on board immediate casualties.

The chosen method of identifying risks may depend on culture, industry practice and compliance. The identification methods are formed by templates or the development of templates for identifying source, problem or event. Common risk identification methods are:

Objectives-based risk identification- Organizations and project teams have objectives. Any event that may endanger achieving an objective partly or completely is identified as risk.

Scenario-based risk identification - In scenario analysis different scenarios are created. The scenarios may be the alternative ways to achieve an objective, or an analysis of the interaction of forces in, for example, a market or battle. Any event that triggers an undesired scenario alternative is identified as risk – see Futures Studies for methodology used by Futurists.

Taxonomy-based risk identification - The taxonomy in taxonomy-based risk identification is a breakdown of possible risk sources. Based on the taxonomy and knowledge of best practices, a questionnaire is compiled. The answers to the questions reveal risks.

Common-risk checking- In several industries, lists with known risks are available. Each risk in the list can be checked for application to a particular situation.

Risk charting - This method combines the above approaches by listing resources at risk, threats to those resources, modifying factors which may increase or decrease the risk and consequences it is wished to avoid. Creating a matrix under these headings enables a variety of approaches. One can begin with resources and consider the threats they are exposed to and the consequences of each. Alternatively one can start with the threats and examine which resources they would affect, or one can begin with the consequences and determine which combination of threats and resources would be involved to bring them about.

4.1.2.Risk assessment:

Once risks have been identified, they must then be assessed as to their potential severity of impact (generally a negative impact, such as damage or loss) and to the probability of occurrence. These quantities can be either simple to measure, in the case of the value of a lost building, or impossible to know for sure in the case of the probability of an unlikely event occurring. Therefore, in the assessment process it is critical to make the best educated decisions in order to properly prioritize the implementation of the risk management plan.

Even a short-term positive improvement can have long-term negative impacts. Take the "turnpike" example. A highway is widened to allow more traffic. More traffic capacity leads to greater development in the areas surrounding the improved traffic capacity. Over time, traffic thereby increases to fill available capacity. Turnpikes thereby need to be expanded in a seemingly endless cycles. There are many other engineering examples where expanded capacity (to do any function) is soon filled by increased demand. Since expansion comes at a cost, the resulting growth could become unsustainable without forecasting and management.

The fundamental difficulty in risk assessment is determining the rate of occurrence since statistical information is not available on all kinds of past incidents. Furthermore, evaluating the severity of the consequences (impact) is often quite difficult for intangible assets. Asset valuation is another question that needs to be addressed. Thus, best educated opinions and available statistics are the primary sources of information. Nevertheless, risk assessment should produce such information for the management of the organization that the primary risks are easy to understand and that the risk management decisions may be prioritized. Thus, there have been several theories and attempts to quantify risks. Numerous different risk formulae exist, but perhaps the most widely accepted formula for risk quantification is:

Rate (or probability) of occurrence multiplied by the impact of the event equals risk

magnitudeThe above formula can also be re-written in terms of a Composite Risk Index, as follows:

Composite Risk Index = Impact of Risk event x Probability of Occurrence

The impact of the risk event is commonly assessed on a scale of 1 to 5, where 1 and 5 represent the minimum and maximum possible impact of an occurrence of a risk (usually in terms of financial losses). However, the 1 to 5 scale can be arbitrary and need not be on a linear scale.

The probability of occurrence is likewise commonly assessed on a scale from 1 to 5, where 1 represents a very low probability of the risk event actually occurring while 5 represents a very high probability of occurrence. This axis may be expressed in either mathematical terms (event occurs once a year, once in ten years, once in 100 years etc.) or may be expressed in "plain english" (event has occurred here very often; event has been known to occur here; event has been known to occur in the industry etc.). Again, the 1 to 5 scale can be arbitrary or non-linear depending on decisions by subject-matter experts.

The Composite Index thus can take values ranging (typically) from 1 through 25, and this range is usually arbitrarily divided into three sub-ranges. The overall risk assessment is then Low,

Medium or High, depending on the sub-range containing the calculated value of the Composite Index. For instance, the three sub-ranges could be defined as 1 to 8, 9 to 16 and 17 to 25.

Note that the probability of risk occurrence is difficult to estimate, since the past data on frequencies are not readily available, as mentioned above. After all, probability does not imply certainty.

Likewise, the impact of the risk is not easy to estimate since it is often difficult to estimate the potential loss in the event of risk occurrence.

Further, both the above factors can change in magnitude depending on the adequacy of risk avoidance and prevention measures taken and due to changes in the external business environment. Hence it is absolutely necessary to periodically re-assess risks and intensify/relax mitigation measures, or as necessary. Changes in procedures, technology, schedules, budgets, market conditions, political environment, or other factors typically require re-assessment of risks.

4.1.3. Create a risk management plan

Select appropriate controls or countermeasures to measure

each risk. Risk mitigation needs to be approved by the

appropriate level of management. For instance, a risk

concerning the image of the organization should have

top management decision behind it whereas IT management

would have the authority to decide on computer virus risks.

The risk management plan should propose applicable and effective security controls for managing the risks. For example, an observed high risk of computer viruses could be mitigated by acquiring and implementing antivirus software. A good risk management plan should contain a schedule for control implementation and responsible persons for those actions.

According to ISO/IEC 27001, the stage immediately after completion of the risk assessment phase consists of preparing a Risk Treatment Plan, which should document the decisions about how each of the identified risks should be handled. Mitigation of risks often means selection of security controls, which should be documented in a Statement of Applicability, which identifies which particular control objectives and controls from the standard have been selected, and why.

4.1.4. Implementation

Implementation follows all of the planned methods for mitigating the effect of the risks. Purchase insurance policies for the risks that have been decided to be transferred to an insurer, avoid all risks that can be avoided without sacrificing the entity's goals, reduce others, and retain the rest.

4.1.5. Review and evaluation of the plan

Initial risk management plans will never be perfect. Practice, experience, and actual loss results will necessitate changes in the plan and contribute information to allow possible different decisions to be made in dealing with the risks being faced.

Risk analysis results and management plans should be updated periodically. There are two primary reasons for this:

1. to evaluate whether the previously selected security controls are still applicable and effective

2. to evaluate the possible risk level changes in the business environment. For example, information risks are a good example of rapidly changing business environment.

4.2 ACTIVITIES TO RISK ASSESSMENT:

4.2.1 Activity One: Look for the hazards:

It is necessary for you to stand back from the activity, and look afresh at what could cause harm.

It is important to concentrate on the significant hazards. These are hazards which harm or affect

several people. It might be a good idea to ask others what they think; they may have noted things

that were not immediately obvious to you.

4.2.2 Activity Two: Decide who might be harmed and how?

These could be young people taking part (or waiting to do so), the instructors, others supervising

the activity, those in the area of the activity or casual observers. In identifying the hazards (Step

One) you have already identified the potential of how these people might be harmed.

4.2.3 Activity Three: Evaluate the risk and decide whether existing precautions are

adequate or whether more should be done:

You have already identified the hazards. Now consider the likelihood of each of these hazards

causing harm. This will determine whether or not you need to do more to reduce the risk. It is

possible that even after all reasonable precautions have been taken some degree of risk will

remain. What you have to decide, for each significant hazard, is whether the remaining risk is

high, medium, or low.

For some activities you have to ask yourself if everything has been done to comply with the law -

and, in our context, the requirements also of Policy, Organization and Rules. Everything

reasonably practicable must be done to reduce and control the risk. Your aim is to minimize risks

by adding such precautions as may be necessary. Likewise, the competence of instructors/leaders

and adherence to good practice play a vital role in the provision of safe activities. There are

many ways in which risks can be minimized. This might be a change in venue, additional

training, an increased staff/participant ratio and properly equipped participants. Likewise, plans

may have to be modified during the activity, based on an on-going risk assessment. Later in this

fact sheet, we will relate this to typical Scout activities.

4.2.4 Activity Four: Record your findings:

You must inform those who will be taking part in the activity of your findings and what action

should be taken. The recording of your findings might vary depending upon circumstances. A

risk assessment for the use of a permanent climbing tower on a campsite should be a document

that each instructor has to read (and sign) prior to the start of each session. It should cover the

points you have identified in Steps one-three above. The risk assessment must be suitable and

effective and must show that

A proper check was made.

You decided who might be affected.

You dealt with all the significant hazards, taking into account potential users.

The precautions are reasonable, and the remaining risk is judged acceptable.

The recording of the assessment should be in a format which is easily read - don’t write a book!

Risk assessments are not operating procedures -they inform and determine key aspects of the

operating procedures. At the campsite your risk assessment may have determined that no more

than 30 people may be admitted to the swimming pool at any one time due to the size of the pool

and the need to avoid overcrowding.

This assessment will then be reflected in the pool’s operating procedure and a requirement

placed on the lifeguard and those controlling bookings for the pool to count. A risk assessment

for a day in the hills or on water that you have not visited before cannot be formalized in exactly

the same way. In these cases, refer to the examples later in the fact sheet

.

4.2.5 Activity Five: Review your assessment and revise it if necessary:

In all cases, it is good practice to review your risk assessments from time to time, to ensure that

the precautions are still working effectively. If there are any significant changes, review and

revise the assessments to take account of the new hazard. For those risk assessments for a

Composite, and activities on site, it is important to ensure that when carrying out a risk

assessment the date is also set for the next review. Make sure that all relevant documentation is

changed.

Sample risk assessment sheet:

CHAPTER-5

NEED AND ITS IMPORTANCEIN FINANCE

5.1 THE IMPORTANCE OF FINANCIAL AND ACCOUNTING ACTIVITIES WITHIN

THE ORGANIZATION

The financial and accounting function represents a specialized activity within the organization through which the measurement, evaluation, knowledge, management and control of assets, liabilities and equity can be performed, as well as the outcomes obtained from the economic activity of an organization. Financial and accounting activities ensure chronological and systematic recording, processing, publication and preservation of information regarding financialposition, financial performance and cash flow for both the domestic needs of theorganization as well as for external users.

Information provided by the financial and accounting system refers to the performance of income and expenditure budgets, budget execution outcomes, assets under management, asset outcomes and cost of approved programs.

Also, financial and accounting operations present the situation concerning propriety and assets, namely inventory, calculation, analysis and control of assets denominated in currency, it provides control of operations, processing procedures as well as the accuracy of accounting data provided to users.

The content and range of the financial and accounting activities include:- the existence of material and financial means;- movement and transformation of material and financial means within the economic operations and processes- determination of the final outcome of movements and transformations in a value expression.

Carrying out any economic activity by an organization or entity imposes the preparation and existence of financial and book-keeping records which represent the consignment made in a specific order, based on set principles, of any conducted economic activity or operation. According to the nature of the data and the manner in which they are obtained, processed and represented, financial and book-keeping records take three distinct forms: technical and operational records, accounting records and statistical records, which reflect the overall situation of the organization.

Activities carried out within the financial and accounting function can be grouped as followed:- financial activities which refer to the establishment and use of financial resources;- accounting activities, which relate to preparation of accounting records that reflect the existence, movement and transformation of assets in a value expression. These ensure the integrity of the assets and give a foundation to management decisions.

Finance and book-keeping performed within an organization is key because it reflects any asset operation and in the same time provides a series of data which are used by the management in decision making, as well as a series of users, depending on concerns.

Under these conditions ensuring effective management of financial and accounting hazards is essential for limiting errors and fraud, waste and uneconomical activity. Implementation of an effective risk management system on financial and accounting activities contributes to increasing business performance and overall performance across the entire organization, given the interfering of this function with all other functions within the organization .

5.2 THE NEED FOR RISK MANAGEMENT IN FINANCIAL AND ACCOUNTING

ACTIVITIES

The achieving business objectives or obtaining expected results is burdened by the uncertainty of the nature of the threats, which may become both performance barriers and opportunities. At any time, events or situations may arise, actions or inactions, which result in failure of targets or which can become opportunities to be exploited.

The need for risk management stems from the fact that uncertainty is a reality and a reaction to this uncertainty is a permanent preoccupation. Therefore, the acquisition of a risk management system, widely accepted across the organization, becomes indispensable to financial and accounting activities.

Implementing a risk management system in the financial and accounting activity is necessary due to the following:- Risk management requires change in management style – managers must deal with both the consequences of events that occurred and to devise and implement measures that are likely to reduce risks so that the organization can carry out it’s activities in good conditions;- Risk management facilitates effectiveness and efficiency in terms of achieving objectives – knowledge of threats enables risk rating based on the probability of materialisation, the magnitude of the impact and the costs necessary for implementing measures for reducing or limiting unwanted effects.- Risk management provides appropriate conditions for a healthy internal control – ensuring the functioning of internal control involves a complex set of management measures in order to obtain reasonable assurance that objectives will be achieved.

Risk management involves identifying risks associated to developed activities and establishing means to respond to them, by putting into practice adequate internal control devices to mitigate the possibility of them occurring or the consequences in case the risk already materialized. The process must be coherent and convergent, integrated to the objectives, activities and operationscarried out under the financial and accounting structure.

Also, staff members, regardless of their hierarchical level, should be aware of the importance of risk management in achieving their objectives and implement monitoring and control based on principles of efficiency and effectiveness.

Financial and accounting officers must periodically analyze the risk of their activities, develop appropriate plans in order to limit the possible consequences of such risks and determine actions necessary for implementing the objectives of the plans.

CHAPTER-6

FRAMEWORK AND STRATEGIESOF RISK MANAGEMENT

6.1 FRAMEWORK

6.1.1 Governance structure

Strong independent oversight is in place at all levels throughout the group. The group audit committee (GAC) is responsible for:

reviewing the group’s financial position and making recommendations to the board on all financial matters, including assessing the integrity and effectiveness of accounting, financial, compliance and other control systems; and

ensuring effective communication between internal auditors, external auditors, the board, management and regulators. The group risk and capital management committee (GRCMC) and the group credit committee (GCC) provide, among other things, independent and objective oversight of risk and capital management across the group by:

reviewing and providing oversight of the adequacy and effectiveness of the group’s risk management control framework;

approving risk and capital management governance standards and policies; andVarious committees allow executive management and the board to evaluate the risks faced by the group, as well as the effectiveness of the group’s management of these risks. These committees are integral to the group’s risk governance structure.

The senior committees are set out in figure

Figure : Governance reporting structure

Standard BankGroup board

Management committees

Group auditcommittee

Group risk andcapital

management

Group executivecommittee

Board Committees

Group creditcommittee

Global Personal

& BusinessBanking

creditcommittee

Group risk oversightcommittee

SBSA large exposure

credit

Global Corporate

& Investment

Banking credit

committee

Group capitalmanage

mentcommitt

ee

GroupRisk compliance committee

Groupcountry

risk managem

entcommitte

e

Transaction

review

committee

Groupoperational riskcommitt

ee

Group assetand

liabilitycommit

tee

Intragroup exposure committee

1 The board has delegated authority to these committees to act as nominated designated committees in respect of the regulations.4 Standard Bank Group risk management report for the six months ended June 2010

approving and monitoring the group’s risk profile and risk tendency against risk appetite for each risk type under normal and potential stress conditions.

Executive management oversight for all risk types at group level has been delegated by the group executive committee to the group risk oversight committee (GROC). This committee considers and, to the extent required, recommends for approval by the relevant board committees:

levels of risk appetite and tolerance; risk governance standards for each risk type; actions on the risk profile; risk strategy and key risk controls across the group; capital planning and capital funding activities; utilisation of risk appetite; and usage and allocation of economic capital parameters for modelling, stress testing and scenario analysis.

The GRCMC, GCC, GAC and GROC meet at least quarterly, with additional meetings conducted when necessary. The group risk management subcommittees set out in figure report directly to GROC and through GROC to the GRCMC, the GCC and GAC.

6.1.2 Approach and structure The group’s approach to risk management is based on well established governance processes and relies on both individual responsibility and collective oversight, supported by comprehensive reporting. This approach balances strong corporate oversight at group level, beginning with proactive participation by the group chief executive and the group executive committee in all significant risk matters, with independent risk management structures within individual business units.

Business unit heads are primarily responsible for managing risk within each of their businesses and for ensuring that appropriate, adequately designed and effective risk management frameworks are in place, and that these frameworks are compliant with the group’s risk governance standards.

To ensure independence and appropriate segregation of responsibilities between business and risk management, business unit chief risk officers and chief credit risk officers report operationally to their respective business unit heads and functionally to either the group chief risk officer or the group chief credit officer.

6.1.3 Risk governance standards, policies and procedures

The group has developed a set of risk governance standards for each major risk type to which it is exposed. The standards set out and ensure alignment and consistency in the way in which we deal with major risk types across the group, from identification to reporting.

All standards are applied consistently across the group and are approved by the GRCMC or the GCC. It is the responsibility of executive management in each business unit to ensure that the risk governance standards, as well as supporting policies and procedures, are implemented and independently monitored by the risk management team in that particular business unit.Compliance with risk standards is controlled through annual self-assessments conducted by business units and group risk and review independently by the group internal auditors.

6.2 RISK MANAGEMENT STRATEGIES

Once risks have been identified and assessed, all techniques to manage the risk fall into one or more of these major categories:

Avoidance (eliminate, withdraw from or not become involved) Reduction (optimize – mitigate) Sharing (transfer – outsource or insure) Retention (accept and budget) Hedging Combination

Ideal use of these strategies may not be possible. Some of them may involve trade-offs that are not acceptable to the organization or person making the risk management decisions. Another source, from the US Department of Defense , Defense Acquisition University, calls these categories ACAT, for Avoid, Control, Accept, or Transfer. This use of the ACAT acronym is reminiscent of another ACAT (for Acquisition Category) used in US Defense industry procurements, in which Risk Management figures prominently in decision making and planning.

6.2.1 Risk avoidance

This includes not performing an activity that could carry risk. An example would be not buying a property or business in order to not take on the legal liability that comes with it. Another would be not flying in order not to take the risk that the airplane were to be hijacked. Avoidance may seem the answer to all risks, but avoiding risks also means losing out on the potential gain that accepting (retaining) the risk may have allowed. Not entering a business to avoid the risk of loss also avoids the possibility of earning profits. Increasing risk regulation in hospitals has led to avoidance of treating higher risk conditions, in favor of patients presenting with lower risk.

6.2.2 Hazard prevention

Hazard prevention refers to the prevention of risks in an emergency. The first and most effective stage of hazard prevention is the elimination of hazards. If this takes too long, is too costly, or is otherwise impractical, the second stage is mitigation.

6.2.3 Risk reduction

Risk reduction or "optimization" involves reducing the severity of the loss or the likelihood of the loss from occurring. For example, sprinklers are designed to put out a fire to reduce the risk of loss by fire. This method may cause a greater loss by water damage and therefore may not be suitable. Hal on fire suppression systems may mitigate that risk, but the cost may be prohibitive as a strategy.

Acknowledging that risks can be positive or negative, optimizing risks means finding a balance between negative risk and the benefit of the operation or activity; and between risk reduction and effort applied. By an offshore drilling contractor effectively applying HSE Management in its organization, it can optimize risk to achieve levels of residual risk that are tolerable.

Modern software development methodologies reduce risk by developing and delivering software incrementally. Early methodologies suffered from the fact that they only delivered software in the final phase of development; any problems encountered in earlier phases meant costly rework and often jeopardized the whole project. By developing in iterations, software projects can limit effort wasted to a single iteration.

Outsourcing could be an example of risk reduction if the outsourcer can demonstrate higher capability at managing or reducing risks. For example, a company may outsource only its software development, the manufacturing of hard goods, or customer support needs to another company, while handling the business management itself. This way, the company can concentrate more on business development without having to worry as much about the manufacturing process, managing the development team, or finding a physical location for a call center.

6.2.4 Risk sharing

Briefly defined as "sharing with another party the burden of loss or the benefit of gain, from a risk, and the measures to reduce a risk."

The term of 'risk transfer' is often used in place of risk sharing in the mistaken belief that you can transfer a risk to a third party through insurance or outsourcing. In practice if the insurance company or contractor go bankrupt or end up in court, the original risk is likely to still revert to the first party. As such in the terminology of practitioners and scholars alike, the purchase of an insurance contract is often described as a "transfer of risk." However, technically speaking, the buyer of the contract generally retains legal responsibility for the losses "transferred", meaning that insurance may be described more accurately as a post-event compensatory mechanism. For example, a personal injuries insurance policy does not transfer the risk of a car accident to the

insurance company. The risk still lies with the policy holder namely the person who has been in the accident. The insurance policy simply provides that if an accident (the event) occurs involving the policy holder then some compensation may be payable to the policy holder that is commensurate to the suffering/damage.

Some ways of managing risk fall into multiple categories. Risk retention pools are technically retaining the risk for the group, but spreading it over the whole group involves transfer among individual members of the group. This is different from traditional insurance, in that no premium is exchanged between members of the group up front, but instead losses are assessed to all members of the group.

6.2.5 Risk retention

Involves accepting the loss, or benefit of gain, from a risk when it occurs. True self insurance falls in this category. Risk retention is a viable strategy for small risks where the cost of insuring against the risk would be greater over time than the total losses sustained. All risks that are not avoided or transferred are retained by default. This includes risks that are so large or catastrophic that they either cannot be insured against or the premiums would be infeasible. War is an example since most property and risks are not insured against war, so the loss attributed by war is retained by the insured. Also any amounts of potential loss (risk) over the amount insured is retained risk. This may also be acceptable if the chance of a very large loss is small or if the cost to insure for greater coverage amounts is so great it would hinder the goals of the organization too much.

6.2.6 Risk Hedging

Hedging is the practice of taking a position in one market to offset and balance against the risk adopted by assuming a position in a contrary or opposing market or investment. The word hedge is from Old English hecg, originally any fence, living or artificial. The use of the word as a verb in the sense of "dodge, evade" is first recorded in the 1590s; that of insure oneself against loss, as in a bet, is from 1670s.

The taking of an offsetting position in related assets so as to profit from relative price movements. For example, an investor might purchase futures contracts on gold and sell futures contracts on silver in the belief that gold will become relatively more valuable compared with silver over the life of the contracts.

A hedge can be constructed from many types of financial instruments, including stocks, exchange-traded funds, insurance, forward contracts, swaps, options, many types of over-the-counter and derivative products, and futures contracts.

6.2.7 Risk Combination

The risk and uncertainty for a single task may well be known with reasonable accuracy with respect to its cost and its proposed completion end date. Such as the risk is distributed over a number of issuers instead of putting it on a single issuer. This reduces the chances of default. For example it is better to have multiple suppliers instead of relying on a single supplier.

CHAPTER-7

TOOLS AVAILABLE

7.1 TOOLS AVAILABLE FOR MANAGING THE RISKS

7.1.1 Fault tree analysis (FTA) : It is now a commonly applied method to predict the failure probability or failure frequency of engineering systems in terms of the failure and repair parameters of the system components. The concept of expressing the system failure causes in a logic diagram, which became known as a fault tree, was established in the early 1960’s by Watson working at Bell Telephone Labs on the launch control system of the Minuteman intercontinental ballistic missile. The time-dependent methodology to quantify the system failure likelihood or frequency, known as kinetic tree theory was developed almost 10 years later by Vesely working at the Idaho Nuclear Corporation. Enhancements to the technique including the development of importance measures and initiator and enabler theory added to the capability. In recent years an alternative to kinetic tree theory for efficient and accurate fault tree quantification has been developed known as the Binary Decision Diagram method .Once constructed and appropriate data supplied for the basic events the analysis of the fault tree can be undertaken. Analysis produces two types of result: qualitative and quantitative.

i) Qualitative analysis produces the minimal combinations of basic (component failure) events which result in the system failure mode (top event). These are known as minimal cut sets.

ii) Quantitative results include the top event unavailability, unreliability or failure rate.

The top event parameters are defines as follows:

unavailability: Qsys(t), the probability that the system failure mode exists at time t

unreliability: Fsys(t) the probability that the system failure mode occurs at least once from time 0 to time t.

failure rate: the rate at which the system failure mode occurs

All of these quantities can be used to judge the acceptability of the system performance. If required the quantification can be extended to produce importance measures which identify the contribution each basic event makes to the top event.

FTA can be used to:

understand the logic leading to the top event / undesired state. show compliance with the (input) system safety / reliability requirements. prioritize the contributors leading to the top event - Creating the Critical

Equipment/Parts/Events lists for different importance measures. monitor and control the safety performance of the complex system (e.g., is a particular

aircraft safe to fly when fuel valve x malfunctions? For how long is it allowed to fly with the valve malfunction?).

minimize and optimize resources. assist in designing a system. The FTA can be used as a design tool that helps to create

(output / lower level) requirements. function as a diagnostic tool to identify and correct causes of the top event. It can help with

the creation of diagnostic manuals / processes.

7.1.1.1 Fault Tree Symbols And Construction

The basic symbols used in FTA are grouped as events, gates, and transfer symbols. Minor variations may be used in FTA software.

Event Symbols

Event symbols are used for primary events and intermediate events. Primary events are not further developed on the fault tree. Intermediate events are found at the output of a gate. The event symbols are shown below:

Basic event External event Undeveloped event Conditioning event Intermediate event

The primary event symbols are typically used as follows:

Basic event - failure or error in a system component or element (example: switch stuck in open position)

External event - normally expected to occur (not of itself a fault) Undeveloped event - an event about which insufficient information is available, or which is

of no consequence Conditioning event - conditions that restrict or affect logic gates (example: mode of

operation in effect)

An intermediate event gate can be used immediately above a primary event to provide more room to type the event description. FTA is top to bottom approach.

Gate Symbols

Gate symbols describe the relationship between input and output events. The symbols are derived from Boolean logic symbols:

OR gate AND gate Exclusive OR gate Priority AND gate Inhibit gate

The gates work as follows:

OR gate - the output occurs if any input occurs AND gate - the output occurs only if all inputs occur (inputs are independent) Exclusive OR gate - the output occurs if exactly one input occurs Priority AND gate - the output occurs if the inputs occur in a specific sequence specified by

a conditioning event Inhibit gate - the output occurs if the input occurs under an enabling condition specified by

a conditioning event

Transfer Symbols

Transfer symbols are used to connect the inputs and outputs of related fault trees, such as the fault tree of a subsystem to its system.

Transfer in Transfer out

FMEA is a system for analyzing the design of a product or service system to identify potential failures, then taking steps to counteract or at least minimize the risks from those failures.

The FMEA process begins by identifying “failure modes,” the ways in which a product, service or process could fail. A project team examines every element of a service, starting from the inputs and working through to the output delivered to the customer. At each step, the team asks “what could go wrong here?”

A key element of FMEA is analyzing three characteristics of failures:

1. How severe they are2. How often they occur3. How likely it is that they will be noticed when they occur

Typically, the project team scores each failure mode on a scale of 1 to 10 or 1 to 5 in each of these three areas, then calculates a Risk Priority Number (RPN):

RPN = (severity) x (frequency of occurrence) x (likelihood of detection)The idea is to focus improvement efforts on the failures that have the biggest impact on customers. The highest scoring failure modes are those that happen a lot, that are bad when they happen, and/or that are unlikely to be detected. Difficult-to-detect errors obviously are more likely to get through to customers.

The team then completes the FMEA analysis for the highest-scoring failure modes and for any that get the highest severity scores, even if they do not score that high overall. Obviously, a business wants to make sure any possible disaster is prevented, even if it is unlikely to occur. “Completing the analysis” means looking at the potential causes for the error mode, identifying ways to detect the problem, developing recommended actions, and assigning responsibility for monitoring the process and taking action when warranted.

Probability (P)

In this step it is necessary to look at the cause of a failure mode and the likelihood of occurrence. This can be done by analysis, calculations / FEM, looking at similar items or processes and the failure modes that have been documented for them in the past. A failure cause is looked upon as a design weakness. All the potential causes for a failure mode should be identified and documented. This should be in technical terms. Examples of causes are: Human errors in handling, Manufacturing induced faults, Fatigue, Creep, Abrasive wear, erroneous algorithms, excessive voltage or improper operating conditions or use (depending on the used ground rules). A failure mode is given an Probability Ranking.

Rating

Meaning

AExtremely Unlikely (Virtually impossible or No known occurrences on similar products or processes, with many running hours)

B Remote (relatively few failures)

C Occasional (occasional failures)

D Reasonably Possible (repeated failures)

E Frequent (failure is almost inevitable)

Severity (S)

Determine the Severity for the worst case scenario adverse end effect (state). It is convenient to write these effects down in terms of what the user might see or experience in terms of functional failures. Examples of these end effects are: full loss of function x, degraded performance, functions in reversed mode, too late functioning, erratic functioning, etc. Each end effect is given a Severity number (S) from, say, I (no effect) to VI (catastrophic), based on cost and/or loss of life or quality of life. These numbers prioritize the failure modes (together with probability and detectability). Below a typical classification is given. Other classifications are possible. See also hazard analysis.

Rating

Meaning

I No relevant effect on reliability or safety

IIVery minor, no damage, no injuries, only results in a maintenance action (only noticed by discriminating customers)

IIIMinor, low damage, light injuries (affects very little of the system, noticed by average customer)

IVModerate, moderate damage, injuries possible (most customers are annoyed, mostly financial damage)

VCritical (causes a loss of primary function; Loss of all safety Margins, 1 failure away from a catastrophe, severe damage, severe injuries, max 1 possible death )

VICatastrophic (product becomes inoperative; the failure may result complete unsafe operation and possible multiple deaths)

Detection (D)

The means or method by which a failure is detected, isolated by operator and/or maintainer and the time it may take. This is important for maintainability control (Availability of the system) and it is specially important for multiple failure scenarios. This may involve dormant failure modes (e.g. No direct system effect, while a redundant system / item automatic takes over or when the failure only is problematic during specific mission or system states) or latent failures (e.g. deterioration failure mechanisms, like a metal growing crack, but not a critical length). It should be made clear how the failure mode or cause can be discovered by an operator under normal system operation or if it can be discovered by the maintenance crew by some diagnostic action or automatic built in system test. A dormancy and/or latency period may be entered.

Rating Meaning

1 Certain - fault will be caught on test

2 Almost certain

3 High

4 Moderate

5 Low

6 Fault is undetected by Operators or Maintainers

After these three basic steps the Risk level may be provided.

Risk level (P*S) and (D)

Risk is the combination of End Effect Probability And Severity. Where probability and severity includes the effect on non-detectability (dormancy time). This may influence the end effect probability of failure or the worst case effect Severity. The exact calculation may not be easy in case multiple scenarios (with multiple events) are possible and detectability / dormancy plays a crucial role (as for redundant systems). In that case Fault Tree Analysis and/or Event Trees may be needed to determine exact probability and risk levels.

Preliminary Risk levels can be selected based on a Risk Matrix like shown below, based on Mil. Std. 882.The higher the Risk level, the more justification and mitigation is needed to provide evidence and lower the risk to an acceptable level. High risk should be indicated to higher level management, who are responsible for final decision making.

Probability / Severity -->

I II III IV V VI

A Low Low Low Low Moderate High

B Low Low Low Moderate High Unacceptable

C Low LowModerate

Moderate High Unacceptable

D Low ModerateModerate

HighUnacceptable

Unacceptable

EModerate

Moderate High UnacceptableUnacceptable

Unacceptable

After this step the FMEA has become like a FMECA.

7.1.1.2 Uses

Development of system requirements that minimize the likelihood of failures. Development of designs and test systems to ensure that the failures have been eliminated or

the risk is reduced to acceptable level.

Development and evaluation of diagnostic systems To help with design choices (trade-off analysis).

7.1.1.3 Advantages

Improve the quality, reliability and safety of a product/process

Improve company image and competitiveness Increase user satisfaction Reduce system development time and cost Collect information to reduce future failures, capture engineering knowledge Reduce the potential for warranty concerns Early identification and elimination of potential failure modes Emphasize problem prevention Minimize late changes and associated cost Catalyst for teamwork and idea exchange between functions Reduce the possibility of same kind of failure in future Reduce impact on company profit margin Improve production yield

7.1.2 PDPC :

The process decision program chart (PDPC) systematically identifies what might go wrong in a plan under development. Countermeasures are developed to prevent or offset those problems. By using PDPC, you can either revise the plan to avoid the problems or be ready with the best response when a problem occurs.

A useful way of planning is to break down tasks into a hierarchy, using a Tree Diagram. PDPC simply extends this chart a couple of levels to identify risks and countermeasures for the bottom level tasks, as in the diagram below. Different shaped boxes are used to highlight the risks and and countermeasures (they are often shown as 'clouds' to indicate their uncertain nature).

7.1.2.1 When to Use PDPC

Before implementing a plan, especially when the plan is large and complex.

When the plan must be completed on schedule.

When the price of failure is high.

7.1.2.2 PDPC Procedure

1. Obtain or develop a tree diagram of the proposed plan. This should be a high-level diagram showing the objective, a second level of main activities and a third level of broadly defined tasks to accomplish the main activities.

2. For each task on the third level, brainstorm what could go wrong.

3. Review all the potential problems and eliminate any that are improbable or whose consequences would be insignificant. Show the problems as a fourth level linked to the tasks.

4. For each potential problem, brainstorm possible countermeasures. These might be actions or changes to the plan that would prevent the problem, or actions that would remedy it once it occurred. Show the countermeasures as a fifth level, outlined in clouds or jagged lines.

5. Decide how practical each countermeasure is. Use criteria such as cost, time required, ease of implementation and effectiveness. Mark impractical countermeasures with an X and practical ones with an O.

Here are some questions that can be used to identify problems:

o What inputs must be present? Are there any undesirable inputs linked to the good inputs?

o What outputs are we expecting? Might others happen as well?

o What is this supposed to do? Is there something else that it might do instead or in addition?

o Does this depend on actions, conditions or events? Are these controllable or uncontrollable?

o What cannot be changed or is inflexible?

o Have we allowed any margin for error?

o What assumptions are we making that could turn out to be wrong?

o What has been our experience in similar situations in the past? 2

o How is this different from before?

o If we wanted this to fail, how could we accomplish that?

Process Decision Program Chart(PDPC) is a technique designed to help prepare contingency

plans. The emphasis of the PDPC is to identify the consequential impact of failure on activity

plans, and create appropriate contingency plans to limit risks. Process 3 diagrams and planning

tree diagrams are extended by a couple of levels when the PDPC is applied to the bottom level

tasks on those diagrams.

An example of PDPC used with a cutting machine is shown below.

 

7.1.3 Insurance - It is the most common risk management tool used in organizations. The insurance can be applied to any physical property like equipment in the organization in order to recover from the loss occurred due to damages. The risk management can prior analyse the risks causing damages to the organization and formulates insurance policy during any losses to the organization.

7.1.4 Risky calculations – This method of managing risk includes the process of continuous scanning of the risk at various phases in the business operations. It is the process of calculating the most occurring risks. These are identified by the priorities given to the risks during their occurrence with respect to its severity. Hence the risk management authority processes on the high priority risk by calculating the risk exposure. This calculation is obtained by the following methods:

o Risk exposure – The probability of the risk occurrence and total loss to the organisation provides the overall exposure of specific risk.

Risk Exposure, RE = Probability of occurring risk x Total loss due to risk

o Risk reduction leverage (RRL) – The value of the return on investment for countermeasures is obtained. The reduction in the risk exposure and cost of countermeasure helps in prioritising the possible countermeasures.

RRL = Reduction in Risk Exposure ÷ Cost of countermeasure

o Managing Risk: Once the risks are identified and calculated the following processes are performed to mitigate risk. This process is less in terms of cost and choosing the best plan can avoid risk exposures and provides a better action to perform. It includes the stages of identifying the risk and choosing plans to avoid, or reduce risk. If the method avoiding is considered, the risk management chooses the alternative actions to counterpart the risk else if it is reduction method, then it changes the current action by adding new action to reduce the risk. The contingency planning depends upon the risk exposure and reduction leverage.

Figure: depicts the concept of managing risk

7.2 QUANTITATIVE RISK MEASUREMENT

Quantitative risk measurement (QRA) is the process of estimating the occurring risks and providing methods to reduce risks so that the risks are evaluated and mitigated at acceptable levels. It also includes analyzing and classifying the identified risks and providing quantitative information during the decisions making process for choosing the best course of risk reduction

action. QRA is performed during the design of the new process in order to calculate the amount of risk present.

7.2.1 Based on sensitivity The sensitivity analysis during the process of risk determination provides a key to understand the elements causing overall risk. It includes the process of estimating the critical assumptions of the effective risks and implement methods to mitigate risk. The methods implemented for mitigating risks are compared with client’s risk tolerability qualitative criteria. If the risk exceeds the criteria, then the most cost effective risk reduction method is implemented.

7.2.2 Based on volatility The quantitative risk measurement based on volatility includes assessing the uncertainties occurring during business operations. The occurring changes are assessed and monitored for future implementation of countermeasures. It includes analysis of various data sets, operating processes, occurring elements, and affecting stakeholders. The current measurement of risk is analyzed and any immediate occurring changes are addressed by various simulation methods like Monte Carlo which consists of simple statistics for analyzing key strategic decisions.

7.2.3 Based on downside potential The quantitative risk measurement is usually considered with both threat and opportunities from occurring risks. If the organisation experiences only threat, then the quantitative risk measurement process is said to be potential downside. The risk process aims to manage both threats and opportunities so that the vital elements causing the risks can be estimated. This provides an insight of determining the upside phase (best estimation) and downside phase (worst case) of the risks. The potential shortfall in risk analysis includes data quality, interpretation and the actions to be applied to reduce risk.

CHAPTER-8

ADVANCED TOPICS IN

RISK MANAGEMENT

8.1 VALUE AT RISK

In financial mathematics and financial risk management, Value at Risk (VaR) is a widely used risk measure of the risk of loss on a specific portfolio of financial assets. For a given portfolio, probability and time horizon, VaR is defined as a threshold value such that the probability that the mark-to-market loss on the portfolio over the given time horizon exceeds this value (assuming normal markets and no trading in the portfolio) is the given probability level.

For example, if a portfolio of stocks has a one-day 5% VaR of $1 million, there is a 0.05 probability that the portfolio will fall in value by more than $1 million over a one day period if there is no trading. Informally, a loss of $1 million or more on this portfolio is expected on 1 day out of 20 days (because of 5% probability). A loss which exceeds the VaR threshold is termed a “VaR break.” Thus, VaR is a piece of jargon favored in the financial world for a percentile of the predictive probability distribution for the size of a future financial loss. In other words if you have a record of portfolio value over time then the VaR is simply the negative quantile function of those values.

CALCULATING VALUE-AT-RISK – STEP BY STEP

The generality of value-at-risk poses a computational challenge. In order to measure market risk in a portfolio using value-at-risk, some means must be found for determining the probability distribution of that portfolio’s market value. Obviously, the more complex a portfolio is—the more asset categories and sources of market risk it is exposed to—the more challenging that task becomes.

It is worth distinguishing two concepts:

A  value at risk measure is an algorithm with which we calculate a portfolio’s value-at-risk.

A value at risk  is our interpretation of the output of the value-at-risk measure.

A value-at-risk metric, such as one-day 90% USD VaR, is specified with three items: A time horizon A probability A currency

For a given value-at-risk metric, a value-at-risk measure calculates an amount of money, measured in that currency, such that there is that probability of the portfolio not loosing that amount of money over that horizon. In the terminology of mathematics, this is called a quantile, so one-day 90% USD VaR is just the .90-quantile of a portfolio’s one day loss.This is worth emphasizing: value-at-risk is a quantile of loss. The task of a value-at-risk measure is to calculate such a quantile.

For a given value-at-risk metric, measure time in units of the value-at-risk horizon. Let time 0 be now, so time 1 represents the end of the horizon. We know a portfolio’s current market value 0p. Its market value 1P at the end of the horizon is unknown. Define portfolio loss 1L as

1L = 0p – 1P [1]

If 0p exceeds 1P, the loss will be positive. If 0p is less than 1P, the loss will be negative, which is another way of saying the portfolio makes a profit.

Because we don’t know the portfolio’s future value 1P, we don’t know its loss 1L. Both are random variables, and we can assign them probability distributions. That is exactly what a value-at-risk measure does—in assigns a distribution to 1P and/or 1L, so it can calculate the desired quantile of 1L. Most typically, value-at-risk measures work directly with the distribution of 1P and use that to infer the quantile of 1L. This is illustrated in Exhibit 1 for a 90% VaR metric.

Exhibit 1: . A 90% VaR metric can be valued from the distribution of 1P. The .90-quantile

of 1L (the portfolio’s value-at-risk) equals the .10-quantile of 1P minus the portfolio’s current

value 0p. Other value-at-risk metrics can be valued similarly

Exhibit 1 shows how the .90-quantile of 1L (the portfolio’s value-at-risk) can be obtained as the .10-quantile of 1P minus the portfolio’s current value 0p. Other value-at-risk metrics can be valued similarly. So if we know the distribution for 1P, calculating value-at-risk is easy. The challenge for any value-at-risk measure is constructing that distribution of  1P. Value-at-risk measures do so in various ways, but all practical value-at-risk measures share certain features described below.

Because value-at-risk measures are probabilistic, they deal with various random financial variables. Three types are particularly significant and are given standard notation:

a portfolio value 1P; asset values 1Si ; and key factors 1Riasset values 1Si; and

key factors 1Ri.

We have portfolio value 1P, which is the portfolio’s market value at time 1—the end of the value-at-risk horizon. It has current value 0p. Mathematically, a portfolio is defined as an ordered pair (0p,1P).

Asset values 1Si represent the accumulated value at time 1 of individual assets held by the portfolio. Individual assets might be stocks, bonds, futures, options or other instruments. Current asset values are denoted 0si. Mathematically, we define an asset as an ordered pair (0si,1Si). The m asset values 1Si comprise an ordered set (or “vector”) called the asset vector, which we denote 1S. Its current value 0s is the ordered set of asset current values 0si.

[2]

Key factors 1Ri represent values at time 1 of financial variables that can be used to value the assets. Depending on the composition of the portfolio, key factors might represent exchange rates, interest rates, commodity prices, spreads, implied volatilities, etc. The n key factors 1Ri comprise an ordered set called the key vector, which we denote 1R. Value-at-risk measures utilize not only the current value 0r for the key vector but also other historical values –

1r, –2r,  –3r,  … , –αr:

[3]

Where are we going with this? The quantities 1P, 1Si and 1Ri are all random. But the portfolio’s value 1P is a function of the values 1Si of the assets it holds. Those in turn are a function of the key factors 1Ri. For example, a bond portfolio’s value 1P is a function of the values 1Si of the individual bonds it holds. Their values are in turn functions of applicable interest rates 1Ri. Because a function of a function is a function, 1P is a function θ of 1R:

1P = θ(1R) [4]

Value-at-risk measures apply time series analysis to historical data 0r, –1r, –2r, … , –αr  to construct a joint probability distribution for 1R. They then exploit the functional relationship θ between 1P and 1R to convert that joint distribution into a distribution for 1P. From that distribution for 1P, value-at-risk is calculated, as illustrated in Exhibit 1 above.

Let’s formalize this. Exhibit 2 summarizes the components common to all practical value-at-risk measures:

Exhibit 2: All practical value-at-risk measures accept portfolio holdings and historical market

data as inputs. They process these with a mapping procedure, inference procedure, and

transformation procedure. Output comprises the value of a value-at-risk metric. That value is the

value-at-risk measurement.

A value-at-risk measure accepts two inputs:

historical data 0r, –1r, –2r, … , –αr for 1R, and the portfolio’s holdings ω.

The portfolio holdings comprise a row vector ω whose components indicate the number of units held of each asset. For example, if a portfolio holds 1000 shares of IBM stock, 5000 shares of Google stock and a short position of 3000 shares of Microsoft stock, its holdings are

ω = (1000  5000  –3000) [5]

The two inputs—historical data and portfolio holdings—are processed separately by two procedures within the value-at-risk measure: An inference procedure applies methods of time series analysis to the historical data 0r, –1r, –2r, … , --αr to construct a joint distribution for 1R.

A mapping procedure uses the portfolio’s holdings ω to construct a function θ such that 1P = θ(1R).

The mapping procedure uses a set of pricing functions φi that value each asset 1Si in terms of 1R:1Si = φi(1R) [6]

For example, if asset 1S1 is a bond, pricing formula φ1 will be a bond pricing formula. If  asset 1S2 is an equity option, pricing formula φ2 will be an equity option pricing formula. A functional relationship 1P = θ(1R) is then defined as a weighted sum of the pricing formulas φi, with the weights being the holdings ωi:

1P = ω11S1 + ω2

1S2 + … + ωm1Sm [7]

= ω1φ1(1R) + ω2φ2(1R) + … + ωmφm(1R) [8]

This is called a primary mapping. If a portfolio is large or holds complex instruments, such as derivatives or mortgage-backed securities, a primary mapping may be computationally expensive to value. Many mapping procedures replace a primary mapping θ with a simpler

approximation  . Such approximations are called remappings. They can take many forms. Two common examples are remappings that are constructed, using the method of least squares, as either a linear polynomial or quadratic polynomial approximation of θ. Such remappings are called, respectively, linear remappings and quadratic remappings.

Most of the literature on value-at-risk is either elementary or theoretical, so remappings receive little mention. This is unfortunate. As a practical tool for making production value-at-risk measures tractable, remappings can be indispensable.

Returning to Exhibit 2, we have discussed the two inputs to a value-at-risk measure as well as the inference procedure and mapping procedure that process these. If you think about it, the two outputs of those procedures correspond to the two components of risk. As explained by Holton (2004), every risk has two components:

uncertainty exposure

In the context of market risk, we are uncertain if we don’t know what will happen in the markets. We are exposed if we have holdings in instruments traded in those markets. A value-at-risk measure characterizes uncertainty with the joint distribution for 1R constructed by its inference procedure. It characterizes exposure with the portfolio mapping θ constructed by its mapping procedure. A value-at-risk measure must combine those two components to measure a portolio’s market risk, and it does so with a transformation procedure.

A transformation procedure accepts as inputs a joint distribution for 1R, and a portfolio mapping θ, which can be either a primary mapping or a remapping.

It uses these to construct a distribution for 1P from which it calculates the portfolio’s value-at-risk.Transformation procedures take various forms, but there are essentially three types:

Linear Transformation procedures apply if the portfolio mapping θ is a linear polynomial. They employ a standard formula from probability theory for calculating the variance of a linear polynomial of a random vector. For certain asset categories, such as equities or futures, primary mappings can be liner polynomials. Alternatively, θ may be a linear remapping.

Quadratic Transformation procedures  apply if the portfolio mapping θ is a quadratic polynomial and the joint distribution of 1R is joint-normal. Primary mappings are almost never quadratic polynomials, so quadratic transformations assume use of a quadratic remapping.

Monte Carlo Transformation procedures employ the Monte Carlo method  and are applicable to all portfolio mappings. This advantage comes with potentially significant computational expense, as Monte Carlo transformation procedures entail revaluing the portfolio under numerous scenarios. A subcategory of Monte Carlo transformation procedures do not randomly generate scenarios but instead construct them directly from historical data for 1R. These are called historical transformation procedures.

Elementary treatments of value-at-risk often mention “methods” for calculating value-at-risk. Mostly, these reference the transformation procedures used. For example, the terms “parametric

method” or “variance-covariance method” refer to value-at-risk measures that employ a liner transformation procedure. The “delta-gamma method” refers to those that use a quadratic transformation procedure. The “Monte Carlo method” and “historical method” refer, of course, to value-at-risk measures that use Monte Carlo or historical transformation procedures.

8.1.1 Applications of VaR

Reforming trading organizations and amending capital allocation are the important areas for most of the businesses. As we have studied in the previous section, VaR can be applied for the enhancement of these areas. VaR can be applied for the following:

� Risk measurement - VaR delivers a complete and steady fashion in forward-looking evaluation of portfolio’s risk profile; and offers vital information about the overall risk profile of the firm. It would have been almost impossible to predict huge loss without VaR. VaR brings risks into picture by setting position limits.

� Risk management- VaR should also be used for risk management along with risk measurement to maximize the benefits of VaR. It is easy to evaluate the interaction of risk exposures when these exposures have been recognized and quantified. It helps to prioritize the risks which may have more variability to the earnings.

� Financial reporting - Various situations are performed, first with different asset allocation percentages, secondly by investigating the impacts of liquidity of trading assets and lastly by taking into account the possibilities of short selling in daily trading operations.

� Financial control - Although VaR depends on several assumptions, it helps to recognize the risks that may cause huge loss and analyse the allocation of finance to those particular risks.

� Computing regulatory capital- Internal risk rating system in managing credit risk are developed and utilized in banks. This is applied directly to corporate and project finance risk rating model which helps to govern regulatory capital requirements.

8.1.2 Limitations of VaR

We are aware that there is no perfect solution to any issue. In the same way, VaR also has certain limitations. The limitations of VaR are as follows:

� Estimation difficulties - The VaR calculated through different approaches provides different values. It is not always possible to calculate VaR through historical and simulation approaches as they provide different values. Using the VaR requires precise valuation of estimated VaR. The existing methods of measuring VaR accuracy are more complex.

� Creates false sense of security - VaR displays certain unfavorable properties like insufficient risk aggregation. Artzner and Delbaen (1998) illustrate that the VaR of a portfolio might be greater than the sum of individual VaR of the components. In certain instances, the framework of original VaR avoids variations. Uryasev (2000) solved this issue by recommending Conditional VaR (CVaR) as an alternative solution.

� Misjudge worst-case results - The understanding of normal VaR is uninformative regarding the potential loss which exceeds the normal VaR.

� The Normal VaR presents a non-convex multiextreme function. Hence, dissimilar to the mean-variance risk measures, it needs techniques of complex global optimization while analyzing the optimal values of portfolio elements.

� In certain cases, the VaR of a specific component doesn’t always explain effectively the VaR of the overall portfolio

� It does not properly incorporate positive results, thus failing to provide a complete picture.

� VaR is little problematic to use and is not an intelligent risk measure as its estimation is subjected to large errors. These drawbacks can be easily exploited by individuals within the company. But it does not mean that VaR is not a useful tool in risk management.

8.2 TIME VALUE OF MONEY

Refers to the ability to invest money and earn income or interest over a period of time. Thus, the point in time when the money will be paid becomes very important. The longer the delay in making a payment, the more interest that can be earned. The time value of money is a function of the interest rate paid and the amount of time the money is invested.

The time value of money is the premise that a fixed amount of money available today is more valuable/desired than the same amount of money available in the future. This premise can be generalized for economic resources (of which money is an embodiment by social contract). We can state two reasons to justify the premise for all resources: 1) We prefer to have in our control a resource today rather than in the future, because of the inherent uncertainty that characterizes any future event. We cannot be certain that we will acquire the resource in the future. 2) We prefer to have in our control a resource today rather than in the future, because we could use to our favor this resource in the meantime (this is a temporal version of the notion of "opportunity cost").

Especially for money, there is a third reason, namely the existence of inflation: given inflation, the same amount of money will buy tomorrow fewer goods than today. It must be noted however that while Uncertainty of the Future and Opportunity Cost, are rooted in the very foundations of human existence, inflation is a historical event that may change direction. In the case of "negative inflation", ie where money increases rather than loses its value as time passes, then "money tomorrow" tends to be more valuable than "money today" (or at least, it partially offsets the pull of the other two fundamental reasons given above towards the opposite direction). Nevertheless, in modern market economies, a consistent trend of negative inflation is absent for almost a century.

A fourth reason is the belief that maybe the money might not be around in the future. The borrower might not be around or the repayment contract could be lost. The currency could be abolished or a catastrophy could occur rendering money valueless.

DISCOUNT RATE

The time value of money can be easily quantified at a personal level. A person can ask herself, "What do I prefer, 100 euros today or XXX euros in a year from now?" When she finds the amount that makes her "indifferent", then she can calculate easily her Personal Discount Rate. Assume that given the question, "100 euros now or 120 euros in one year from now," a person replies, "it's all the same to me". Then this person's Yearly Personal Discount Rate (YPDR) is calculated as:

YDR = (120/100)-1 =1,2-1 =0,2 =20%

And in general terms

YPDR = (Equally preferred value in a year / Value today)-1

Note that YPDR quantifies together the effects of all the reasons given above that lead to "money tomorrow" being worth less than "money today".

If a person has calculated his own YPDR honestly, carefully, and rationally, and has tested it over a period of time for stability of preferences, he can then use it as a tool to assist him in taking economic decisions than involve different amounts and timings of money (to be given or to be received). Essentially, by using the discount rate, we can calculate what amount of money received or given today is -for us- equivalent with an amount of money to be received (or to be given) in the future.

Some standard calculations based on the time value of money are:

Present value  : The current worth of a future sum of money or stream of cash flows given a specified rate of return. Future cash flows are discounted at the discount rate, and the higher the discount rate, the lower the present value of the future cash flows. Determining the appropriate discount rate is the key to properly valuing future cash flows, whether they be earnings or obligations.

Present value of a future sum.

The present value formula is the core formula for the time value of money; each of the other formulae is derived from this formula. For example, the annuity formula is the sum of a series of present value calculations.

The present value (PV) formula has four variables, each of which can be solved for:

1. PV is the value at time=02. FV is the value at time=n3. i is the discount rate, or the interest rate at which the amount will be compounded

each period4. n is the number of periods (not necessarily an integer)

The cumulative present value of future cash flows can be calculated by summing the contributions of FVt, the value of cash flow at time t

Note that this series can be summed for a given value of n, or when n is ∞.

Present value of an   annuity :  An annuity is a series of equal payments or receipts that occur at evenly spaced intervals. Leases and rental payments are examples. The payments or receipts occur at the end of each period for an ordinary annuity while they occur at the beginning of each period for an annuity due.

Present value of a growing annuity

In this case each cash flow grows by a factor of (1+g). Similar to the formula for an annuity, the present value of a growing annuity (PVGA) uses the same variables with the addition of  g as the rate of growth of the annuity (A is the annuity payment in the first period). This is a calculation that is rarely provided for on financial calculators.

Where i ≠ g :

To get the PV of a growing annuity due, multiply the above equation by (1 + i).

Where i = g :

Future value   is the value of an asset or cash at a specified date in the future that is

equivalent in value to a specified sum today.

Future value of a present sum

The future value (FV) formula is similar and uses the same variables.

Future value of an annuity  (FVA) is the future value of a stream of payments (annuity),

assuming the payments are invested at a given rate of interest.

The future value of an annuity (FVA) formula has four variables, each of which can be solved for:

1. FV(A) is the value of the annuity at time = n

2. A is the value of the individual payments in each compounding period3. i is the interest rate that would be compounded for each period of time4. n is the number of payment periods

To get the FV of an annuity due, multiply the above equation by (1 + i).

8.2.1 REASONS FOR TIME VALUE OF MONEY

Money has time value because of the following reasons:1. Risk and Uncertainty : Future is always uncertain and risky. Outflow of cash is in our control as payments to parties are made by us.There is no certainty for future cash inflows. Cash inflows is dependent out on our Creditor, Bank etc. As an individual or firm is not certain about future cash receipts, it prefers receiving cash now.2. Inflation: In an inflationary economy, the money received today, has more purchasing power than the money to be received in future. In other words, a rupee today represents a greater real purchasing power than a rupee a year hence.3. Consumption: Individuals generally prefer current consumption to future consumption.4. Investment opportunities: An investor can profitably employ a rupee received today, to give him a higher value to be received tomorrow or after a certain period of time.

Thus, the fundamental principle behind the concept of time value of money is that, a sum of money received today, is worth more than if the same is received after a certain period of time. For example, if an individual is given an alternative either to receive ` 10,000 now or after one year, he will prefer ` 10,000 now. This is because, today, he may be in a position to purchase more goods with this money than what he is going to get for the same amount after one year.Thus, time value of money is a vital consideration in making financial decision.

Let us take some examples:

EXAMPLE 1: A project needs an initial investment of ` 1,00,000. It is expected to give a return of ` 20,000 per annum at the end of each year, for six years. The project thus involves a cash outflow of ` 1,00,000 in the ‘zero year’ and cash inflows of ` 20,000 per year, for six years. In order to decide, whether to accept or reject the project, it is necessary that the Present Valueof cash inflows received annually for six years is ascertained and compared with the initial investment of ` 1,00,000.The firm will accept the project only when the Present Value of cash inflows at the desired rate of interest exceeds the initial investment or at least equals the initial investment of ` 1,00,000.

EXAMPLE 2: A firm has to choose between two projects. One involves an outlay of ` 10 lakhs with a return of 12% from the first year onwards, for ten years. The other requires an investment of ` 10 lakhs with a return of 14% per annum for 15 years commencing with the beginning of the sixth year of the project. In order to make a choice between these two projects, it is necessary to

compare the cash outflows and the cash inflows resulting from the project. In order to make a meaningful comparison, it is necessary that the two variables are strictly comparable. It is possible only when the time element is incorporated in the relevant calculations. This reflects theneed for comparing the cash flows arising at different points of time in decision-making.

CHAPTER-9

LITERATURE SURVEY

9.1 GREATEST CHALLENGES FOR THE INSURANCE INDUSTRY

The insurance market is "hard" when premiums are high and underwriting standards are tight.

The insurance market is "soft" when premiums are low and underwriting standards are loose.

9.2 THE RISK OF INVESTING IN GOLD

The risks to owning gold include the following:

Gold fluctuates in price just like other assets. There are periods of time when gold is "expensive" in relation to the U.S. dollar. If an investor buys gold when it is selling at a high price in relation to the dollar and then sells it at a lower price, the investor will, of course, lose money.

There is an "opportunity cost" to owning gold as it does not pay interest as bonds, or money market accounts or savings accounts do. Nor does gold pay a dividend the way many stocks do. Instead, it just "sits there looking pretty" neither earning interest nor paying a dividend. If an investor owns gold during a period of time when it is not gaining in value (or worse is losing value), the investor will have lost out on the opportunity to earn income from having invested in an alternative asset. This opportunity cost can be significant, especially when the virtues of compound interest are considered.

When an investor purchases gold, attention needs to be given to how the gold will be safely stored. Storing gold coins in one's house is the equivalent of putting money under one's mattress: It is not a safe place to keep it. Some investors use safe deposit boxes (available at some banks) to store gold. Other investors purchase gold in a manner that does not require taking delivery on the gold. For instance, a gold exchange traded fund enables the purchase of gold without having to take possession of it as the gold is collectively stored for owners of the fund in some safe place, such as a bank vault.

While more a drawback than a risk, gold coins are considered "collectibles"; as such, the long term federal capital gains rate for gold is higher than for stocks (about 28% for gold coins versus 15% for stocks).

9.2.1 ANALYSIS:

MUMBAI, FEB. 5:  

The steep rise in gold prices over the past few years indicates that the risk involved in investment in gold has heightened, cautioned K. C. Chakrabarty, Deputy Governor, Reserve Bank of India.

This is a fact which is not recognized by people, he said at a Workshop on Financial Literacy.

Some basic concepts are not fully appreciated even by seemingly literate groups, resulting in assumption of excessive risks.

“One example that I often quote about the widespread financial illiteracy is the theory being floated around by the so-called ‘financial advisers’ about investment in gold being a ‘hedge against inflation’ and a ‘safe asset’,” said the Deputy Governor.

Given that the price of the yellow metal has surged in the last few years, Chakrabarty flagged the risks involved in investing in gold.

According to the RBI’s Financial Stability Report, the price of gold carries an ‘uncertainty premium’ arising from risk aversion among investors in recent years. This has caused an above-normal return that is not sustainable in the long term.

Since Indian households hold a significant quantity of gold, they face the risk of a correction in gold prices.

There has been a reduction in the share of financial assets in household savings as households’ preference for physical assets and valuables like gold seem to be rising, thereby adding to the pressure on the current account deficit (CAD). This is a worrying factor, said the report.

CAD arises when a country’s total imports of goods, services and transfers is greater than exports.

9.2.2 CURBS ON GOLD DEMAND

To tamp down the demand for gold, the Government has upped the Customs duty on gold imports from 4 per cent to 6 per cent.

Further, a RBI working group has suggested introduction of gold-linked financial products, which are not backed fully in physical form, to help reduce gold imports. Inflation-indexed bonds are also in the works to offer investors a hedge against inflation and dissuade them from gold investments.

According to the RBI’s Macroeconomic and Monetary Developments document for the third quarter, continuing large imports of oil and gold have resulted in a deterioration of the trade balance.

Further, low growth and uncertainty in advanced economies as well as emerging market and developing economies continued to affect exports in the third quarter of 2012-13.

The deterioration in trade balance (with imports outstripping exports) has led to the CAD-GDP ratio reaching a historical of 5.4 per cent in the August-September quarter of 2012-13.

Gold imports continue to account for a large part of India’s CAD. Also, the country accounts for a quarter of the world demand for gold.

9.3 THE RISK OF INVESTING IN BONDS

Investing in bonds, whether they are public or private, also carries risks, especially the insolvency risk (credit risk) and the interest rate risk. The credit risk of bonds is usually indicated by its rating.

Ratings give a long-term view of the likelihood of companies being able to meet their commitments, i.e. paying the interest and repaying the principal of the bonds they issue.

The three main international bond rating companies are Standard & Poor’s, Moody’s and Fitch. Although there are usually no major discrepancies between these companies’ scores, the methods they use to analyse and rate bonds are different.

Bonds with ratings of BBB or higher are considered to be investment grade. Any bond rated below this is considered to be high risk, i.e. a junk bond.

However, ratings can change as often as analysts review the company that issued the bonds. Whenever there is a change in the company or in its economic environment, analysts review its rating.

The table below shows the different bond ratings given by two of the main rating agencies, Moody’s and Standard & Poor’s

Moody’s Standard & Poor’s Degree of Investor Protection

Investment Grade

Aaa AAA Extremely strongAa AA Very strongA A Strong but susceptible to

changes in certain economic

conditionsBaa BBB Adequate protection but these

protective components may be deficient and likely to delay repayments in the event of changes in economic circumstances

Junk BondBa BB Greater uncertainties and

questionable financial securityB B Assurance of payment over

any long period of time is small

Caa CCC Securities of very poor standing

Ca CC Highly vulnerable to defaultC C May already be in default

D In default

9.3.1 Data Analysis

9.4 RISK MANAGEMENT AT ICICI

In March 1999, ICICI filed a suit in the Debt Recovery Tribunal, Delhi against Esslon Synthetics Limited and its Managing Director (in his capacity as guarantor) for recovery of amounts totaling Rs. 169 million (US$ 3 million) due from Esslon Synthetics. In May 2001, the guarantor filed a counterclaim for an amount of Rs. 1.0 billion (US$ 21 million) against ICICI and other lenders who had extended financial assistance to Esslon Synthetics on the grounds that he had been coerced by officers of the lenders into signing an agreement between LML Limited, Esslon Synthetics and the lenders on account of which he suffered, among other things, loss of business. The matter is currently pending before the Debt Recovery Tribunal, Delhi.

In April 1999, ICICI filed a suit before the High Court of Judicature at Bombay against Mardia Chemicals Limited for recovery of amounts totaling Rs. 1.4 billion (US$ 29 million) due from Mardia Chemicals. The suit was subsequently transferred to the Debt Recovery Tribunal, Mumbai. In July 2002, ICICI Bank issued a notice to Mardia Chemicals under the Securitization and Reconstruction of Financial Assets and Enforcement of Security Interest Ordinance, 2002 (subsequently passed as an Act by the Indian Parliament) demanding payment of its outstanding dues. In August 2002, Mardia Chemicals filed a suit in the city civil court at Ahmedabad against ICICI Bank, Mr. K. V. Kamath, Managing Director and Chief Executive Officer and Ms. Lalita D. Gupte, Joint Managing Director, for an amount of Rs. 56.3 billion (US$ 1.2 billion) on the grounds that Mardia Chemicals has allegedly suffered financial losses on account of ICICI’s failure to provide adequate financial facilities, ICICI’s recall of the advanced amount and ICICI’s filing of a recovery action against it.

The city civil court held that the suit should have been filed in the pending proceedings before the Debt Recovery Tribunal, Mumbai. Mardia Chemicals filed an appeal before the High Court of Gujarat, which dismissed the appeal and ordered that the claim against ICICI Bank be filed before the Debt Recovery Tribunal, Mumbai and the claim against Mr. K.V. Kamath and Ms. Lalita D. Gupte be continued before the city civil court at Ahmedabad. In June 2003, the promoters of Mardia Chemicals in their capacity as guarantors of loans given by ICICI to Mardia Chemicals filed a civil suit in the city civil court at Ahmedabad against ICICI Bank for an amount of Rs. 20.8 billion (US$ 437 million) on the grounds of loss of investment and loss of

profit on investments. The pleadings in the matter are yet to be completed. Mardia Chemicals had also filed a petition in the High Court, Delhi, challenging the constitutional validity of the Securitization and Reconstruction of Financial Assets and Enforcement of Security Interest Ordinance, 2002. The matter has since been transferred to the Supreme Court of India, where it is currently pending.

9.5 THE CHANGING RISK IN AGRICULTURE FROM GLOBALIZATION AND VOLATILITYBy Dr. J. Shannon Neibergs

Through globalization, the world economy is becoming increasingly interdependent and economic risks are increasing in unexpected areas. A recent example is the devastating financial collapse of MF Global, which was a leading agricultural commodities broker serving as a clearing house for agricultural commodity futures market transactions until it declared bankruptcy in October 2011. MF Global used client funds to purchase high risk European bonds that defaulted which in-turn caused a liquidity crisis for MF Global. Estimated client losses are up to 1.2 billion dollars. The counter party default of MF Global was unexpected and is an example of the increasingly complex risks from globalization that agricultural producers need to be made aware of through risk management education.

As agricultural commodity markets become increasingly intertwined through globalization, market and financial risks are magnified in terms of price volatility. Volatility is defined as the variation in price over time. Increasing volatility in prices and input costs is evident across agriculture. Several grain , livestock and fruit and vegetable commodities reached record high prices in 2011. Fertilizer costs have become highly volatile due to globalization in production as well as demand. Volatility greatly increases financial risk because producers have to commit financial resources to produce their crops before knowing their crop yield and in many cases price. Producers can easily be caught in a profitability squeeze if volatility increases production costs but decreases sale prices. Producers need risk management education to understand and manage the changing risks due to increased volatility.

Evidence of increased volatility from the corn market shows that from January to July 2011, 68 corn futures contract months settled at the regulated price limit move, compared to 36 corn futures contract limit moves in all of 2010. In response to increased market volatility, the CME Group received regulatory approval to increase the daily price limit move on its corn futures market contracts in August, 2011. Some market participants are concerned that increased price limits will increase price volatility and in-turn margin call requirements. Some agricultural producers may have difficulty in meeting increased margin call requirements while country elevators are concerned about their ability to finance margin requirements. This could adversely

affect their ability to offer forward contracts to farmers. Hedging market risk using forward and futures market contracts have been widely recommended as risk management tools. Risk management education provides producers tools and knowledge to implement risk reducing strategies that work to increase their long-term profitability.

Dr. J. Shannon Neibergs is the Director of the Western Center for Risk Management Education with Washington State University Extension

CHAPTER-10

BENEFITS AND

LIMITATIONS

10.1 BENEFITS

Risk management is a process which provides assurance that:

objectives are more likely to be achieved; damaging things will not happen or are less likely to happen; beneficially things will be or are more likely to be achieved.

It is not a process for avoiding risk. The aim of risk management is not to eliminate risk, rather to

manage the risks involved

The potential benefits from risk management are :

supporting strategic and business planning; supporting effective use of resources; promoting continuous improvement; fewer shocks and unwelcome surprises; quick grasp of new opportunities; reassuring stakeholders; helping focus internal audit programme;

10.2 LIMITATIONS

Prioritizing the risk management processes too highly could keep an organization from ever completing a project or even getting started. This is especially true if other work is suspended until the risk management process is considered complete.

It is also important to keep in mind the distinction between risk and uncertainty. Risk can be measured by impacts x probability.

If risks are improperly assessed and prioritized, time can be wasted in dealing with risk of losses that are not likely to occur. Spending too much time assessing and managing unlikely risks can divert resources that could be used more profitably. Unlikely events do occur but if the risk is unlikely enough to occur it may be better to simply retain the risk and deal with the result if the loss does in fact occur. Qualitative risk assessment is subjective and lacks consistency. The primary justification for a formal risk assessment process is legal and bureaucratic.

CHAPTER-11RECOMMENDATIONS

AND CONCLUSION

11.1 FINAL RECOMMENDATIONS

There should be sound co-operation between industries, Government and other interested stakeholders of the industry.

There should be scientifically sound risk assessment methods.

There should be transparency in the review and utilization of risk assessment data.

There should be support for the precautionary approach.

There should be proper maintenance of plant.

There should be separate section in the company for risk management.

There is need of standardization of risk assessment principles and methodologies.

11.1.1 MODEL FOR SYSTEM LEVEL RISK ASSESSMENT

The following may be used to assist in making preliminary judgments regarding risk classifications:

Low Risk Moderate Risk High Risk

Consequences Insignificant cost, schedule, or technicalimpact

Affects program objectives, cost, or schedule; however cost, schedule, performance areachievable

Significant impact, requiring reserve or alternate courses ofaction to recover

Probability of Occurrence

Little or no estimated likelihood

Probability sufficiently high to be of concern to management

High likelihood ofoccurrence

Extent of Demonstration

Full-scale, integrated technology has been demonstrated previously

Has been demonstrated but design changes, tests in relevant environments required

Significant designchanges required inorder to achieverequired/desiredresults

Existence of Capability

Capability exists in known products; requires integration into new system

Capability exists, but not at performance levels required for new system

Capability does notcurrently exist

11.2 CONCLUSION

The essence of risk management is not avoiding or eliminating risk but deciding which risks to exploit, which ones to let pass through to investors, and which ones to avoid or hedge. In this chapter, we focused on exploitable risks by presenting evidence on the payoff to taking risk. Although there is evidence that higher risk taking, in the aggregate, leads to higher returns, there is also enough evidence to the contrary (that is, risk taking can be destructive) to suggest that firms should be careful about which risk they expose themselves to.

Risk management underscores the fact that the survival of an organization depends heavily on its capabilities to anticipate and prepare for the change rather than just waiting for the change and react to it. The objective of risk management is not to prohibit or prevent risk taking activity, but to ensure that the risks are consciously taken with full knowledge, clear purpose and understanding so that it can be measured and mitigated. It also prevents an institution from suffering unacceptable loss causing an institution to fail or materially damage its competitive position. Functions of risk management should actually be bank specific dictated by the size and quality of balance sheet, complexity of functions, technical/ professional manpower and the status of MIS in place in that bank. There may not be one-size-fits-all risk management module for all the banks to be made applicable uniformly. Balancing risk and return is not an easy task as risk is subjective and not quantifiable where as return is objective and measurable. If there exist a way of converting the subjectivity of the risk into a number then the balancing exercise would be meaningful and much easier.

Banking is nothing but financial inter-mediation between the financial savers on the one hand and the funds seeking business entrepreneurs on the other hand. As such, in the process of providing financial services, commercial banks assume various kinds of risks both financial and non-financial. Therefore, banking practices, which continue to be deep routed in the philosophy of securities based lending and investment policies, need to change the approach and mindset, rather radically, to manage and mitigate the perceived risks, so as to ultimately improve the quality of the asset portfolio.

As in the international practice, a committee approach may be adopted to manage various risks. Risk Management Committee, Credit Policy Committee, Asset Liability Committee, etc are such

committees that handle the risk management aspects. While a centralized department may be made responsible for monitoring risk, risk control should actually take place at the functional departments as it is generally fragmented across Credit, Funds, Investment and Operational areas. Integration of systems that includes both transactions processing as well as risk systems is critical for implementation.

In a scenario where majority of profits are derived from trade in the market, one can no longer afford to avoid measuring risk and managing its implications thereof. Crossing the chasm will involve systematic changes coupled with the characteristic uncertainty and also the pain it brings and it may be worth the effort. The engine of the change is obviously the evolution of the market economy abetted by unimaginable advances in technology, communication, transmission of related uncontainable flow of information, capital and commerce through out the world. Like a powerful river, the market economy is widening and breaking down barriers. Government’s role is not to block that flow, but to accommodate it and yet keep it sufficiently under control so that it does not overflow its banks and drown us with the associated risks and undesirable side effects.

To the extent the bank can take risk more consciously, anticipates adverse changes and hedges accordingly, it becomes a source of competitive advantage, as it can offer its products at a better price than its competitors. What can be measured can mitigation is more important than capital allocation against inadequate risk management system. Basel proposal provides proper starting point for forward-looking banks to start building process and systems attuned to risk management practice. Given the data-intensive nature of risk management process, Indian Banks have a long way to go before they comprehend and implement Basel II norms, in to-to.

The effectiveness of risk measurement in banks depends on efficient Management Information System, computerization and net working of the branch activities. The data warehousing solution should effectively interface with the transaction systems like core banking solution and risk systems to collate data. An objective and reliable data base has to be built up for which bank has to analyze its own past performance data relating to loan defaults, trading losses, operational losses etc., and come out with bench marks so as to prepare themselves for the future risk management activities. Any risk management model is as good as the data input. With the onslaught of globalization and liberalization from the last decade of the 20th Century in the Indian financial sectors in general and banking in particular, managing Transformation would be the biggest challenge, as transformation and change are the only certainties of the future.