Total Risk Management
-
Upload
yashvi-chitalia -
Category
Documents
-
view
481 -
download
1
Transcript of Total Risk Management
Total Risk Management
DONE BY:
YASHVI CHITALIA (10)
NIKHIL DOSHI (11)
HEENA GADIA (14)
JAY JAIN (21)
KINJAL MEHTA (34)
PRACHI MEHTA (36)
KINJAL RATHOD (46)
VISHAL SANGHAVI (49)
MONIL SONAIYA (56)
NIKITA TORKA (59)
Total Risk Management
ACKNOWLEDGEMENT
We would like to express our gratitude to our teacher in charge Prof.Murugank Kapadia for giving us this opportunity of working on this project and guiding us throughout the course of the project.
2
Total Risk Management
INDEX
SR NO. TOPIC PAGE NO.
1 Introduction 3
2 Principles of Risk Management 5
3 Potential Risk Treatments 10
4 Importance of Risk Management 13
5 Types of Risk Management 13
6 Application of Financial Risk Management 18
7 Risk Management, Corporate Governance & Public Corporation 32
8 Summary & Conclusion 40
3
Total Risk Management
INTRODUCTION: Risk management is the identification, assessment, and prioritization of risks (defined in ISO
31000 as the effect of uncertainty on objectives, whether positive or negative) followed by
coordinated and economical application of resources to minimize, monitor, and control the
probability and/or impact of unfortunate events or to maximize the realization of
opportunities.
Risks can come from uncertainty in financial markets, project failures, legal liabilities, credit
risk, accidents, natural causes and disasters as well as deliberate attacks from an adversary.
Several risk management standards have been developed including the Project
Management Institute, the National Institute of Science and Technology, actuarial societies,
and ISO standards.
Methods, definitions and goals vary widely according to whether the risk management
method is in the context of project management, security, engineering, industrial processes,
financial portfolios, actuarial assessments, or public health and safety.
The strategies to manage risk include transferring the risk to another party, avoiding the
risk, reducing the negative effect of the risk, and accepting some or all of the consequences
of a particular risk.
Certain aspects of many of the risk management standards have come under criticism for
having no measurable improvement on risk even though the confidence in estimates and
decisions increase.
In ideal risk management, a prioritization process is followed whereby the risks with the
greatest loss and the greatest probability of occurring are handled first, and risks with lower
probability of occurrence and lower loss are handled in descending order. In practice the
process can be very difficult, and balancing between risks with a high probability of
occurrence but lower loss versus a risk with high loss but lower probability of occurrence
can often be mishandled.
Intangible risk management identifies a new type of a risk that has a 100% probability of
occurring but is ignored by the organization due to a lack of identification ability. For
4
Total Risk Management
example, when deficient knowledge is applied to a situation, a knowledge risk materializes.
Relationship risk appears when ineffective collaboration occurs. Process-engagement risk
may be an issue when ineffective operational procedures are applied.
These risks directly reduce the productivity of knowledge workers, decrease cost
effectiveness, profitability, service, quality, reputation, brand value, and earnings quality.
Intangible risk management allows risk management to create immediate value from the
identification and reduction of risks that reduce productivity.
Risk management also faces difficulties in allocating resources. This is the idea
of opportunity cost. Resources spent on risk management could have been spent on more
profitable activities. Again, ideal risk management minimizes spending and minimizes the
negative effects of risks.
Method:For the most part, these methods consist of the following elements, performed, more or less, in
the following order:
identify, characterize, and assess threats
assess the vulnerability of critical assets to specific threats
determine the risk (i.e. the expected consequences of specific types of attacks on
specific assets)
identify ways to reduce those risks
prioritize risk reduction measures based on a strategy
5
Total Risk Management
Principles of risk management:
The International Organization for Standardization (ISO) identifies the following principles of
risk management
Risk management should:
create value
be an integral part of organizational processes
be part of decision making
explicitly address uncertainty
be systematic and structured
be based on the best available information
be tailored
take into account human factors
be transparent and inclusive
be dynamic, iterative and responsive to change
be capable of continual improvement and enhancement
6
Total Risk Management
Process:According to the standard ISO 31000 "Risk management -- Principles and guidelines on
implementation," the process of risk management consists of several steps as follows:
o Establishing the context Establishing the context involves:
1. Identification of risk in a selected domain of interest
2. Planning the remainder of the process.
3. Mapping out the following:
the social scope of risk management
the identity and objectives of stakeholders
the basis upon which risks will be evaluated, constraints.
4. Defining a framework for the activity and an agenda for identification.
5. Developing an analysis of risks involved in the process.
6. Mitigation or Solution of risks using available technological, human and organizational
resources.
o Identification:
After establishing the context, the next step in the process of managing risk is to identify
potential risks. Risks are about events that, when triggered, cause problems. Hence, risk
identification can start with the source of problems, or with the problem itself.
Source analysis : Risk sources may be internal or external to the system that is the target of
risk management.
Examples of risk sources are: stakeholders of a project, employees of a company or the weather
over an airport.
7
Total Risk Management
Problem analysis: Risks are related to identified threats. For example: the threat of losing
money, the threat of abuse of privacy information or the threat of accidents and casualties.
The threats may exist with various entities, most important with shareholders, customers
and legislative bodies such as the government.
The chosen method of identifying risks may depend on culture, industry practice and compliance. The identification methods are formed by templates or the development of templates for identifying source, problem or event. Common risk identification methods are:
Objectives-based risk identification: Organizations and project teams have objectives. Any event that may endanger achieving an objective partly or completely is identified as risk.
Scenario-based risk identification scenario analysis . In different scenarios are created. The scenarios may be the alternative ways to achieve an objective, or an analysis of the interaction of forces in, for example, a market or battle. Any event that triggers an undesired scenario alternative is identified as risk - see Futures Studies for methodology used by Futurists.
Taxonomy-based risk identification The taxonomy in taxonomy-based risk identification is a breakdown of possible risk sources. Based on the taxonomy and knowledge of best practices, a questionnaire is compiled. The answers to the questions reveal risks.
Common-risk checking In several industries, lists with known risks are available. Each risk in the list can be checked for application to a particular situation.
Risk charting This method combines the above approaches by listing resources at risk, Threats to those resources Modifying Factors which may increase or decrease the risk and Consequences it is wished to avoid. Creating a matrix under these headings enables a variety of approaches. One can begin with resources and consider the threats they are exposed to and the consequences of each. Alternatively one can start with the threats and examine which resources they would affect, or one can begin with the consequences and determine which combination of threats and resources would be involved to bring them about.
8
Total Risk Management
o Assessment:
Once risks have been identified, they must then be assessed as to their potential severity of
loss and to the probability of occurrence.
These quantities can be either simple to measure, in the case of the value of a lost building,
or impossible to know for sure in the case of the probability of an unlikely event occurring.
Therefore, in the assessment process it is critical to make the best educated guesses
possible in order to properly prioritize the implementation of the risk management plan.
The fundamental difficulty in risk assessment is determining the rate of occurrence since
statistical information is not available on all kinds of past incidents. Furthermore, evaluating
the severity of the consequences (impact) is often quite difficult for immaterial assets.
Asset valuation is another question that needs to be addressed. Thus, best educated
opinions and available statistics are the primary sources of information. Nevertheless, risk
assessment should produce such information for the management of the organization that
the primary risks are easy to understand and that the risk management decisions may be
prioritized.
Thus, there have been several theories and attempts to quantify risks. Numerous different
risk formulae exist, but perhaps the most widely accepted formula for risk quantification is:
Rate of occurrence multiplied by the impact of the event equals risk
Composite Risk Index:
The above formula can also be re-written in terms of a Composite Risk Index, as follows: Composite Risk Index = Impact of Risk event x Probability of Occurrence The impact of the risk event is assessed on a scale of 0 to 5, where 0 and 5 represent the
minimum and maximum possible impact of an occurrence of a risk (usually in terms of financial losses).
The probability of occurrence is likewise assessed on a scale from 0 to 5, where 0 represents a zero probability of the risk event actually occurring while 5 represents a 100% probability of occurrence.
9
Total Risk Management
The Composite Index thus can take values ranging from 0 through 25, and this range is usually arbitrarily divided into three sub-ranges. The overall risk assessment is then Low, Medium or High, depending on the sub-range containing the calculated value of the Composite Index. For instance, the three sub-ranges could be defined as 0 to 8, 9 to 16 and 17 to 25.
10
Total Risk Management
Potential risk treatments:Once risks have been identified and assessed, all techniques to manage the risk fall into one or
more of these four major categories
Avoidance (eliminate, withdraw from or not become involved)
Reduction (optimise - mitigate)
Sharing (transfer - outsource or insure)
Retention (accept and budget)
Risk avoidance:
This includes not performing an activity that could carry risk. An example would be not
buying a property or business in order to not take on the legal liability that comes with it.
Another would be not be flying in order to not take the risk that the airplane were to
be hijacked.
Avoidance may seem the answer to all risks, but avoiding risks also means losing out on the
potential gain that accepting (retaining) the risk may have allowed. Not entering a business
to avoid the risk of loss also avoids the possibility of earning profits.
Risk reduction:
Risk reduction or "optimization" involves reducing the severity of the loss or the likelihood
of the loss from occurring. For example, sprinklers are designed to put out a fire to reduce
the risk of loss by fire. This method may cause a greater loss by water damage and
therefore may not be suitable. Halon fire suppression systems may mitigate that risk, but
the cost may be prohibitive as a strategy.
Acknowledging that risks can be positive or negative, optimizing risks means finding a
balance between negative risk and the benefit of the operation or activity; and between risk
11
Total Risk Management
reduction and effort applied. By an offshore drilling contractor effectively applying HSE
Management in its organization, it can optimize risk to achieve levels of residual risk that
are tolerable.[
Modern software development methodologies reduce risk by developing and delivering
software incrementally. Early methodologies suffered from the fact that they only delivered
software in the final phase of development; any problems encountered in earlier phases
meant costly rework and often jeopardized the whole project. By developing in iterations,
software projects can limit effort wasted to a single iteration.
Outsourcing could be an example of risk reduction if the outsourcer can demonstrate higher
capability at managing or reducing risks. For example, a company may outsource only its
software development, the manufacturing of hard goods, or customer support needs to
another company, while handling the business management itself. This way, the company
can concentrate more on business development without having to worry as much about the
manufacturing process, managing the development team, or finding a physical location for a
call center.
Risk sharing:
Briefly defined as "sharing with another party the burden of loss or the benefit of gain, from
a risk, and the measures to reduce a risk."
The term of 'risk transfer' is often used in place of risk sharing in the mistaken belief that
you can transfer a risk to a third party through insurance or outsourcing.
In practice if the insurance company or contractor go bankrupt or end up in court, the
original risk is likely to still revert to the first party. As such in the terminology of
practitioners and scholars alike, the purchase of an insurance contract is often described as
a "transfer of risk." However, technically speaking, the buyer of the contract generally
retains legal responsibility for the losses "transferred", meaning that insurance may be
described more accurately as a post-event compensatory mechanism.
12
Total Risk Management
For example, a personal injuries insurance policy does not transfer the risk of a car accident
to the insurance company. The risk still lies with the policy holder namely the person who
has been in the accident. The insurance policy simply provides that if an accident (the
event) occurs involving the policy holder then some compensation may be payable to the
policy holder that is commensurate to the suffering/damage.
Some ways of managing risk fall into multiple categories. Risk retention pools are technically
retaining the risk for the group, but spreading it over the whole group involves transfer
among individual members of the group. This is different from traditional insurance, in that
no premium is exchanged between members of the group up front, but instead losses are
assessed to all members of the group.
Risk retention:
Involves accepting the loss, or benefit of gain, from a risk when it occurs. True self
insurance falls in this category.
Risk retention is a viable strategy for small risks where the cost of insuring against the risk
would be greater over time than the total losses sustained. All risks that are not avoided or
transferred are retained by default.
This includes risks that are so large or catastrophic that they either cannot be insured
against or the premiums would be infeasible.
War is an example since most property and risks are not insured against war, so the loss
attributed by war is retained by the insured. Also any amounts of potential loss (risk) over
the amount insured are retained risk.
This may also be acceptable if the chance of a very large loss is small or if the cost to insure
for greater coverage amounts is so great it would hinder the goals of the organization too
much.
13
Total Risk Management
Importance of Risk Management
• Risk Management is essential not only for prevention of risk but also for reduction of
risks.
• Risk Management leads to maximum social advantages and plays a significant role in
bringing about social, political and economic development in a country.
• The process of risk management helps focus on priorities and in decisions on deploying
limited resources to deal with the highest risks.
Types of Risk Management:There are different types of risk management and the characteristics and procedures of each
type of risk management is different from the other.
All these risk management processes play a significant role behind the growth of an
organization in the long term.
Commercial enterprises apply various forms of risk management procedures to handle different
risks because they face a variety of risks while carrying out their business operations.
Effective handling of risk ensures the successful growth of an organization.
Various types of risk management can be categorized into the following:
Operational risk management:
Operational risk management deals with technical failures and human errors
Financial risk management:
Financial risk management handles non-payment of clients and increased rate of interest
Market risk management:
Deals with different types of market risk, such as interest rate risk, equity risk, commodity
risk, and currency risk
Credit risk management:
Deals with the risk related to the probability of nonpayment from the debtors
14
Total Risk Management
Quantitative risk management: In quantitative risk management, an effort is carried out to
numerically ascertain the possibilities of the different adverse financial circumstances to
handle the degree of loss that might occur from those circumstances
Commodity risk management: Handles different types of commodity risks, such as price
risk, political risk, quantity risk and cost risk
Bank risk management: Deals with the handling of different types of risks faced by the
banks, for example, market risk, credit risk, liquidity risk, legal risk, operational risk and
reputational risk
Nonprofit risk management: This is a process where risk management companies offer risk
management services on a non-profit seeking basis
Currency risk management: Deals with changes in currency prices
Enterprise risk management: Handles the risks faced by enterprises in accomplishing their
goals
Project risk management: Deals with particular risks associated with the undertaking of a
project
Integrated risk management: Integrated risk management refers to integrating risk data
into the strategic decision making of a company and taking decisions, which take into
account the set risk tolerance degrees of a department. In other words, it is the supervision
of market, credit, and liquidity risk at the same time or on a simultaneous basis.
Technology risk management: It is the process of managing the risks associated with
implementation of new technology
Software risk management: Deals with different types of risks associated with
implementation of new softwares
Operational risk management is an important form of risk management. In commercial
enterprises, operational risk management is the supervision of different types of
operational risk occurring on a daily basis.
Operational risk management is also known as ORM.
With the help of operational risk management, various types of operational risks are
managed that occur on a daily basis.
15
Total Risk Management
Important Advantages of Operational Risk Management:Following are the most important advantages of operational risk management:
Decrease in losses arising from operations
Reduced auditing/compliance expenses
Decreased vulnerability to risks in the future
Early sensing of illegitimate functions
Types of Operational Risk:According to the Basel Committee on Banking Supervision, the events, which lead to
operational risks, can be categorized into the following types:
External Fraud: Risk arising from fraudulent activities from a third party, for example,
robbery, theft, phishing or hacking.
Internal Fraud: Risk arising from fraudulent activities from internal parties.
Products, Customers and Business Practices: Risk resulting from inadvertent or careless
failure to satisfy a professional responsibility to particular customers (involving fiducial and
appropriateness necessities) or from the characteristics of configuration of a commodity.
Workplace safety and employment practices: Risk arising from non-compliance with
health, employment, or safety acts or from disbursal of claims related to personal injury or
from inequality/unfair treatment
System failure and business interruptions: Risk resulting from interruptions of business
operations or system breakdown. These include telecommunication, computer software, or
computer hardware failure and equipment failure.
Damages to tangible properties: Risk resulting from damages or losses of tangible
properties due to natural calamity or other occurrences.
Execution, supply and process management: Risk arising from failure in process
management or transaction processing due to poor association with vendors and
commercial service providers. These involve the following:
16
Total Risk Management
o Performance & maintenance miscommunication
o Transaction seizure
o Missed responsibility or deadline
o Data entry, preservation or loading fault
o Accounting mistake
o System/Model malfunctioning
o Failure in delivery
o Entity assignment fault
o Failure in reference data preservation
o Failure from collateral management
o Unsuccessful compulsory reporting liability
o Reporting & monitoring failure
o Client Intake & Paperwork
o Erroneous external report (incurring loss)
o Incomplete or misplaced legal documents
o Overlooked client disclaimers/permissions
o Unauthorized access offered to accounts
o Client/Customer Account Management
o Careless damage or loss of customer assets
o Inappropriate customer records (incurring loss)
o Failure on behalf of commercial partners and non-client vendors and vendor
disagreements
Operational Risk Management Software:At the present time, a number of software products have been introduced for the purpose of
operational risk management according to the Sarbanes-Oxley Act. With the help of this
software, financial audit can be performed at cheaper expenses. Forrester Research has
recognized 115 Risk and Compliance and Governance marketers, which deal with operational
risk management programs.
17
Total Risk Management
Financial risk management:
Financial risk management is a method of producing or adding value to a company through
utilizing financing mediums for handling vulnerability to risk, specifically market risk and
credit risk. Financial risk management is an important form of risk management.
Financial risk management is a type of risk management, which tries to add value in a
company through implementation of financing mediums (cash instruments and derivative
instruments) to handle risk exposure, especially from market risk and credit risk.
With the help of financial risk management, a number of financial risks can be handled,
which include the following:
Shape risk
Foreign exchange risk
Sector risk
Volatility risk
Inflation risk
Liquidity risk
The process of financial risk management involves identification of financial risk, evaluating
the financial risk and strategies to deal with those risks.
Financial risk management concentrates on the appropriate time and manner for hedging
implementation of cash instruments and derivative instruments to address pricey risk
exposures.
In the banking industry all over the world, the Basel Accords are usually chosen by
multinational or global banking institutions for identifying, describing and disclosing credit
risk, operational risk and market risks.
18
Total Risk Management
Application of Financial Risk Management:
Theories of financial economics suggest that a company should go for a project at the time
it grows shareholder value.
In addition, financial theory demonstrates that the management of the company is not able
to produce shareholder (who are also known as the investors of the company) value
through undertaking a project, which the shareholders are able to perform for themselves
at equal expenses.
At the time when this concept is implemented towards financial risk management, it
denotes that management of a company should not go for hedging risks, which the
shareholders are able to hedge on their own at similar expenses.
This idea is corroborated by the hedging irrelevance proposition, which says that in case of a
perfect market, a company is not able to perform value creation through hedging a risk
while the cost of carrying the risk within the company is equal to the cost of carrying it away
from the company.
In reality, no financial market is a perfect market. This indicates that the management of a
company has a large number of options to generate value for the shareholders utilizing
financial risk management.
Market risk management:
The concept of Market risk management has gained in importance in the recent times
as it has been giving the business organizations a particular risk model that becomes all
the more useful when the company is opening or closing business activities. The process
of market risk management comes with some essential features that help it to be more
effective.
19
Total Risk Management
Uses of Market Risk Management:
The process of market risk management has a number of applications in the context of
today's global market. Its most basic use lies in the fact that it furnishes the business
concerns with a particular risk structure. This risk structure comes in handy especially when
a particular company is operating either in its closing or opening phase.
Main Characteristics of Market Risk Management:
Following are the principal characteristics of the system of market risk management:
World limit management: This process is at the base of the various trading plans that
are used across the world as well as their applications. This process also makes sure that
the amount of loss that may be faced by a particular company while carrying out
business transactions is not more than what is being expected by that organization.
The various market risk management systems make sure that the various information
related to the market are relevant as far as the parameters of input in case of the
market risk calculations are concerned.
Indicators: These are applicable only in the case of banks and certain businesses. These
are normally used in order to find out the problems that may be related to market risks
Credit risk management:
Credit risk management is extremely important as far as the overall financial stability of the
financial institutions like the banks is concerned. The credit risk management situations in most
banks are not exactly impressive and thus this process becomes all the more important. The
basic aim of the system of credit risk management is to reduce the potential of credit risk that
may be faced by a particular creditor.
20
Total Risk Management
Importance of Credit Risk Management:
The credit risk management is of utmost importance for the banks and other financial
institutions that have been the chief sources of credit for many years. It has been observed that
the financial institutions that are able to manage their credit risks properly are functioning well.
Situations of Credit Risk Management:
There are a variety of problems related to credit risk management that have been important in
this context.
However, the most important factor in this case has been the absence of proper credit rules for
the debtors. At times it has also been noticed that the companies have not been able to
manage their portfolios in a proper way.
The banks and other financial institutions that are dealing in credit services have not always
been able to take into account the various economic factors that have contributed to a decline
in the credit capabilities of the borrowers.
Aim of Credit Risk Management:
The most basic aim of the process of credit risk management is to minimize the levels of credit
risk that a particular institutional creditor like a bank faces when it lends money to a particular
borrower. The system of credit risk management accomplishes that by keeping the levels of the
risk faced by a bank within certain acceptable standards.
Quantitative Risk Management:
Quantitative risk management is a very important process in the context of the modern
day business world. It primarily deals with the concepts of risk and hazard and tries to
reduce the chances of the occurrence of any form of financial loss.
Risk is regarded as a combination of these three factors:
Possibilities of a hazard
21
Total Risk Management
Possibilities of high losses being suffered as a consequence of the accident
Possibilities of a hazard leading to an accident
Inputs of Quantitative Risk Analysis:
The inputs of the process of Quantitative Risk Analysis are as follows:
Organizational Process Assets
Risk Register
Project Scope Statement
Project Management Plan
Risk Management Plan
The organizational price assets are basically information regarding a particular project that
is similar to the one that is being analyzed. This sort of information is taken from project
archives. They may also be the study results of risk specialists as well as a database of
proprietary risk.
The project scope statement highlights the positive aspects of a particular business project.
The risk management plans contain information on the risky aspects of a particular business
endeavor like:
Budget
Types of Risk
Explanations of impact and probability
Timing and Schedule of Risks
Probability and Impact Matrix
The Risk Register performs a similar function to the risk management plans. It also
categorizes and prioritizes the various aspects of the process of quantitative risk analysis.
The project management plans are made up of the cost management plans and the
schedule management plans. The former shows ways to run the project and the later deals
with the financial aspects of the project.
22
Total Risk Management
Functioning of Quantitative Risk Management:
The primary function of the process of quantitative risk management is to deal with the
various elements of the phenomenon of risk by trying to bring down the possibilities of such
mishaps. It also tries to limit the extent of loss that may take place if a hazard happens.
There are some important aspects as far as the functioning of the process of quantitative
risk management is concerned:
Modeling and Simulation
Interviewing
Expected Monetary Value
Probability Distribution
Decision Tree Analysis
Sensitivity Analysis
Output of Quantitative Risk Management:
The outputs of the quantitative risk management are the results of the process. Under normal
circumstances the only output of a quantitative risk management process is a risk register. The
risk register is made up of the following components:
Trends in quantitative risk analysis
Probabilistic analysis of the project
Prioritized list of quantified risks
Probability of achieving cost and time objectives
Commodity risk management:
Commodity risk management is very important to provide coverage to all those groups that
are related to the commodity market. These groups are exposed to maximum financial risks
when there is any natural disaster or man-made disturbance.
23
Total Risk Management
Commodity market in every country faces some of the common risks. These risks are caused
by natural disaster as well as external factors like wars, political instability and so on. If not
covered properly, these risks can cause huge financial loss to a number of groups.
Proper commodity risk management is essential to provide stability to this sector as well as
to make this sector financially secured.
Types of Commodity Risk:
There are different types of commodity risk that are faced by the commodity markets across
the world. These risks are as follows:
Natural Risks: Natural disasters
Man-Made Risks: Political risks, price risks, quantity risks and so on
Groups Facing Commodity Risk:
There are a number of groups that mostly face the commodity risk. Primarily there are the
farmers, producers and plantation companies who face these risks. At the same time, the
purchasers and exporters of commodities also come under the shadow of commodity risk. Last
but not the least, is the national governments that are also bound to share these risks with
others.
Bank risk management:
Bank Risk Management is used mostly in the financial sector. Bank Risk Management involves
market risk as well as credit risk management. Bank Risk Management gives an idea of future
risks and also promotes prudent risk taking behavior.
24
Total Risk Management
Need for Bank Risk ManagementRepeated financial disasters faced by financial, non-financial and government bodies have
created the need for bank risk management policies. Apart from regulatory requirements, bank
risk management is needed by the bank managers for the following reasons:
Creation of benchmarks for calculation of reward-risk ratios. Investment of capital is then
directed to options with high reward risk ratios.
Estimation of the probable losses. This leads to wise risk taking decision by investors as the
risk monitoring part is already put in place. Banks also learn to handle their available liquidity
well.
Characteristics of Bank Risk Management Policies:One of the characteristics of bank risk management policies is that it needs to be updated on a
regular basis. Banks that are involved in trading go in for
Intra day risk management on selective areas
Regular measurement of the overall risks faced by the bank
Regulators are however, more interested at knowing the overall risks as compared to the
individual portfolio items. Another characteristic of bank risk management policy is that it is
usually not carried out in a decentralized fashion. The economic theory of risk management
states that the risk of a particular portfolio is usually not determined by a simple addition of the
component risks. Bank risk management policies despite their worthiness are resource
intensive. They demand considerable time and money. But violation of prescribed regulations in
the capital market attracts heavy penalty. So managers do a cost benefit analysis whenever
portfolio composition changes.
25
Total Risk Management
Nonprofit Risk Management:
Nonprofit risk management is carried out by non-profit organizations. It mitigates the adverse
effects arising out of risk factors. Different organizations may have different goals. In order to
achieve the same they must use their resources efficiently. Herein come the various
management policies.
Steps of Nonprofit Risk Management:
Identification of problems : This refers to identification of areas of operation where
problems might crop up due to unforeseen events. It is this uncertain event, which we
refer to as risk. Normally risks adversely affect the functioning of an organization. So risk
management essentially provides the organization with a back up plan.
Formulation of plans: This deals with the preparation of an action plan .It is done with a
view to mitigate the difficulties arising out of risk situations.
Determination of compensation package in case of an eventuality: Here we try to
determine what the ideal compensation package will be, in case of an eventuality.
Risk Management Issues Concerning Nonprofit Organizations: Screening of the organization's volunteers
Keeping a tab on the records of driving licenses of both staff and volunteer drivers
Developing training and orientation modules for volunteers
Developing guidelines for employees
Financial negotiations at the time of taking a bank loan
Purchase of property
Taking insurance of liabilities
Reasons for Adoption of Nonprofit Risk Management:For non-profit organizations risk management is essentially a preventive measure. It is put in
place to avoid any unnecessary future hassle arising out of risk factors. Nonprofit risk
management provides the organization with an action plan. Nonprofit risk management
formulates various strategies and prescribes various techniques to be followed by the
26
Total Risk Management
organization. It is wise to plan in advance for possible future disruptions and create a back up
policy for the same. This helps in the smooth running of the organization. Attainment of long
term set goals also becomes easy.
Currency Risk Management:
Currency risk can be termed a sudden fall in the value of a particular currency.
This happens due to unexpected shifts in the currency exchange rates. To avoid or minimize
losses caused by these incidents, proper currency risk management strategy is very
essential.
Currency risks are related to the floating exchange rates. The currency exchanges are done
for a number of reasons.
Nowadays, cross border commercial activities are growing at a rapid pace. Almost
everything starting from goods to technologies are exchanged between the traders of
different countries.
These transactions are subjected to currency risk because floating exchange rates are
minimizing the chances of fixing the value of a particular currency.
On the other hand, there are the forex market traders who are involved in trading of
currencies of different countries. These traders participate in the activities of one of the
most liquid world financial markets.
A large number of banks, individuals as well as several national governments are involved in
these activities. These institutions as well as the individual investors are also in need of
currency risk management because the forex market rates and trends change very quickly.
Two types of risks are managed by currency risk management strategies. These are the
systematic risk and unsystematic risk.
Systematic risks are all those risks that affect each and every kind of investments. Interest
rate risk, market risk as well as inflation risk, all are considered as systematic risks. On the
other hand, there are the unsystematic risks like business and financial risk.
27
Total Risk Management
Unsystematic risk affects some definite businesses and not the entire market.
One of the most common currency risk management tool is the forward exchange contract.
According to these contracts that are signed between the potential seller and purchaser of a
particular currency, the exchange rates are fixed before the actual transaction.
The transaction takes place in the future but due to the contract, if the exchange rate of
that currency changes at the time of transaction, the purchaser and the seller are not
affected.
There should also be a definite trading strategy that can be very helpful in hedging the
currency risks. These strategies should be developed after analyzing the market averages or
market indexes properly. On the other hand, there are certain theories regarding the
trading process in the currency market.
These are also very helpful for currency risk management. All these are specialized things
and one may seek professional assistance from the currency risk management firms for the
purpose.
Enterprise Risk Management:
The business sector has its own risks and opportunities. Managing these risks properly
and making full use of the business opportunities are termed as enterprise risk
management. It helps in developing the business by adding value to the particular
business.
Certain amount of risk is associated with all types of business operations. At the same
time, there are a number of growth opportunities that are also related to the business.
For the overall development, it is essential that these risks are hedged properly so that
they cannot cause any kind of loss to the business or even if it causes any harm, the
effects can be minimized as much as possible.
On the other hand, it is also necessary that the provided opportunities are used in the
best possible way.
28
Total Risk Management
Types of Enterprise Risk Management: There are two types of enterprise risk management. These are the RIMS and COSO.
Both these types share some common objectives like locating the hidden risk factors and
providing solutions to hedge the risk.
At the same time, these risk management strategies are also conscious about monitoring
the development of the risk hedging strategy. The monitoring activities are also very
important to take hold of the market opportunities. Application of RIMS or COSO depends
on the particular situation and is subjected to the approval of the management.
Project Risk Management: Project risk management focuses on the management of various types of risks related to a
project. The process of project risk management is carried out in a number of steps.
Nevertheless, there are two principal phases of project risk management and they are
assessment of risk and risk control.
Project risk management deals with different types of uncertainties and constraints related to a
project (known as project risks). A project risk is a probable origin of variation from the plan of
the project and it may have a positive or negative influence on the project. Project risks having
negative characteristics are known as threats and project risks bearing positive characteristics
are known as opportunities. Efforts are always on to minimize the threats and maximize the
opportunities
Project risks can be minimized with the help of eliminating or decreasing them. There are two
main phases of project risk management and they are risk assessment and control of risk.
Assessment of risk may be carried out at any point of time within the duration of the project.
However, the earlier it is performed, the better it is for the organization. Risk control is always
29
Total Risk Management
dependent on a proper risk assessment. On the other hand, if risk control measures are not
undertaken, there is no use of performing a risk assessment.
Process of Project Risk Management:The process of project risk management can be elaborated as follows:
Project Risk Assessment :
The process of project risk assessment can be further categorized into the following:
Identification of risk: The project risks are identified by examining the whole project plan.
Analysis of risk: Risk analysis can be quantitative or qualitative in nature. In this process, the
manner in which the project risks may influence the project performance in terms of
expenses, time period or satisfaction of the necessity of the customer is ascertained.
Prioritization of risk: According to this process, it is determined that which risks require
total elimination, which risks require continuous supervision and monitoring and which risks
are not so important to supervise.
Project Risk Control
Project risk control involves the following steps:
Avoidance of risk: A plan is chalked out as to how project risks can be eliminated or
avoided.
Risk transfer: In this way, risk is transferred by buying insurance policies.
Risk mitigation: A number of measures are taken beforehand for minimizing the impact of
risk.
Contingency plan: For risks that are regarded as important, a contingency plan is prepared
in advance before those risks occur.
Risk acceptance: Certain risks are accepted because they are regarded as small and do not
influence the performance of the company to a significant degree.
Measure and control: Observing the outcomes of the risks that have been detected and
handling them to a favorable or productive end.
30
Total Risk Management
Technology Risk Management:
The system of technology risk management is used in order to deal with the various risks that
may arise in the use of technological tools. This process is especially applicable in case of the
banking industry. It has been observed that the risk management strategies that are useful in
other cases are generally not applicable when it comes to technology risk management.
Processes of Technology Risk Management:As far as the process of technology risk management is concerned after the weaknesses are
detected the authorities function in order to eliminate them by developing the proper strategy.
The banks nowadays work as per three approaches.
These approaches are either used on their own or in combinations. The approaches may be
mentioned as below:
Risk management with the help of internal processes. In such cases controls are
extremely important.
Risk transfer by buying insurance coverage
Risk management with the help of outsourcing. In such cases the required work is
outsourced to external bodies.
Normally it has been seen that the companies that need to take technology risk management
steps opt for any of the above-mentioned steps. All these choices provide the users with
specific advantages as well as disadvantages. However, the choice is normally made after
judging the profitability of each one of the options.
31
Total Risk Management
32
FinancialRisks Operational Risk
Reputational RiskBusiness and strategic risks
Market RiskCredit Risk
Risk is multidimensional
One can “slice and dice” these multiple dimensions of risk*
PortfolioConcentration
Risk
Transaction Risk
CounterpartyRisk
Issuer Risk
Trading Risk
Gap Risk
Equity Risk
Interest Rate Risk
Currency Risk
Commodity Risk
FinancialRisks
OperationalRisk
Reputational Risk
Business and strategic risks
Market Risk
Credit Risk
“SpecificRisk
”GeneralMark
et
Risk
Issue Risk
Total Risk Management
Risk Management, Corporate Governance and the Public Corporation
From Theory to Practice: Why Firms Should Manage Risk
Not until the re-emergence of corporate governance concerns about the separation of owners and managers articulated by Berle and Means in the 1930s reappeared in the “modern” finance literature did risk management enter the “scientific” world of financial economics. This re-emergence in the scholarly literature can be traced to Ross (1973) and Jensen and Meckling (1976) who introduced the term agency theory into finance. At the core of financial agency theory was the notion that in a world of informational asymmetries and self-seeking behavior, individuals would use informational and other advantages to transfer wealth to themselves from others. Although such behavior was ascribed to all stakeholders, early attention focused on conflicts on interest between shareholders and managers (a concern of Berle and Means) and shareholders and bondholders. Later, other stakeholders were brought into the scheme. Ways of solving or mitigating these conflicts are the concerns of corporate governance.
Basically, early and late financial agency theory took the seminal works of early financial theory that were developed around the notion of perfect capital markets and introduced imperfections into the analysis. The introduction or recognition of these imperfections led to many reasons for having managers manage risk (Smith and Stulz, 1985; Froot, Scharfstein and Stein, 1993), reasons that have found their way into contemporary financial management textbooks (e.g., Grinblatt and Titman, 2001). We review these reasons in order to set the stage for connecting them to more fundamental social welfare concerns about corporate governance and risk management. The usual reasons are:
1. Risk management can be used to lower the firm’s expected tax payments.2. Risk management can reduce the costs of financial distress and bankruptcy.3. Risk management can be used to encourage and protect firm specific investments.4. Risk management can be used to align the interests of management with those of the owners of
the company.5. Risk management can be used to design management compensation plans that hold
management accountable only for the factors under their control.6. Risk management can be used to assist firms in developing financial plans and funding
programs.7. Risk management can be used to stabilize cash dividends.
33
Total Risk Management
Using Risk Management to Lower Taxes
Although not associated with informational asymmetries, taxes qualify as a market imperfection. To the extent that taxes levied on corporate income differ from those on personal income or treat some forms of income differently from others, risk management strategies can be used to arbitrage or negate tax code asymmetries.
One tax code asymmetry is the differential treatment of interest expense and cash dividends. Interest payments are tax deductible and paid from before tax dollars, cash dividend payments are paid from after tax dollars. Consequently, debt financing may reduce the overall after tax cost of capital to the company by creating an interest expense tax shield with the benefits accruing to the shareholders. To the extent that risk management enables a firm to use more debt (increase its financial leverage) risk management becomes a way of reducing taxes by letting a firm borrow more money and obtain interest expense tax shields.
Another common tax code asymmetry is the differential treatment of gains and losses. Exchange rate or commodity price gains may be taxable; however, losses may not be fully or immediately deductible. If the gains average out over a business or price cycle, the average tax paid will be lower if the firm hedges its exposures to these price changes and pays taxes on the average gain over the entire cycle. In contrast, if the firm did not hedge the exposures, the losses could not be used to offset the gains. Any such tax-coded asymmetry is exacerbated under a progressive tax code, especially if the progressivity is steep. More interesting from a corporate governance perspective, however, are reasons for risk management emanating from how the company is financed – itself a governance structure issue – and how the suppliers of capital monitor and control managers.
Reducing Financial Distress and Bankruptcy Costs
While fully diversified equity investors may not pay much attention to the unique risks associated with price, currency and interest rate volatility, other stakeholders take a different view of the situation. These other stakeholders include creditors, customers and suppliers and they could suffer substantial costs should a company find itself in financial difficulty.
34
Total Risk Management
Consider Toolco, a machine tool manufacturer that produces and sells highly specialized equipment to customers who rely on the company to honor warranties, provide on-going service and technical assistance and supply spare parts. Southeast Asia and Europe are both major markets for Toolco with German and South Korean manufacturing firms being major customers. Toolco prepares bids, quotes prices and bills customers in local currency – Euros and South Korean won. Toolco uses both debt and equity to finance itself.
Should the U.S. dollar appreciate substantially relative to the euro and won, the dollar value of Toolco’s outstanding bids and accounts receivables will plummet. Furthermore, should the dollar remain strong for an extended period, Toolco’s overall competitive position will weaken relative to its foreign competitors. This strengthening of the dollar will cause a substantial reduction in Toolco’s profits and cash flows, a reduction that will affect its ability to provide service and spare parts and, ultimately, produce and deliver high quality machine tools as contracted.
Toolco can use risk management strategies to mitigate the potential financial problems associated with currency risks. It can hedge its exchange rate exposures and adopt other exchange rate exposure strategies – such as currency swaps for financing its foreign operations – that reduce the likelihood of Toolco experiencing severe financial problems from unexpected exchange rate movements. Managing currency risk may also lead to an increased willingness of customers to buy from Toolco because of its ability to withstand financial difficulties. In turn, the improvement in Toolco’s financial position may improve the terms on which suppliers sell to Toolco. The end result for Toolco will be an increase in the market value of its common stock, an outcome desired by its shareholders.
Contemporary textbook treatments of risk management also develop the story that locking in a certain level of operating cash flows may also permit Toolco to use more debt to finance itself. The explanation offered is a reduction in financial distress costs along with the deductibility of interest expense story.
Using Risk Management to encourage and Protect Firm Specific Investments
Stakeholders of the firm include its employees, managers, suppliers and customers. These stakeholders find it very difficult to diversify away the risks they are exposed to in their relationships with the firm, especially if the stakeholders make firm specific investments (Williamson, 1985). So, to the extent that
35
Total Risk Management
risk management is able to reduce the risks of financial distress and failure, the firm will enjoy an improved competitive position in its product and labor markets.
For example, employees have a considerable interest in the success of a company because they would incur substantial adjustment costs were the firm to fail. These costs go beyond the costs of looking elsewhere for employment, especially for highly skilled technical and managerial employees. These individuals typically make major commitments of time and effort to develop company specific skills and look to the continued growth and success of the company for the returns on these investments. The returns are not entirely pecuniary, but come in the form of promotions, status and job security. So, as pointed out in most textbook treatments of the subject, firms that can offer security and the prospects of financial success to their employees and managers are likely to garner greater employee loyalty and recruit and retain the “better” workers and managers.
But, a more fundamental relationship exists between having employees and other stakeholders make firm specific investments and the need for firm survival. We would argue that it is the firm specific skills amassed by the firm’s employees that make it possible for the firm to earn more than its cost of capital. Expressed in the terminology of financial management, these firm specific skills enable the firm to find and undertake positive net present value projects.
This notion of the importance of firm survival and the need to manage total risk so as to support the development of firm specific skills to make positive NPV projects fits nicely into David Durand’s critique of Modigliani and Miller’s irrelevance of capital structure given perfect capital markets. Durand (1989) notes that Modigliani and Miller did not restrict the firm’s investment opportunities to only perfectly competitive zero net present value projects but, instead, let firms earn excess returns due to special circumstances such as patents and other factors. Durand then argues that this “rationale implies that their [MM] perfect market is not perfect enough to accord everyone, whether firm or individual investor, equal access to the better opportunities …. Perhaps what MM have in mind is a two-tier market, with one tier for securities and the other for physical assets.” Durand concludes that investors in security markets can earn only a zero NPV return because the investor does not have access to the monopolistic opportunities available to the firm.
We want to suggest another way of phrasing Durand’s critique. Instead of ascribing the excess returns to monopolistic practices, let’s ascribe them to firm-specific skills and accumulated knowledge. These firm-specific skills generate the positive NPV projects, including the patents that Modigliani and Miller invoke for explaining the existence of economic rents. And, to ensure these unique, firm-specific skills are developed, the firm needs to survive as a going concern; hence, the need for managing total risks.
36
Total Risk Management
And, also, an outcome that investors cannot duplicate on their own regardless of whether financial markets are perfect.
As we mentioned earlier in connection with financial distress costs, suppliers and customers also have a direct interest in the financial health and survival of the firm. Suppliers are unlikely to make firm specific investments in plant, equipment and production technology to service weak customers who may not be around next year to buy the components. Therefore, risk management actions that reduce the likelihood of a firm failing will increase the willingness of suppliers to enter into long-term contracts and make investments in equipment and product development that benefit the buying firm. These complimentary firm specific investments between suppliers and users support and produce inter-firm efforts that, in turn, generate relational rents (Dyer and Singh, 1998).
Many small and medium-sized firms are privately owned and owner managed. Usually, the owners have most of their wealth tied up in the company and cannot obtain the benefits of portfolio diversification that would eliminate the unique financial risks of the company. To exacerbate matters, the owners have their human capital tied up in the company as well. So, risk management becomes a very important way for owner-managers of closely held firms to protect themselves from commodity price and exchange rate risk.
The above reasons for risk management arise not so much out of conflicts of interest among stakeholders as out of the benefits associated with the survival of the firm. Think of it this way: The firm can be characterized as a voluntary association to create new wealth with new wealth thought of as positive NPV projects. This new wealth requires firm specific skills and investments such that, once the firm’s stakeholders become vested in the company with their firm specific investments, they have an interest in sustaining the firm and their association with the company. Hence, the need to manage total risk at the firm level rather than only the systematic risk at the investor level.
Using Risk Management to Monitor and Control Managers
From a public shareholder’s perspective (a perspective generally assumed by financial theory), the objective of management should be to maximize the price of the company’s common stock. However, managers are likely to be interested in their own well being as much as the well-being of the owners of the company. Therefore, in a world of self-seeking behavior and informational asymmetries (where managers have more information than owners), conflicts of interest between managers and owners of publicly held companies are likely to arise. Managers may seek to extract perks from the company and
37
Total Risk Management
grow the company at the expense of the shareholders by making unprofitable investments so as to keep control of corporate resources, preserve their jobs and increase their salaries. These actions create costs called agency costs and they reduce the market value of the company.
Students of financial economics and organizational behavior use financial agency theory to analyze and understand these costs and recommend ways to reduce them. One important application of agency theory is the design of management evaluation and compensation systems that reduce conflicts of interest between managers and owners by aligning managers’ interests with the shareholders.
Risk management enters into this process the following way: Unlike shareholders, managers cannot diversify away the unique risks associated with the company; managers are exposed to the total risk of the company, not just the systematic risk. Regardless of why the firm fails, the managers are out of a job. Consequently, managers are likely to make decisions based on the total risk of a venture whereas shareholders would prefer managers to consider only the systematic risk.
Now, recall that we said financial theory predicted that hedging would not improve firm values if all it did was to reduce the variance of the firm’s cash flows because investors could do this on their own through diversification. However, reducing the total variance of firm cash flows may be very important for managers who, unlike investors, cannot diversify away the risks associated with certain business ventures. By letting managers eliminate these risks through hedging, the shareholders need not worry about managers rejecting projects that are very profitable based on their systematic risk exposures but unlikely to be undertaken unless managers can hedge the unique risks to protect their jobs and the company in the event of a “bad draw.” Such hedging costs the public shareholders nothing in terms of expected returns on the hedged project and also doesn’t affect the systematic risk. However, by reducing the consequences of project failure for management, a project which would have been discarded without the knowledge of public shareholders is now undertaken. Hedging has effectively reduced agency costs and increased the market value of the company even though the project’s systematic risks and expected rate of return are unaffected.
Risk management strategies are used in conjunction with managerial performance evaluation and compensation systems to separate financial outcomes under management control form those not under their control. For example, suppose you are a large institutional investor who owns stock in Wadco Enterprises. Wadco manufactures circuit boards in Thailand and sells them to U.S. companies. Wadco costs are in Thai baht and its revenues in dollars. Wadco has an executive compensation program with bonuses tied to operating cash flows measured in U.S. dollars. Now, suppose the Thai baht substantially depreciates against the dollar. With costs denominated in Thai baht and revenues in dollars, Wadco’s
38
Total Risk Management
Thai division will report very high profits as a result of the Thai devaluation. However, should the mangers of Wadco be paid a bonus for this performance? What control did they have over the devaluation of the baht? Suppose the baht had appreciated instead of depreciated? Should the managers of Wadco be penalized for this outcome?
A widely held opinion is that Wadco management bonuses should not be affected by unexpected exchange rate movements because managers had no control over these events. Bonuses and performance evaluations should be based only on outcomes over which managers have control. So, by having Wadco managers hedge the exchange rate exposures, stockholders, like the large institutional investors, can focus management attention on things management can control, such as production, marketing and sales. Furthermore, by requiring managers to hedge the exposures, shareholders make it more difficult for management to claim that poor performance was caused by events outside of their control.
Using Risk Management to Improve Decision Making and Capital Budgeting
Substantial volatility from quarter-to-quarter and year-to-year in operating cash flows and net income makes it difficult to evaluate the fundamental performance of a company and divisions or other units within the company. The noise introduced into these measures by volatile commodity prices, exchange rates and interest rates can be removed through risk management strategies that minimize cash flow and income variability. Removing the noise improves decision making by providing higher quality information on fundamental performance, especially across divisions, product lines and geographic locations. This higher quality information makes it easier to decide how to allocate funds within the firm and may increase the “trust” of competing managers in the capital allocation process.
Risk management can also be used to protect against disruptions in implementing a capital budget by ensuring that substantial shortfalls in internally generated funds do not occur as a result of unexpected price movements. Normally, firms would have a capital budget in place along with a plan to finance the expenditures. By hedging commodity price, exchange rate and interest rate exposures, firms can better plan both the capital expenditures and the funding arrangements.
39
Total Risk Management
Risk Management and Dividends
Do dividends (like capital structure) matter? Miller and Modigliani (1961) said no; but, of course, this claim is true only for perfect capital markets. Since then, an extensive body of literature has shown that dividends do matter – especially if dividends are cut. So, by stabilizing cash flows, risk management makes it possible to maintain cash dividends and smooth out the dividend cash flow stream. To the extent that dividend policy and investment policies (capital budgeting) are not independent of each other, risk management designed to stabilize dividend payments is really stabilizing the total cash flow stream available for investment and dividend payments.
Note that while stabilizing the cash flows available for investment and distribution to owners as cash dividends is important for all firms, it is especially important for firms with public shareholders. This stabilization of dividend payments is needed to communicate information about future investment returns, dividend payments and the financial health of the company to all the firm’s stakeholders.
For example, the customers of companies that develop software programs for proprietary use want to be sure the developer will be around to supply second and third generation products and to service the existing systems. Consequently, these customers monitor the cash flows, stock prices and dividends of the suppliers to assess the supplier’s financial health and ability to develop new products. Dividends, therefore are important for maintaining a company’s competitive position in its product markets as well as for providing shareholders with an adequate return on their investment.
40
Total Risk Management
Summary and Conclusions
Risk management is presented in the finance literature as a cure for market imperfections. These imperfections arise out of conflicts of interest among stakeholders seeking to advance their own interests in the presence of informational asymmetries and distortions introduced by taxes, transaction costs and legal systems. Implicitly or explicitly, the objective of risk management is stated as maximizing the wealth of the existing owners of the firm who, in a perfect world, are assumed to be efficiently diversified investors concerned only with the expected return and non-diversifiable risk of their investments. In finance, then, the existence of risk management is tied directly to the governance issues of how investors monitor, control and compensate managers so as to protect their investments in the company.
From a social welfare perspective, however, risk management makes a major contribution with respect to preserving the firm as a social welfare organism. This organization does not exist solely for the benefit for the shareholders but is part of a larger scheme designed to achieve a set of political objectives which vary from one country to the next but generally regard the corporation as serving more than the needs of its owners. The role of the shareholders is to ensure that managers do not waste economic resources within the overriding social responsibility functions of the firm. Hence, accepting a broad definition of corporate governance focused on how society is organized with economic efficiency objectives being important, but not supreme, dominates the market imperfection arguments of financial economists for risk management. Firm survival and continuity is important for societal reasons and risk management assists in this task.
This broader perspective on risk management should be the one that informs the regulation of risk management products and markets. While regulation should discourage speculative abuses, it should also recognize the economic efficiency and growth objectives that are enhanced by having risk management products.
41
Total Risk Management
42
Total Risk Management
43
Total Risk Management
44
Total Risk Management
45
Total Risk Management
46
Total Risk Management
47
Total Risk Management
48
Total Risk Management
49
Total Risk Management
50
Total Risk Management
51
Total Risk Management
52
Total Risk Management
53