Firmsconsulting

Archive for the ‘Risk Management’ Category

, ,

Continuous risk management learning

In MBA, Risk Management on October 27, 2010 at 11:03 pm

Continuous risk management learning is essential for effective risk management performance. Organization needs to leverage and further develop knowledge within the enterprise regarding risk management processes. Continuous learning leads to continuous improvement.

Sources and tools for continuous risk learning

  1. Learning from experience is an important source of learning and newly gained knowledge should be shared.
  2. Best practices should be shared throughout organization
  3. Risk management learning should be incorporated into planning for training and development of employees.

Enablers of continuous risk management learning

To ensure that continuous risk management learning becomes part of an organizational risk management culture, the following actions should be undertaken:

  1. The appropriate behaviors should be enticed and reinforced. Continuous learning objectives should be aligned with performance measurement.
  2. Endorsement by management of the importance of risk management learning is also vital to support continuous risk management learning. Employees should be provided with resources, tools and support.
  3. Adequate risk management culture is another enabler of continuous risk management learning.
  4. Learning should be incorporated into the risk management strategy.

, ,

Risk management responsibilities

In MBA, Risk Management on October 27, 2010 at 11:00 pm

Board of directors

The board of directors is ultimately responsible for the risk management process. The board needs to understand important risks faced by the enterprise and needs to provide guidelines on the enterprise’s risk appetite and risk management process. The board is responsible to continuously ensure that adequate risk management processes are in place. However, the actual risk management activities must be delegated to the risk management function.

Risk management environment

The risk management environment involves matters associated with people such as culture, philosophy, how people are trained and developed, how appropriate behaviour of employees is incentivized, reinforced and compensated.

Culture is an important part of the risk management environment. Endorsement of the appropriate risk management culture by all levels of management within the organization is vital for successful risk management processes. Such endorsement should be evident from managements’ attitude as well as from resource allocation. The values of an organization need to reflect that risk management is important. Buy-in (acceptance) from all employees with regards to the importance of risk management is necessary. Accountability should be assigned to business units, divisions and employees for their required input into the risk management process.

Performance of employees should be aligned with risk management objectives. Only this way will employees will be enticed to bring their utmost effort in executing their contribution of the risk management process. Adequate performance with regard to risk management objectives should contribute to rewards for the employee.

 

, , ,

How much risk management is needed

In MBA, Risk Management on October 27, 2010 at 10:59 pm

ERM involves a process consisting of establishing a

  1. strategy,
  2. appropriate infrastructure (different kinds of structure established within an enterprise such as organizational structure, different kinds of systems such as information system which refer to how information is collected, used and shared; determination of accountability, responsibility, methodologies to be used, control procedures),
  3. environment (involves matters associated with people such as culture),
  4. And operating philosophy (refers to command and control or empowering; centralized or decentralised), how people are trained and developed, how appropriate behaviour of employees are incentivized, reinforced and compensated).

ERM provides organizations with knowledge which allows them to systematically manage risks in an enhanced manner.

ERM infrastructure

ERM infrastructure refers to different types of structure within an organization which is required for a successful risk management process. It refers to different tools that risk management process can use to ensure its success and include:

  1. An organizational structure.
  2. Risk management systems are another variable within the infrastructure of ERM. An example of a risk management system is the information system which provides for informational risk management needs throughout the enterprise. Information systems should be designed and managed in a way which ensures that the system is flexible; meaning that the way in which information presented will allow various users within the enterprise to use it for their specific informational needs. The information system must also be user friendly. This will ensure that employees within the enterprise can obtain the maximum value from the system. Information systems should allow for fast recording, evaluation, summary, consolidation and sharing of information. The informational system should also be efficient. This refers to the necessity for the system to be designed in an efficient way to ensure that no tasks are unnecessarily duplicated throughout the enterprise as well as to make sure that no unnecessary activities are performed.
  3. Determination of accountability and responsibility
  4. Methodologies and techniques to be used in risk management -
    1. Established control procedures
    2. Risk management unit which is at the center of risk management within the organization
    3. Risk management policies and procedures – refers to the set of rules of how risk management is undertaken within the enterprise. A top-down approach should be used to develop risk management policies and procedures. A top-down approach will ensure consistency and alignment with the risk appetite (how much of risk the company wants to accept) and business strategy. Risk management policies and procedures must be developed with input from all levels of the management from all areas of the business to ensure their alignment as well as to incorporate their knowledge about specific risks faced by their areas. Risk management policies and procedures should also be understood by all employees.
    4. Reporting on risk management process – the addressee of the reports on risk management process performance should be in close proximity to the risks to be able to take timely action.

What is risk appetite?

An enterprise need to establish its risk appetite. The risk appetite of an organization refers to the amount of risk and potential financial loss that enterprise is prepared to accept within a certain time period.

Determining risk appetite

In determining risk appetite, organizations need to consider internal constraints such as funding, investment requirements, potential risks, liability, various types of risks, strategy, competitive advantage and the external environment of the organization. Moreover, it needs to consider the preferences of shareholders towards risk taking. In determining the risk appetite, as in any other business activity, an organization needs to be guided by the ultimate objective of the enterprise which is the maximization of the shareholders’ value.

An enterprise’s risk appetite should be aligned to the amount of risk necessary for a business to take to achieve its objectives.

Risk appetite is determined by aligning the risk management and the value proposition to business strategy. Risk appetite will determine the level and nature of risks that the organization can tolerate. There are more technical ways to determine the risk appetite and there are covered in other parts of the site.

The risk appetite should be clearly stated and measurable. The risk appetite should be incorporated into organizational policies and procedures. In this way employees of the organization are able to get a clear indication of the enterprise’s risk appetite by examining its policies and procedures. With the risk appetite effectively linked to business strategy, it allows to more effectively assess performance of the business units with the help of risk/return analysis and risk limit monitoring.

Risk appetite is largely based on competitive advantages that organizations possess. When organizations have competitive advantage in a certain area of business, then for this particular organization certain risk taking in this area may entail much larger expected returns than the same risks would give rise to for another organization. Consequently, the risk appetite of such an organization should reflect it.

For example, imagine that company X, which is a leading direct insurance services provider in country 1 (one of the emerging markets), has competitive advantages in know-how of direct marketing in the insurance industry as well as in other aspects relevant to running a leading direct insurance services provider. Company X will have much higher expected return with regards to taking certain risks compared to company Y which does not have competitive advantages of company X, but tried to set up a direct insurance company in an emerging market.

For example, company X will have much higher expected return in undertaking a project of establishing direct insurance services provider in country 2 (another emerging market), compared to company Y which does not have competitive advantages of company X. Therefore, such risk taking for company X will be much more valid than for company Y.

Risk appetite should also be set below the limit that organization can actually handle. This will allow leaving a margin for error and prevents overestimation of the organization’s capacity to tolerate risk and serves as an allowance for unexpected catastrophic events. The limit of risk an organisation can handle is called the risk tolerance.

Once the risk appetite established is established, a new risk culture should be created to reflect the risk appetite of organization. The structures, managerial and employees’ level of knowledge, and resources should be aligned with the type and extent of risks the organization is undertaking.

 

, ,

Types of risks

In MBA, Risk Management on October 27, 2010 at 10:57 pm

Types of risks

Inflation risk – refers to risk that money today will not worth as much tomorrow, or in a year. Many safe investments, such as fixed deposits offered by banks do not keep pace with inflation.

Opportunity risk – risk that a safe investment that is undertaken will lead to the loss of additional return that could have been earned if money were placed into a better investment.

Concentration risk – risk of putting entire funds into one investment such as an investment in one’s own business or investment in shares of a specific company. If such an investment will not yield the return that was expected than there is no other investment that could make up for such loss.

Interest rate risk – risk that interest rates will fluctuate with adverse effects on the company. For example, an adverse effect those changes in interest rates can have on servicing debt.

Marketability risk – refers to risk that marketability of the investment may turn out to be low. It refers to the chance that if the need arose to sell the investment in a timely manner, there will be no ready market to sell it to.

Credit risk – refers to possibility that the borrower will not be able to meet its obligations as it comes due.

 

,

Linking consolidation of risk to improved performance of enterprise

In MBA, Risk Management on October 27, 2010 at 10:56 pm

By linking consolidation of risk to improved performance of the organization, value is created. By consolidating risks, organizations obtain information which allows to undertake evaluation, analysis and management of risk more effectively.

ERM establishes the foundation which improves decision making with regards to risk, return and growth. The foundation consists of assessment tools, common language, determined risk tolerances and strategies, all of which are encouraged by ERM.

ERM allows identifying internal and external best practices from which all enterprises can benefit. As a result of ERM: organizations better manage risk profiles (with the help of tools such as RAROC), reduce unacceptable risks, strategic errors and undertake more timely and adequate corrective actions.

Risk management strategies create value by trying to avoid unacceptable losses, encourage using the core competencies of an organization and managing variability of performance.

To achieve connection between risk management and enhanced performance of the enterprise, we need to measure how performance is affected by changes in the risk profile which occur due to the implementation of risk management strategies.

 

, ,

Risk-adjusted performance measures

In MBA, Risk Management on October 27, 2010 at 10:56 pm

Risk-adjusted performance measures allow to measure risks and returns of investments to be able to rank investments systematically.

Risk-adjusted return on capital (RAROC) is an example of a risk-adjusted performance measure. RAROC was introduced and popularized by Bankers Trust in the late 1970s and 1980s as an enhancement of return on capital (ROC).

RAROC is often measured as a ratio. To find Risk-adjusted return on capital we need to take expected revenue less expected expenses less expected losses (losses expected over the measurement period) and risk free rate of return divided by capital to be invested.

RAROC discount riskier cash flows against less risky cash flows.

When risk is quantified with the use of approaches such as Value at Risk (VaR), one of the ways to use quantified risk information is to evaluate the value of business activities versus their risk profiles. Two businesses with the same income but different risk levels have different value.

RAROC evaluates the risk of business activity and associated expected return from business activity. RAROC allows to evaluate how much more of the expected return is required for each degree of risk and whether there is enough funds available to cover potential risks.

To quantify risk we use probability distributions of return obtained from historical records. This should be consistent with Value at Risk (VaR) and other statistical models. The goal is to consolidate risk, price risk and allocate capital based on expected returns.

RAROC allows to evaluate risk, return and to compare the performance of various enterprise’s units and activities each of which will have different risk portfolios. This will allow creating benchmarks. RAROC determines limits on different business activities such as trading or investing by adjusting return on an investment that accounts for capital at risk. RAROC allows comparing returns on a variety of projects with diverse levels of risk.

RAROC is a way to measure profitability in light of the degree of risk of the business activity.

 

,

Value at Risk (VaR)

In MBA, Risk Management on October 27, 2010 at 10:55 pm

Value at Risk (VaR) is a summary, statistical measure of total normal market risk of loss (total value that can be lost) on a certain portfolio of financial instruments at a certain confidence level. It measures how large could be potential likely losses due to “normal” movements in the market. The technique is one of the most recent techniques and was developed at JPMorgan.

Value at Risk (VaR) results is structured as follows:

“with X% certainty, company will not lose more than $V in the next N days.”

Value at Risk (VaR) is a snapshot of a current risk level. The Value at Risk (VaR) is a floor for potential loss that can be incurred, not a ceiling. The potential loss can be VaR or higher. VaR is used to make sure that the company can handle potential losses. The potential losses cannot necessarily be prevented or, in some cases, potential losses should not necessarily should be prevented due to risk/return relationship.

The results of Value at Risk (VaR) analysis are expressed as a single number $V (VaR number) which is determined based on two parameters namely X% which refers to confidence level and N days which refers to the time horizon. $V refers to the maximum potential loss which will occur with X% certainty over N days which is number of days in the risk period under consideration. For example, with 1% certainty over a 5 days period.

Value at risk limits can be established for specific asset categories such as foreign exchange or real estate. The limits can also be set for various levels within an enterprise such as business unit level and overall company level.

Earnings at risk (EaR) – is a risk measurement of the amount by which net income may adversely change due to interest rates fluctuations. In other words, Earnings at risk (EAR) helps organizations to evaluate how changes in interest rates may affect the organization’s earnings.

The difference between Value at Risk (VaR) and Earnings at risk (EAR) is that EaR measure only changes in the cash inflows from earnings whereas VaR measures total loss on a certain portfolio of financial instruments.

 

, , , ,

The hurdle rate

In MBA, Risk Management on October 27, 2010 at 10:54 pm

The Hurdle rate is also called minimum acceptable rate of return (abbreviated MARR) or break-even yield. It refers to the minimum rate of return that is required before any project can be undertaken. The hurdle rate is used in the capital budgeting and is the same as the required rate of return in the discounted cash flow analysis of long-term investment opportunities. It is a discount rate used when different investment alternatives are considered.

If the expected return on the proposed investment is below the hurdle rate, than the investment is not acceptable and vice versa. Sometimes the hurdle rate also refers to the minimum internal rate of return (IRR) for the project to be undertaken.

The hurdle rate should be equal to the marginal cost of capital, which is also referred to as the incremental cost of capital. The hurdle rate is also a rate of return which is necessary to maintain market value of the firm. The market value of the firm refers to the firm’s current market price of shares.

Organizations use hurdle rates to evaluate long-term investment projects using discounted cash flow techniques (capital budgeting). This allows assessing of potential projects more systematically. Such evaluation allows having better confidence that selected long-term investments will at least have returns equal to the marginal cost of capital.

Hurdle rates should be set for each project or at least for each business unit or division to account for differences in risk profiles across the enterprise.

 

, , ,

Aggregation of risk measures

In MBA, Risk Management on October 27, 2010 at 10:53 pm

Consolidated risk management, which is also called enterprise-wide risk management, refers to synchronized management of total pool of risk in the enterprise. Consolidation of risks became possible due to advances in financial engineering and information technology.

Consolidation of risks is important for 5 main reasons:

  1. Consolidation of risks allows management to see the big picture of risk. Management able to see what is happening to the total pool of risk in the enterprise. Management can analyze if risks are increasing or decreasing and why such changes occur. Moreover, management is able to compare how such changes relate to the risk tolerance level of the enterprise.
  2. Since management is able to see the big picture, it is in a better position to make decisions on risk management which lead to improved performance of the enterprise risk management process.
  3. Improved performance of the enterprise risk management process leads to improved performance of the enterprise and enhanced owner’s wealth maximization, which is the ultimate objective of the enterprise.
  4. Consolidation of risks involves letting go of some particulars and allows to present risks in a straightforward and uncomplicated manner which facilitates effective management throughout the enterprise.
  5. Consolidation of risks involves analysis of the relationships between different risks. Thereafter, risks are categorized. This enhances quality of risk reporting, which in turn improves decisions associated with allocation of capital.

Approaches to consolidation of risks

Risks should be categorized into appropriate categories. If risks have the same drivers than risks are positively or negatively correlated. If risks do not have the same drivers than such risks are uncorrelated.

When risks are categorized, appropriate methods should be chosen to manage each category. Methods for managing categories of consolidated risks include:

  1. Managing it as a portfolio of risks
  2. Obtaining insurance for entire category or for each individual risk within category, whichever is less costly. Transfer costs for entire category will be more cost effective in cases when risks have low or negative correlation and high when risks have positive correlation.
  3. Hedging
  4. Using “natural hedges”. As an example, in 1984 a German airline Lufthansa signed a contract with American Boeing committing company to buy aircraft for $3 billion. The organization took forward contract for half of the amount (1.5 billion) to hedge itself against possible currency fluctuations. However, what was not taken into account is that Lufthansa’s cash flow was also essentially dollar-denominated. Therefore, Lufthansa had a “natural hedge” in this situation. Incidentally, the dollar depreciated by 30 percent in 1985 and Lufthansa incurred sizable foreign-exchange loss due to the forward contract which was unnecessary due to “natural hedge” that company had and which was overlooked.


, ,

Monitoring risk

In MBA, Risk Management on October 27, 2010 at 10:50 pm

Techniques to undertake monitoring include external and internal audits, appraisal of an enterprise’s risk management strategies, policies and procedures, and physical inspections.

Target outcome of monitoring

The target outcome of monitoring is to determine if the risk management objectives were achieved and which improvements can be made to enhance the risk management process. A number of questions should be answered during the monitoring stage:

  • as the risk profile of the organization altered,
  • are assumptions on which the risk management strategy were determined are still relevant,
  • is the risk management process effective and efficient,
  • does the risk management strategy still comply with government laws and regulations (in case changes in laws and regulations occurred),
  • and how does the risk management process contribute even more to the ultimate objective of the enterprise, which is wealth maximization of the shareholders.

Monitoring of the risk management environment includes monitoring of environmental risks and operational risks.

  • Environmental risks refer to risks which occur in the external environment and over which the enterprise has no control. For example, if an unexpected adverse event occurs, management needs to re-evaluate the situation and adjust the organization’s risk management strategy and risk management implementation plan. This will ensure that unfortunate incidents do not evolve into a crisis.
  • Monitoring of operational risks refer to risks which occur in the internal environment of the enterprise and over which enterprise has control.

Ongoing monitoring of the enterprise risk management (ERM) process allows enterprises to identify new risks in a timely manner. As an example a new risk, such as new regulatory requirements, can be identified and attended to in a timely manner. It allows maintaining an up to date organizational risk profile. Potential opportunities and threats are also paid attention to. It also makes possible recognition of risk management practices that are inefficient or inappropriate, which must be followed by suitable adjustments.  This allows decreasing costs of such practices.

Further, monitoring allows confirming if assumptions and analysis underlying risk management strategies and implementation plans were correct. If not, timely adjustments must be made, which leads to further improvements in the efficiency of the process. Monitoring of every assumption may be too time consuming. In such case, a list of key assumptions must be compiled and monitored.

Benchmarking

One of the ways to improve the risk management process is by using benchmarking methodology. Benchmarking refers to comparing certain performance indicators of the business to those of the competitors. It also can refer to comparing certain performance indicators between business units within the same enterprise. This methodology can be expensive and time consuming. Therefore, focusing on the crucial areas for success of the risk management process may be most appropriate.

Risk management training

Risk management training is undertaken to ensure employees’ improvement in risk management abilities, skills, knowledge and awareness. 

 

Follow

Get every new post delivered to your Inbox.

Join 25 other followers