THE CONCEPT OF RISK #
Risk is uncertainty surrounding outcomes. Risk is not neces-sarily related to the size of the loss. The more important con-cern is the variability (Deviation) of the loss, specially unex-pected loss. Risk taking refers to active acceptance of incre-mental risk in the pursuit of incremental gains. Risk manage-ment includes sequence of activities aimed to reduce or elim-inate an entity potential to incuse expected losses.
THE RISK MANAGEMENT PROCESS #
The risk management process involves the following ﬁve steps:
- Identify the risks.
- Quantify and estimate the risk exposures or determine
- appropriate methods to transfer the risks. 3. Determine the collective effects of the risk exposures or perform a cost-beneﬁt analysis on risk transfer methods.
- Develop a risk mitigation strategy (i.e., avoid, transfer, miti-gate, or assume risk).
- Assess performance and amend risk mitigation strategy as needed.
Challenges that can arise in the risk management process are:
- Risk must be suﬃciently dispersed among willing and
able participants in the economy.
- It has failed to consistently assist in preventing market disruptions or preventing ﬁnancial accounting fraud.
- The use of derivatives as complex trading strategies assisted in overstating the ﬁnancial position (i.e., net as-sets on balance sheet) of many entities and understating the level of risk assume d by many entities.
- Risk management may not be effective on an overall economic basis because it only involves risk transferring by one party and risk assumption by another party. It does not result in overall risk elimination.
EXPECTED & UNEXPECTED LOSS #
EXPECTED LOSS: Expected loss considers how much an entity expects to lose in the normal course of business. It can often be computed in advance (and provided for) with relative ease because of the certainty involved.
EL = EAD X PD X LGD
UNEXPECTED LOSS: Unexpected loss considers how much an entity could lose outside of the normal course of business. Compared to expected loss, it is generally more diﬃcult to pre-dict, compute, and provide for in advance because of the uncer-tainty involved.
Known unknowns:- Event is known but risk tools are not available to quantify as opposed to above losses.
Unknown unknown:- Events that are truly unknown and no one is aware about.
MEASURING & MANAGING RISK #
- Value at risk (VaR) states a certain loss amount and its probability of occurring. For example, a ﬁnancial institu-tion may have a one-day VaR of $2.5 million at the 95% conﬁdence level. That would be interpreted as having a 5% chance that there will be a loss greater than $2.5 million on any given day.
- Economic capital refers to holding suﬃcient liquid re-serves to cover a potential loss. For example, if one-day VaR is $2.5 million and the entity holds $2.5 million in liquid reserves, then it is unlikely to go bankrupt that day.
- Scenario analysis takes into account potential risk fac-tors with uncertainties that are often non-quantiﬁable.
- Stress testing is a form of scenario analysis that exam-ines a ﬁnancial outcome based on a given “stress” on the entity.
ENTERPRISE RISK MANAGEMENT (ERM):
ERM considers entity-wide risks and tries to integrate risk con-siderations into key business decisions. ERM makes use of measures such as economic capital and stress testing.
RISK CLASSES #
- OPERATIONAL RISK : Operational risk considers a wide range of “non-financial” problems such as inadequate computer systems (technology risk), insufficient internal controls, incompetent management, fraud (e.g., losses due to intentional falsification of information), human error (e.g., losses due to incorrect data entry or accidental deletion of a file), and natural disasters.
- LEGAL & REGULATORY RISK: The risk that a change in laws and regulations will materially impact a security, business, sector or market. Example of legal risk : one party suing the other party in an attempt to nullify or terminate the transaction. Example of regulatory risk : a change in tax law that increases the tax rate of certain types of income, thereby lowering the after-tax investment returns for many investors, or changes in regulations that involve further area.
- BUSINESS RISK : Business risk revolves around uncertainty regarding the entity’s income statement. Business risk may arise because the actual product demand is significantly lower than anticipated or the marketplace’s toleration of a selling price is much lower than expected. In addition, there may be production cost overruns or unexpected costs that substantially increase total expenses. Either way the decreased revenues and/or the increased costs may be significant enough that the entity suffers financial losses.
- STRATEGIC RISK: Strategic risk can be thought of in the context of large new business investments, which carry a high degree of uncertainty as to ultimate success and profitability. For example, an entity could spend millions of dollars developing a new product that ultimately fails in the marketplace because consumers find it unsuitable for their needs. The impact of strategic risk will be felt by an entity if its business decision has an unsuccessful result, thereby incurring large losses and loss of reputation/confidence by investors.
- REPUTATION RSIK: Reputation risk consists of two parts.
- The general perceived trustworthiness of an entity (i.e., that the entity is able and willing to meet its obligations to its creditors and counterparties).
- The general perception that the entity engages in fair dealing and conducts business in an ethical manner.
Risk Factor Interactions #
Independent risk factors are correlated which causes signiﬁcant problem. Risk manager could consider correlation between identiﬁed risk factors and account for it in planning process. Another signiﬁcant challenge for risk man-ager is understanding how risk aggregation can be ap-plied to measure all risk at the enterprise level.
What is popular interest aggregation but some draw-backs. First, there are few different versions of VaR. Second, VaR uses simplifying assumptions end are prone to manipulations like adjusting number of days and confidence Level. VaR Is intended to determine loss threshold level . It measures largest loss at at a speciﬁc cut off point, but not the magnitude of risk. Some managers turn their attention to scenario analysis, stress testing and expected shortfall to measure magnitude of risk.
There are measures of economic capital is also extremely useful for risk managers. RAROC is such method: Calculated as
(After tax net risk – adjusted expected return) / economic capital
This formula is essentially reward per unit. Four speciﬁc practical applications are,
- Business comparison: Allows for comparison of business units when different levels of economic capital exists for each segment.
- Investment analysis:
- Pricing strategy: RARCOC can be used to determine if their current pricing strategy provides suﬃcient return relative to the estimated risk taken.
- Risk Management: This metric can be used to high-light areas where risk is not being properly covered with expected rewards.
The overall point of risk management is to consider the drivers of risk end whether the suﬃcient reward is generated relative to level of risk assumed.