Part 2: Section D LOS
Define legal risk, compliance risk, and political risk
+ Legal risk[dispute or new laws]—the chance that your business will be involved in a lengthy and costly dispute; or the chance that new regulations will disrupt the operations of business. + Compliance risk[meet or break the laws]—The risk associated with the organization's ability to meet rules and regulations set forth by governmental agencies. It is closely related to legal risk, and it is also the possibility of knowingly and unknowingly breaking laws or regulations. + Political risk—the possibility that political events, elections, laws will disrupt or impede operations. Instability includes changes in government, legislative bodies, and foreign policy makers.
Identify and explain the different types of risk, including business risk, hazard risks, financial risks, operational risks, and strategic risks
- Business risk = the possibility that an organization either will have a lower profit than expected or will experience a loss instead or profit. - Hazard Risk = The risk that the workplace environment or a natural disaster can disrupt the operations of an organizations. - Financial Risk= risk caused by inability to finance the business short-term and long-term. This can be lessen by minimizing the cost of capital. - Operational Risk= risk of loss for an organizations occurring from inadequate systems, processes or external events. - Strategic Risk= risk related to planning and strategic decisions. the risk that a company's strategy will not be sufficient for the organization to achieve its objectives annd maximize shareholder value. !: capital adequacy apples to a ll business entities.
Identify strategies for risk response (or treatment), including actions to avoid, retain, reduce (mitigate), transfer (share), and exploit (accept) risks
1. Risk Avoidance - it is by eliminating the risk by not investing in that situation. 2. Risk Transfer/Sharing - It is transferring the risk to another party. 3. Risk Reduction/Mitigation - Engaging in actions that will reduce the risk [e.g. hedges, swaps, options] 4. Retaining the risk - it it by developing internal activities to manage the risk. [e.g. by maintaining a reserve fund] 5. Risk Acceptance/- the firm just accepts and do nothin with the risk. Risk Exploitation: response where a company intentionally take on more risk as a way to earn higher returns.
Define the concept of capital adequacy; i.e., solvency, liquidity, reserves, sufficient capital, etc
Capital adequacy measures how well a financial institution protects its deposi-tors and protects the financial systems around the world. The measure of capital adequacy is called the capital adequacy ratio (CAR) Capital Adequacy Risk= risk related to a company's ability to protect its depositors. CAR = [Tier 1 Capital + Tier 2 Capital] / [Risk - Weighted Assets] Tier-one capital is used to absorb losses and does not require a bank to cease operations.[equity capital, a intangible assets, and audited revenue reservse] Tier-two capital absorbs losses in the event of a company winding up or liquidating. Tier-2 capital is seen as less secure than Tier-1. [unaudited reserves, and general loss reserves]
Explain how ERM practices are integrated with corporate governance, risk analytics, portfolio management, performance management, and internal control practices
ERM and Corporate Governance 1. Establish a CRO - congruent with the COO and CFO. This highlights to all stakeholders that BODs ERM to be a priority. 2. Establishing a Risk Committee that reports to the Board of Directors [not the management] 3. Internal audit function must be heavily in any ERM program !: Risk analysis is NOT a component of corporate government but a separate operational issue.
Identify event identification techniques and provide examples of event identification within the context of an ERM approach
Event identification techniques: 1. Loss Event Data Technique 2. Facilitated workshop and Interview Techniqe 3. Process Flow Technique 4. Event Inventories Technique 5. Internal Analysis technique 6. Leading Events Indicator 7. Escalation/Threshold Trigger Technique -Loss Event Data Technique: this involves analyzing past date on loss events to assess trends. Example, a delivery company analyzes losses from accidents its vehicles to see any patterns. - Facilitated workshop and Interview Techniqe: this involves drawing on the accumulated experiences of all involved parties through structured discussions and interviews. Examples, the head of HR holds meeting with employees to get their ideas on possible steps to improve the hiring process. - Process Flow Technique: this involves assessing the steps an organization god through to identify events of interest. Examples, the company maps out the process for conducting position searches and hiring new employees. - Event Inventories Technique: this involves using list of generic events related to a particular projects as a starting point for event identification. Example, a company consults a list of events related to this project. - Internal Analysis technique:this involves using both internal and external information as part of the evaluation process. This analysis is typically done as part of the organization's routine activities. Example, a company is purchasing a new piece of equipment uses its "own" experience with the manufacturer of the of the equipment AS WELL AS "customer reviews" to evaluate the purchase. - Leading events indicator technique: involves monitoring data expected to be correlated with events of interest. Example: A company monitoring absenteeism, lateness, and disruptive behavior on the job to determine employees who may be more likely to commit fraud against the company. - Escalation/Threshold Trigger Technique. involves monitoring data and taking action when a pre-determined threshold is reached. Example: a bank compares weekly credit card application once a decrease of 10% is reached.
Identify methods of managing operational risk
Examples: 1. Proper internal controls. [e.g. segregation do duties] 2. Business continuity planning [.e.g moving data center away from a flood-prone area] 3. Adequate hiring practices [e.g. running criminal background checks on prospective employees] 4. Shifting cost structure[from fixed costs to greater reliance on variable costs] 5. Getting an insurance: A. Hazard Insurance: protection from accidents or natural disaster B. Liability Insurance: protection against lawsuit caused by faulty product or injuries suffered on company's property [example: customer falling down and getting injured in a store]
Explain the use of probabilities in determining exposure to risk.
Firm can use probabilities to help identify, quantify and assess the risks facing an organization. To assess the risk involved, firms must identify what are the "possible outcomes" and "how likely" it is for each outcome. At time, it is more difficult to estimate the likelihood of an outcome than determine the possible outcomes. With that being said, Risk exposure = Risk Impact x Probability Exposure to risk is the function its impact[the cost involved] and its probability[the likelihood that the impact will materialize].
Demonstrate an understanding of the concept of residual risk and distinguish it from inherent risk
Inherent Risk is typically defined as the level of risk in place in order to achieve an entity's objectives and before actions are taken to alter the risk's impact or likelihood. Residual Risk is the remaining level of risk following the development and implementation of the entity's response. The difference between the inherent and residual risk may be imagined or visualized as water flowing through a filter. Inherent risk is above the filter, which constitutes management controls. A smaller pool of residual risk remains. Interest risk always exists, and the residual risk is the remaining risk after the risk mitigation strategies taken.
Define enterprise risk management (ERM) and identify and describe key objectives, components, and benefits of an ERM program
It is the comprehensive analysis and management of all risk facing the organization. Its goal is to create, protect and enhance shareholder value. Enterprise risk management is not a function or department. Enterprise risk management is more than a risk listing. Enterprise risk management addresses more than internal control. It also addresses other topics such as strategy-setting, governance, commu- nicating with stakeholders, and measur- ing performance. Its principles apply at all levels of the organization and across all functions. Enterprise risk management can be used by organizations of any size. KEY OBJECTIVES goal of ERM is: To create, protect, and enhance shareholder value by managing the uncertainties that could either negatively or positively influence achievement of the organization's objectives. Stronger internal controls, more effective corporate governance, and implementation of ERM can lead to improved stability, reaction time, and increased shareholder value. COMPONENTS 1. Governance and Culture: - Exercise board risk oversight - Establishing operating structure - Defines desired culture - Demonstrates commitment to core values - Attracts, develops and retains capable individuals 2. Strategy and Objective-Setting - Analyze business context - Defines risk appetite - Evaluate alternative strategies - Formulates "business-objectives" 3. Performance - identify risks - assesses severity of risk - Prioritize Risks - Implement risk response - Develop portfolio view of risk 4. Review and Revision - Assess substantial change - Reviews risk and performance - Implement in ERM 5. Information and Communication Reporting - Leverage information system - Communicate risk information - Reporting BENEFITS [memorize] - Increasing the range of opportunities - Identifying and managing risk-entity wide - Increasing positive outcomes and advantage while reducing negative surprises - Reducing performance variability - Improving resource development - Enhancing enterprise resilience
Identify and explain the benefits of risk management
O - Increasing range of opportunities: By considerations al possibilities[negative and positive aspects of risk], management can identify new opportunities and unique challenges associated with the current opportunities. S - Increasing positive outcomes and advantage while reduction negative surprises: RM allows entities to establish appropriate responses, reducing surprises risk and related costs, or losses while profiting from advantageous developments. V - Reducing performance variability: Identifying risk beforehand enables companies to put in place the actions needed to minimize disruption and maximize oppotunities. R - Improving resource development: Every risk could be considered a request of resources. Obtaining a robust information on risk allows management, in the face of finite resources, to (1) assess overall resource needs, (2) prioritize resource deployment and (3) enhance resource allocation. R - Enchaning enterprise risk resilience: An entity's viability depends on its ability to anticipate, and respond to changes.[evolve and thrive = survive]. ! Risk Management does NOT reduce risk to the lowest level possible [but Only identify, assess and prioritize them ]
Demonstrate an understanding of operational risk
Operational risk of loss resulting from failure or inadequacy of internal policies, processes, people, and products or from external events. Organizations may have inadequate internal controls to protect its entity. Internal control processes may not be properly documented or reviewed, or the organization's employees may not properly execute the procedures. Organization may not hire people with the skills or ethical background necessary to make the right decisions. Product issues, such as supply chain risks or defective quality, can affect the organization's risk from operations. External events, such as natural disasters, information technology hacking, or additional events outside of the organization, can also affect an organization's operational risk. Examples of Operation risk: 1. Inadequate backup or redundancy in computer systems 2. Lack of segregation of duties, increasing the risk of employee fraud 3. Natural disasters, such as floods, earthquakes, and fires 4. Failure to comply with appropriate laws and regulations
Identify and explain qualitative risk assessment tools including risk identification, risk ranking, and risk maps
Qualitative risk analysis is the process of evaluating the potential losses from a given risk using a combination of known information about the situation, knowledge about the underlying process, and judgment about the information that is not known or well understood. Some of the tools and techniques for qualitative risk analysis are: 1. Risk Identification: involves the brainstorming to list the risk facing an organization. 2. Risk Ranking: it is where managers use their intuition to rank risk according to the probability of occurrence and magnitude of loss. 3. Risk Map: it where risk are displayed visually with the probability of occurrence on on axes and the magnitude on the other axis.
Identify and explain quantitative risk assessment tools including cash flow at risk, earnings at risk, earnings distributions, and earnings per share (EPS) distributions
Quantitative analysis quantifies the possible outcomes for the project and assesses the probability of achieving specific project objectives Value at risk[cash flow at risk and earnings at risk]: > Cash flow at risk: the risk assessment tool that the maximum loss for a given period in terms of cash flow. > Earnings at risk: a risk assessment tool that measures the maximum loss for a given period in terms of accrual earnings. Earnings distribution: a risk assessment tool that utilizes graphs of potential returns and the probabilities of those returns to assess risk. EPS Distribution
Demonstrate an understanding of how volatility and time impact risk
Risk is function of volatility and time. Volatility refers to the unpredictability of an outcome. When an outcome is more volatile it increases the uncertainty of an event taking place, and thereby is considered riskier. Risk is also affected by the time horizon in which the event takes place. Generally speaking, the further away an event or outcome is, the more difficult it is to anticipate and it is the therefore more risky.
Identify and describe the key steps in the risk management process
Risk management involves identifying, assessing, and prioritizing risks. It also involves developing responses to risks (avoidance, mitigation, sharing, retention, and exploiting). 1. Determine the company's risk tolerance[Risk tolerance]: This step identifies the organizational attitude toward risk. Will the company accept significant financial risks? Does the company want to take on only selective risk exposures? Must the firm eliminate all risks? 2. Evaluate the risk exposures. [Risk exposure]: During this step, the specific nature of the exposure must be identified (e.g., what is the primary risk factor?). Then the exposure must be quantified so that a decision can be made as to whether the level of risk is acceptable to the organization 3. Implement an appropriate risk management strategy [Implement]: A risk management strategy identifies what actions (if any) must be taken to manage the risk exposure. A wide variety of strategies is possible. 4. Monitor the risk exposure and risk strategy[Monitor]: Periodic monitoring assesses the status quo or any unexpected changes in the risk exposure (as a result of market volatility, etc.). This step also considers whether the risk management strategy selected is effective. Strategy adjustments may be necessary.
Identify and explain financial risk management methods
Risk sharing strategies like entering into forwards and joint ventures.
Define risk transfer (e.g., purchasing insurance, issuing debt)
Risk transfer is a risk management and control strategy that involves the contractual shifting of a pure risk from one party to another. To compensate the third party for bearing the risk, the individual or entity will generally provide the third party with periodic payments. + Issuing debt to raise funds needed for a new product launch: as part of the risk of a loss from the product launch is transferred to the lenders. If equity capital is raised, the owners take on all the risk of the product launch. + Purchase insurance. + Outsourcing. Outsource difficult work to a more experienced company + Indeminifcation clauses in contracts: indemnification clause is a clause in which the parties involved in the contract commit to compensating each other for any harm, liability, or loss arising out of the contract.
Explain how attitude toward risk might affect the management of risk
The first key steps in risk management is identifying the risk tolerance of company. Determination of the company's risk appetite shifts the selection of risk strategies that is fit within its tolerance. An entity that is risk averse attempts to shy away from risk and is willing to additionally pay more in order to minimize the risk involved. A risk seeker entity wants more return with the expaction of more risk. This type of management is willing to pay more for the extra risk. entity is said to be risk neutral when its risk preference lies in between these two extremes. Risk neutral individuals will not pay extra to have the risk transferred to someone else, nor will they pay to engage in a risky endeavor. To them, money is money. They don't pay for insurance, nor will they gamble.
Define the concepts of unexpected loss and maximum possible loss (extreme or catastrophic loss)
Unexpected loss is the amount that a cautious manager might think could be lost to the risk in a very bad year, in excess of the expected loss amount that has been budgeted for, up to the maximum probable loss. The business should reserve this amount as capital. These are the loss percentiles in excess of the expected loss. But there is an actual loss, unexpected difference between the expected loss from the situation and the actual loss experienced. The maximum probable loss (also called the probable maximum loss, or PML) is the largest loss / amount of damage that is likely to occur in a very bad year. Value-at-Risk can be used to estimate the probable maximum loss that may be incurred at the end of the year. Value-at-Risk (VaR) measures the potential loss in value of a risky asset or event over a defined period for a given confidence interval. Maximum Loss = Expected Loss + Unexpected Loss
Identify and explain Value at Risk (VaR)
Value at Risk or VaR is the maximum loss for a given period of time and for a given specified level of confidence/probability. It also measures risk in a currency but it does NOT apply to illiquid assets such as real estate. VaR is a prospective measure[the market risk] of volatility, which means it measures real time risk rather than historical risk.. It includes cash flow at risk and earnings at risk. VaR can be calculated using historical method, variance-covariance method, Monte Carlo simulation. - Historical method: where this assumes that history repeats itself, this estimates the risk based on actual historical returns for a time period. - Variance-covariance method assumes that stock returns are normally distributed. - Monte-Carlo simulation refers to any method that randomly generate hyphothetical trials with difference assumptions.