Chapter 1
Describe three benefits to an organization of reducing deterrence effects by risk management
RM reduces the deference effects of uncertainty about potential future accidental losses by making these losses less frequent, less severe, or more foreseeable. The resulting reduction in uncertainty beenfits an organization in these ways: - alleviates or reduces managements' fears about potential losses, thereby increasing the feasibility of ventures that once appears too risky - increases profit potential by greater participation in investment or production activities - makes the organization a safer investment and therefore more attractive to suppliers of investment capital through which the organization can expand.
Cloud computing
information, technology, and storage services contractually provided from remote locations, through the internet or another network, without a direct service connection
Identify the primary enabler of data capture
smart producs
Internet of Things (IoT)
A network of objects that transmit data to computers
describe the quadrants of risk
- hazard risk arise form property, liability, or personnel loss exposures and are generally the subject of insurance - operational risks fall outside the hazard risk category and arise from people or a failure in processes, systems or controls - financial risks arise from the effect of market forces on financial assets or liabilties and include market risk, credit risk, and liquidity risk and price risk - strategic risks arise from trends in the economy and society, including changes in the economic, political and competitive environments, as well as from demographic shifts.
Give an example of how each of the following risk management program goals might conflict with the goal of economy of risk management operations: - tolerable uncertainty - legality - social responsibility
- tolerable uncertainty - might conflict with the goal of economy of operations because of the cost of risk management efforts - legality - might conflict with the goal of economy of operations because implementing safety standards could be an added expense - social responsibility - obligations such as charitable contributions could raise costs.
explain the reasons why subjective and objective risk may differ
1 - familiarity and control - for example, air travel and driving 2 - consequences over likelihood - people have two views of low likelihood, high consequence events. the first misconception is the "it cant happen to me" view. the 2nd one is overstating the probability of a low-likelihood event, which is common for people who have personally been exposed to the event previously. 3 - risk awareness - organizations differ in terms of their level of risk awareness and, therefore, perceive risks differently. an organization that is not aware of its risk would perceive the likelihood of something happening as very low.
Provide two typical impediments to successfully implementing an ERM program.
1 - technology deficiency. 2 - traditional organizational culture of entrenched silos (prob biggest one)
identify the three main theoretical pillars of ERM
1. Interdependency; 2. Correlation 3. Portfolio theory
Using the data below, calculate the total cost of risk: - Costs of accidental losses not reimbursed by insurance:$1.2 mil - Insurance premiums: $10 mil - Risk control techniques: $2 mil - Costs of administering risk management activities: $0.5 mil
1.2 mil + 10 mil + 2 mil + .5 mil = 13.7 mil
law of large numbers
A mathematical principle stating that as the number of similar but independent exposure units increases, the relative accuracy of predictions about future outcomes (losses) also increases.
speculative risk
A chance of loss, no loss, or gain.
nondiversifiable risk
A risk that affects a large segment of society at the same time.
diversifiable risk
A risk that affects only some individuals, businesses, or small groups.
Risk Profile
A set of characteristics common to all risks in a portfolio
Value at risk
A threshold value such that the probability of loss on the portfolio over the given time horizon exceeds this value, assuming normal markets and no trading in the portfolio
describe communications in an organization with a fully integrated ERM program
An organization with fully integrated ERM program develops a communication matrix that moves info throughout the org. Communications include dialogue and discussions among the different units and levels within the organization. the establishment of valid metrics and the continuous flow of cogen data are a critical aspect to this communication process. the metrics are carefully woven into reporting structures that engage the entire organization, including both internal and external stakeholders.
Enterprise risk management
An approach to managing all of an organization's key business risks and opportunities with the intent of maximizing shareholder value.
Smart product
An innovative item that uses sensors; wireless sensor networks; and data collection, transmission, and analysis to further enable the item to be faster, more useful, or otherwise improved.
Exposure
Any condition that presents a possibility of gain or loss, whether or not an actual loss occurs.
time horizon
Estimated duration
Describe the use of exposure as a risk measure
Exposure provides a measure of the maximum potential damage associated with an occurrence. generally, the risk increases as the exposure increases, assuming the risk is nondiversifiable.
volatility
Frequent fluctuations, such as in the price of an asset.
Describe how an organization's total cost of risk associated with an asset or activity is calculated
It is the total of these: - costs of accidental loss no reimbursed by insurance or other outside sources - insurance premiums or expenses incurred for noninsurance indemnity - costs of risk control techniques to prevent or reduce the size of accidental losses - costs of administering risk management activities
Text mining
Obtaining information through language recognition
describe the role of the chief risk officer (CRO) in ERM
The CRO assumes the role of facilitator in ERM. As such, the crowd engages the organization's management in a continuous conversation that establishes risk strategic goals in relation to the organizations' s.w.o.t.. The CRO's responsibility includes helping the enterprise to create a risk culture in which managers of the organization's divisions and units, and eventually individual employees, become risk owners.
objective risk
The measurable variation in uncertain outcomes based on facts and data.
subjective risk
The perceived amount of risk based on an individual's or organization's opinion.
systemic risk
The potential for a major disruption in the function of an entire market or financial system.
liquidity risk
The risk that an asset cannot be sold on short notice without incurring a loss
credit risk
The risk that customers or other creditors will fail to make promised payments as they come due
cost of risk
The total cost incurred by an organization because of the possibility of accidental loss.
Telematics
The use of technological devices in vehicles with wireless communication and GPS tracking that transmit data to businesses or government agencies; some return information for the driver.
describe a common concept among the various definitions of enterprise risk management
The various definitions of ERM all include the concept of managing an organization's risk to help that organization meet its objectives. This link between the management of an organization's risks and its objectives is a key driver in deciding how to assess and treat risks
market risk
Uncertainty about an investment's future value because of potential changes in the market for that type of investment
Compare the traditional risk management function with the ERM risk management function
Under traditional risk management organizational model, there is risk manager and a risk management department to manage hazard risk. this traditional function mainly provides risk transfer, such as insurance, for the organization. In ERM, the responsibility of the risk management function is broader and includes all of an organization' risks, not just hazard risk. Additionally, the entire organization at all levels becomes responsible for risk management as the ERM framework encompasses all stakeholders
Pure risk
a chance of loss or no loss, but no chance of gain
compare pure risk with speculative risk
a pure risk is a chance of loss or no loss, but no chance of gain, in comparison, speculative risk involves a chance of gain.
explain the effect of correlation on an organization's risk
correlation is a measure that should be applied to the management of an organization's overall risk portfolio. if two or more risk are similar, they are usually highly correlated. the greater the correlation, the greater the risk.
classify each of these risk as pure or speculative subjective, or objective, and diversifiable or nondiversifiable: a) damage to an office building resulting from a hurricane b) reduction in value of retirement savings c) products liability claim against a manufacturer
a) the risk of hurricane damage to an office building is a pure risk in that there is no chance of gain from the damage. the risk is both subjective and objective. the building owner may have his or her own idea about the frequency or severity of loss, and there are objective measure of frequency and severity based on historical data or catastrophe modeling. hurricane damage to an office building is usually nondiversifiable because hurricanes affect many properties simultaneously. b) the reduction in value of retirement savings is speculative risk because there is a chance of loss, no loss, or gain, the risk is both subjective and objective. the investor may have his or her own expectations of retirement investments. as well as historical data on investment returns. the risk is diversifiable because the investor has many investment options to offset the risk of a reduction in retirement savings. c) a products liability claim against a manufacturer is a pure risk, both subjective and objective, and diversifiable. the manufacturer can diversify into other products or services to reduce its exposure to products liability claims.
Explain the risk management goal of tolerable uncertainty
aligning risks with the organization's risk appetite. Managers want to be assured that whatever might happen will be within the bounds of what was anticipated and will be effectively addressed by the risk management program. risk management programs should use measurements that align with the organization's overall objectives and take into account the risk appetite of senior management.
Describe the risk management goal of satisfying the organization's legal requirements
based on : - standard of care that is owed to others - contracts entered into by the organization - federal, state, provincial, territorial, and local laws and regulations
Summarize the characteristics of the blockchain that result in the myriad of related risk management ramifications
by product of the medium's immutability, security, transparency, scalability, and ability to facilitate the sharing of verified, quality data.
Explain how risk management can help an organization increase intelligent risk taking
by providing it with a framework to analyze and manage the risks associated with an opportunity. RM can help the organization decide whether the potential rewards are greater than the downside risks.
Identify the three elements that fuel the big data revolution
capture, storage, and analysis of data
Describe how classifying risk helps an organization's risk management process
classification can help with assessing risks because many risks in the same classification have similar attributes. it also can help with managing risk, because many risks in the same classification can be managed with similar techniques. finally, classification helps with the administrative function of risk management by helping to ensure that risks in the same classification are less likely to be overlooked.
describe how consequences are used to measure risk
consequences are the measure of the degree to which an occurrence could positively or negatively affect an organization. the greater the consequences, the greater the risk.
Identify the four high-level categories of risk
hazard risks, operational risks, financial risks, strategic risk
Summarize how the relationship between likelihood and consequences affects risk management
critical for risk management in assessing risk and deciding whether and how to manage it. therefore, organizations must determine to the extent possible the likelihood of an event and then determine the potential consequences if the event occurs. in assessing the level of risk, the risk management professional must understand to the extent possible both the likelihood and the consequences.
contrast diversifiable with nondiversifiable risk
diversifiable risk is not highly correlated and can be managed through diversification, or spread, of risk. nondiversifiable risks are correlated - that is, their gains or losses tend to occur simultaneously rather than randomly.
Summarize how an organization should align its risk management objectives
each organization should align its objective to its overall objectives. these objectives should reflect the organization's risk appetite and the organization's internal and external context
Identify the focus of traditional risk assessment techniques
focus on root cause analysis
compare the risk related to short and long time horizons
longer time horizons are generally riskier than shorter ones.
Explain how risk management can help an organization maximize its profitability
providing it with information to evaluate the potential risk-adjusted return on its activities and to manage the risks associated with those activities. although the same amount of capital may be considered for each option, the risk-adjusted return will not be the same. risk managers can help the organization evaluate the risks and potential return of each option and their effects on the organization's meeting its objectives
Describe three benefits of risk management for the entire economy
reducing waste of resources, improving allocation of productive resources, and reducing systemic risk. any economy possesses a given quantity of resources with which to produce goods and services if an accidental loss reduces those resources, such as when a fire or an earthquake demolishes a factory or destroys a highway, that economy's overall productive resources are reduced. risk management prevents or minimizes the waste of these productive resources. risk management also improves the allocation of productive resources because when economic uncertainty is reduced for individual organizations, productive resources are better allocated. the benefits of risk-management programs at systemically important organizations include reducing system risk and reassuring investors and the public about resounable risk taking th can provide economic growth
Explain how risk management helps an organization meet the minimum profit expectation for an activity
risk management professionals must identify the risks that could prevent this goal from being reached, as well as the risks that could help achieve this goal within the context of the organization's overall objectives.
Identify the steps an organization should take to provide business continuity
steps to take and therefore, resiliency: - Identify activities whose interruptions cannot be tolerated - identify the types of accidents that could interrupt such activities - determine the standby resources that must be immediately available to counter the effects of those accidents - ensure the availability of the standby resources at even the most unlikely and difficult times.
Summarize the role of risk management in the survival of an organization
survival depends on identifying as many risks as possible that could threaten the organization's ability to survive and managing those risks appropriately. it also depends on anticipating and recognizing emerging risks.
AN international manufacturing organization has three major supplies located in the region fo Japan where the 2011 earthquake and tsunami occurred. In 2011, the organization's production was disrupted because supplies could not be received, and this resulted in a loss of sales of $200 mil. Explain whether these supplies present a future risk to the organization according to the basic risk measures that should be managed.
the organization has risk from exposure, consequences, and correlation related to these suppliers. the consequences to the organization of disruption to the supply chain were lost sales of $200 mil. The maximum exposure and consequences are unknown and depend on the length of any future disruption. the organization's risk management professional should quantify to the extent possible the probable range of exposure and consequences. there is correlation because the three supplies are in the same area. although the likelihood of another earthquake and tusnami is not high, the potential consequences, were they to occure are high. therefore, this risk shold be managed.
correlation
the relationship between variables
Describe the benefits of holistic risk management compared with traditional risk management for an organization
traditional risk management was conducted in silos within an organization. this fragmented approach can miss critical risks to the organization and vide senior management with a picture of the organization's risk portfolio and profile. an integrated, holistic approach that manages risk across all levels and functions an organizaitons presents amore complete picture of an organization's risk portfolio and profile. this pciture allows for better decisions by and improved outcomes for sneior management
An organization manufactures and sells nonprescription pain-relief products. There is a products liability risk associated with this business. describe a traditional risk management approach to this risk versus an ERM approach.
traditional would be to apply risk control techniques in the manufacture and distribution of this product and to purchase liability insurance to transfer some of the liability exposure related to consumers' use of the product. an ERM would in addition to risk control and risk transfer, also address the reputational risk related to products liability and the potential loss of business income if a particular product is removed from the market.
explain why it is important to distinguish between speculative risk and pure risks when making risk management decisions.
two types of risk must often be managed differently. further, most insurance policies are not designed to handle speculative risks.
explain the effect of volatility on risk
volatility provides a basic measure that can be applied to risk. generally, risk increases as volatility increases