Risk Management Principles and Practices
Describe the quadrants of risk.
Hazard: Risks that arise from property, liability, or personnel loss exposures and are generally the subject of insurance. Operational: Risks that fall outside the hazard risk category and arise from people or a failure in processes, systems or controls. Financial: Risks that arise from the effect of market forces on financial assets or liabilities and include market risk, credit risk, liquidity risk and price risk. Strategic: Risks that arise from trends in the economy and society including changes in the economic, political and competitive environments, as well as demographic shifts.
Explain the difference between Pure and Speculative risk.
Pure Risk a chance of loss or no loss with no chance of gain while Speculative Risk is a chance of loss, no loss or gain.
Define Hazard risk.
Risk from accidental loss, including the possibility of loss or no loss.
Describe the risk management objective of "Economy of Risk Management Operations."
Risk management and risk management operations should be operated economically and efficiently. One way to measure the economy of a risk management program is through bench marking in which an organizations risk management costs are compared to similar organizations. Contains the costs of risk assessment, risk control and risk financing. Also the administrative costs of the risk management program.
Describe three benefits of risk management for the entire economy.
Risk management benefits the entire economy by reducing waste of resources, improving allocation of productive resources and reducing systemic risk.
Explain how risk management can help an organization maximize its profitability.
Risk management can help an organization maximize its profitability by providing information to evaluate the potential risk-adjusted return on activities and to manage the risks associated with those activities. Although the same amount of capital may be required for each activity being considered, the risk-adjusted return will not be the same. Risk management can help the organisation evaluate the risks and potential returns of its activities and how these activities will affect the organisations efforts to meet it's objectives.
Describe three benefits to an organization of reducing deterrence effects by risk management.
Risk management reduces the deterrence effects of uncertainty about potential future accidental losses by making these losses less frequent and less severe and more forseeable. The resulting reduction in uncertainty benefits an organization in the following ways: 1. Alleviates or reduces managements fears about potential losses, thereby increasing the feasibility of ventures that at first appeared too risky. 2. Increases profit potential by greater participation in investment or production activities. 3. Makes the organisation a safer investment and therefore more attractive to suppliers of investment capital through which the organization can expand.
Describe the risk management objective of "Social Responsibility."
Social responsibility is a goal for many organizations. It includes the organizations ethical conduct as well as the philanthropic commitments that the owners of the organization have made to the community and society as a whole. This is an important objective as it plays a large role in the organizations reputation.
In point form how has the risk environment changed?
-2008 financial crisis showed a need for change in risk management practices -Traditionally risk management applies to risks associated with accidents but that has been greatly expanded -Now includes all risks of the organization (negative or positive) and their effects on the organizations objectives -Has evolved to consider the interconnections between internal and external risk -Now a holistic approach to risk management. Organizations now know it's important to manage all risk. -Now consider 4 high level categories. Hazard risks, Operational Risks, Financial Risks, Strategic Risks
What the the 6 basic measures that apply to risk management? Also know as "Basic Risk Measures."
-Exposure -Volatility -Likelihood -Consequences -Time Horizon -Correlation
Define Cost of Risk.
1. Cost of accidental losses not reimbursed by insurance or other sources. 2. Insurance premiums or expenses incurred for non-insurance indemnity 3. Costs of risk control techniques to prevent or reduce the size of accidental losses 4. Costs of administering risk management activities.
Identify the steps an organization should take to provide business continuity.
1. Identify activities who interruptions cannot be tolerated. 2. Identify the types of accidents that could interrupt such activities 3. Determine the standby resources that must be immediately available to counter the effects of those accidents. 4. Ensure the availability of the standby resources at even the most unlikely and difficult times.
List the 8 risk management goals.
1. Tolerable Uncertainty 2. Legal and regulatory compliance. 3. Survival 4. Business continuity 5. Earnings and stability 6. Profitability and growth 7. Social Responsibility 8. Economy of risk management operations
Summarize various objectives and goals for managing risk.
1. Tolerable uncertainty 2. Legal and regulatory compliance 3. Survival 4. Business continuity 5. Earnings stability 6. Profitability and growth 7. Social responsibility 8. Economy of risk management operations
Explain how risk management can help an organization increase intelligent risk taking.
A benefit or risk management includes providing the organization with a framework to analyze the risks associated with an opportunity and then to manage those risks. Risk management can help the organization if the potential rewards are greater than the downside risks, thereby increasing intelligent risk taking.
Define the term: Law of Large numbers
A mathematical principle stating that as the number of similar but independent exposure units increases, the relative accuracy of predictions about future outcomes (losses) also increases.
Define the term: Correlation
A relationship between variables. Bank lending to employees and manufacturer of employees creating a correlation and increased chance of a severe loss should the manufacturer go out of business for some reason.
Define Nondiversifiable Risk.
A risk that affects a large segment of society at the same time.
Define Diversifiable Risk.
A risk that affects only some individuals, businesses or small groups
Describe the basic risk measure of "Time Horizon."
A risk's time horizon can be measured in various ways. Longer time horizons are generally riskier than shorter ones. For example a 15 year mortgage is riskier than a 30 year mortgage. For example the diversification of financial investments can help manage the risks associated with the time horizon of those investments.
Define Risk profile.
A set of characteristics common to all risks in a portfolio.
Explain the goal of tolerable uncertainty.
A typical risk management goal is tolerable uncertainty, which means aligning risks with the organizations risk appetite. Managers want to be assured that whatever might happen will be within the bounds of what was anticipated and will be effectively addressed by the risk management program. Risk managment programs should use measurements that align with the organizations overall objectives and take into account the risk appetite of the senior management.
Describe the risk management goal of satisfying the organizations legal requirements.
An important goal for risk management programs is to ensure that the organizations legal obligations are satisfied. Such legal obligations are typically based on these items: 1. Standard of care that is owed to others. 2. Contracts entered into by the organization 3. Federal, state, provincial, territorial and local laws and regulations.
Define the term: Exposure
Any condition that presents a possibility of loss or gain; whether or not an actual loss occurs.
Why are basic risk measures important to the risk management process?
Because to measure is to know and if you can't measure it you can't improve it. Risk management requires measures of risk in order to both know the nature of risks and manage them to help an organization meet it's objectives.
Describe how classifying risk helps an organizations risk management process.
Classification can help with assessing risks, because many risks in the same classification have similar attributes. It also can help with managing risk, because many risks in the same classification can be managed with similar techniques. Finally, classification helps with the administrative function of risk management by helping to ensure that risks in the same classification are less likely to be overlooked.
Describe how consequences are used to measure risk.
Consequences are the measure of the degree to which an occurrence could positively or negatively affect an organisation. The greater the consequences, the greater the risk.
Define the term: Consequences
Consequences are the measure of the degree to which an occurrence could positively or negatively affect an organization.
Describe the basic risk measure of "Consequences."
Consequences are the measure of the degree to which an occurrence could positively or negatively affect an organization. The greater the consequences the greater the risk. If there is a low likelihood of occurrence and the consequences are minor the organization may choose to not manage the risk.
Describe the risk management objective of "Business Continuity."
Continuity of operations is a key goal for many private organizations and an essential goal for all public entities. Business Continuity is more demanding than simply surviving. To be resilient, an organization cannot interrupt its operations for any appreciable time. Steps to insure this are: -Identify activities whose interruptions cannot be tolerated -Identify the types of accidents that could interrupt such activities -Determine the standby resources that must be immediately available to counter the effects of those accidents -Ensure the availability of the standby resources at even the most unlikely and difficult times
What is the ISO definition of risk management?
Coordinated activities to direct and control an organization with regard to risk.
Explain the affect of correlation on the organisations risks.
Correlation is a measure that should be applied to the management of an organisations overall risk portfolio. If two or more risks are similar, they are usually highly correlated. The greater the correlation the greater the risk.
Contrast diversifiable risk and nondiversifiable risk.
Diversifiable risk is not highly correlated and can be managed through diversification or spread of risk. Nondiversifiable risks are correlated - that, their gains or losses tend to occur simultaneously rather than randomly.
Summarize how an organization should align its risk management objectives.
Each organization should align its risk management objectives with its overall objectives. These objectives should reflect the organizations risk appetite and the organizations internal and external context.
Describe the risk management objective of "Earnings Stability."
Earnings stability is a goal of some organizations. Rather than strive for the highest possibly level of current profits in a given period, some organizations emphasize earnings stability over time. Striving for earnings stability requires precision in forecasting fluctuations in asset values, risk management costs such as cost of insurance.
Describe the use of exposure as a risk measure.
Exposure provides a measure of the maximum potential damage associated with an occurrence. Generally, the risk increases as the exposure increases, assuming the risk is nondiversifiable.
Describe the basic risk measure of "Exposure."
Exposure provides a measure of the maximum potential damage associated with an occurrence. The risk increases as the exposure increases. Some exposures can be quantified by a measurement while others are not so easy. In these cases the exposure should be considered from a qualitative point of view.
Describe how there can be trade-offs among goals of the organization and risk management goals.
For example to obtain tolerable uncertainty the risk management professional may have to advise senior management that a growth goal is not achievable without adjusting either the risk appetite or the growth strategy. Legality and social responsibility goals may be in conflict with the economy of operations goals.
Define the term: Volatility
Frequent fluctuations, such as the price of an asset or the cost of energy a company uses to keep is operations running.
Describe the basic risk measure of "Volatility."
Generally risk increases as volatility increases. Volatility can often be quantified for example the volatility of commodity or energy prices. Utility companies airlines, trucking companies and other types of organizations that dependent on fuel use strategies such as hedging to manage the risk associated with volatility in the price of oil.
Describe the major changes in the risk landscape.
In large part because of trends in technology, globalisation, and finance, the risk landscape has changed dramatically. Organisations exist in a global environment which mean they face hazards such as earthquakes and floods or political risks such as terrorism or local conflicts or financial risks such as currency exchange rates or economic risks such as recessions. The interconnection or possibility of correlation between these risks adds to their complexity and effects they can have on a risk.
Describe the basic risk measure of "Correlation."
Is a measure that should be applied to the management of an organizations overall risk portfolio. If two or more risks are similar, they are usually highly correlated. The greater the correlation the greater the risk. For example if a bank makes mortgage loans primarily to the employees of a local manufacturer and the business loans primarily to the same manufacturer, the bank's loan risks are correlated. Failure of the manufacturing business would be catastrophic for the bank's entire loan book of business.
Define the term: Time Horizon
Is the estimated duration of an activity or situation. The time horizon can be measured in different ways.
Explain why its important to distinguish between speculative risks and pure risks when making management decisions.
It is important for an organization to distinguish between speculative risks and pure risks when making risk management decisions because the two types of risk must often be managed differently. Further, most insurance policies are not designed to handle speculative risk.
Give an example of how each of the following risk management program goals might conflict with the goal of economy of risk management operations: Legality
Legality might conflict with the goal of economy of operations because implementing safety regulations could be an added expense.
Compare the risk related to short and long time horizons.
Longer horizons are generally more risky than shorter time horizons.
Identify the four high-level categories of risk.
Operational Strategic Financial Hazard
Describe the holistic approach to risk.
Recent risk management theory includes the concept of a holistic approach to risk management. Organizations now realize that it is important to manage all their risks, not just those that are familiar or easy to quantify. Risks that seem insignificant have the potential to create significant damage or opportunity when they interact with other events. A holistic approach helps organizations to develop a true perspective on the significance of various risks.
Describe the risk management objective of "Profitability and Growth."
Senior management might have established a minimum amount of profit (or surplus) that no event should reduce. Risk management process needs to identify the risks that could prevent the goal from being reached or risks that could help them achieve this goal within the context of the organizations over all objectives. It is essential that risk managers understand growth goals in the context of senior managements risk appetite.
Give an example of how each of the following risk management program goals might conflict with the goal of economy of risk management operations: Social Responsibility
Social responsibility might conflict with the goal of economy of operations because obligations such as charitable contributions could raise costs.
What is the RIMS definition of risk management?
Strategic risk management is a business discipline that drives deliberation and action regarding uncertainties and untapped opportunities that effect an organizations strategy and strategy execution.
Explain the difference between Subjective and Objective risk.
Subjective Risk is the perceived amount of risk based on an individual's or organizations opinion. Where as objective risk is the measurable variation in uncertain outcomes based on facts and data.
Explain the reasons why subjective and objective risk may differ.
Subjective and objective risk may differ for these reasons: Familiarity and control: For example, although many people consider air travel (over which they have no control) to carry a high degree of risk, they are much more likely to suffer a serious injury when driving their cars, where the perception of control is much greater. Consequences over likelihood: People often have two views of low-likelihood, high consequence events. The first misconception is that is can't happen to me view which assigns a probability to low likelihood events of zero. The other is overstating the likelihood of the event which is particularly common for people who have personally been exposed to the event personally. The other misconception is associating high probability because of the severity and notoriety of an event such as the effect of earthquakes shown on the news.
Describe the risk management goal of survival.
Survival of an organization depends on identifying as many risks as possible that could threaten the organisations ability to survive and managing those risk appropriately. It also depends on anticipating and recognising emerging risks.
Describe the risk management objective of "Survival."
Survival of an organization depends on identifying as many risks as possible that could threaten the organization's ability to survive and manage those risks appropriately. It also depend son anticipating and recognizing emerging risk, such as those related to climate change.
Describe the ISO 31000:2009 definition of risk management.
The ISO 31000:2009 definition of risk management is "coordinated activities to direct and control an organization with regard to risk. This definition reflects an organization managing risks both positive and negative, to meet it's objectives.
Describe the risk management goal of "Tolerable Uncertainty."
The aligning of risks with the organization's risk appetite. Managers want to be assured that whatever might happen will be within the bounds of what was anticipated and will be effectively addressed in the risk management program.
Explain one reason why the evolution of risk management occurred.
The evolution of risk management has occurred in part because of the high-profile failures of large organizations during the late twentieth century, followed by the global financial crisis.
What is the COSO definition of risk management?
The identification, assessment and response to risk to a specific objective.
Describe the basic risk measure of "Likelihood."
The likelihood of an occurrence is a key measure in risk management. The ability to determine the probability of an event mathematically is the foundation of insure and risk management. The reason "likelihood" is used rather then probability is probability analysis relies on the law of large numbers.
Define Objective Risk.
The measurable variation in uncertain outcomes based on facts or data.
Define Subjective Risk.
The perceived amount of risk based on an individual or organisations opinion.
Define Systemic Risk.
The potential for a major disruption in the function of an entire market or financial risk.
Describe the relationship between Likelihood and Consequences for risk management.
The relationship between likelihood and consequences is critical for risk management in assessing risk and deciding whether and how to manage it.
Summarize how the relationship between likelihood and consequences affects risk management.
The relationship between likelihood and consequences is critical for risk management in assessing risk and deciding whether and how to manage it. Therefore, organizations must determine to the extent possible the likelihood of an event and then determine the possible consequences if the event occurs. In assessing the level of risk, the risk management professional must understand to the extent possible both the likelihood and the consequences.
Define Liquidity Risk.
The risk that an asset cannot be sold on short notice without incurring a loss.
Define Credit Risk.
The risk that customers or other creditors will fail to make promises payments as they become due.
Compare the traditional concept of risk with the evolved concept of risk.
The traditional concept of risk, inherent to insurance, is that risk is a hazard that could happen to an individual organisation. The evolved concept of risk is "the effect of uncertainty on objectives" which provides a boarder understanding and considers positive outcomes of risk as well as the negative.
Explain how risk management helps an organisation meet the minimum amount of profit expectation for an activity.
To achieve the minimum amount, risk management professionals must identify the risks that could prevent this goal from being reached, as well as the risks that could help achieve this goal within the context of the organizations overall objectives.
Describe the risk management objective of "Legal and Regulatory Compliance."
To ensure that the organization's legal objectives are satisfied. Such legal obligations are typically based on these items: -Standard of care that is owed to others -Contracts entered into by the organization -Federal, state, provincial, territorial and local laws and regulations
Give an example of how each of the following risk management program goals might conflict with the goal of economy of risk management operations: Tolerable Uncertainty
Tolerable uncertainty might conflict with the goal of economy of operations because of the cost of risk management efforts.
Describe the benefits of holistic risk management compared with traditional risk management for an organization.
Traditional risk management was conducted within silos within an organization. This fragmented approach can miss critical risks to the organization and fails to provide senior management with a picture of the organizations risk portfolio and profile. An integrated approach which manages risks across all levels and functions within an organization presents a more complete picture of an organizations risk portfolio and profile. This picture allows for better decisions made by senior management as well as improved outcomes for those decisions.
Define Market Risk.
Uncertainty about an investment's future value because of potential changes in the market for the type of investment.
Define value at risk.
Value at Risk (VaR) is a measure of the risk of investments. It estimates how much a set of investments might lose, given normal market conditions, in a set time period such as a day. VaR is typically used by firms and regulators in the financial industry to gauge the amount of assets needed to cover possible losses.
Explain the effect of volatility.
Volatility provides a basic measure that can be applies to risk. Generally, risk increases as volatility increases. Involves fluctuations within values of assets or operational costs for example.
Describe how an organization's total cost of risk associated with an asset or activity is calculated.
You take the sum of the following costs: 1. The cost of accidental loss not reimbursed by insurance or other sources. 2.Insurance premiums or the expenses incurred for non-insurance indemnity 3. Cost of risk control techniques to prevent or reduce the size of accidental loss. Or the costs of techniques which will put the organisation to capitalise on positive outcomes of risk. 4. The cost of administering risk management activities.