Introduction to Risk Management Risk Management Fall 2013
Risk Defined • Risk – possibility of a deviation between actual and expected outcomes • Comes from an early Italian word risicare, meaning “to dare” • Thus, risk is considered a choice rather than a fate • Consider a risk that is not taken voluntary • Risk is not synonymous with “possibility of loss” or “cause of loss” • Example of starting a new business • Positive vs. negative risks
Traditional vs. Contemporary View • Traditionally, risk and risk management focused on accidental and hazard exposures, with only negative outcomes • Pure risk exposures only • Risk and Risk Management has evolved to take a more holistic approach to encompass negative and positive possible outcomes • Pure and speculative risk exposures
Impetus for Change in Risk Management Focus • Numerous high-profile large organizations failures • Enron • Arthur Anderson • Washington Mutual • Tyco • WorldCom • Financial Crisis of the 2000’s • 2011 Tsunami in Japan – killed approximately 16,000 people • These events made it clear that organizations need to evaluate and manage supply chain risk • Sarbanes-Oxley Act of 2002 • Requires controls to be disclosed and announced by public companies and their registered auditors in financial information. • OECD (Organization for Economic Co-operation and Development and World Bank initiatives and the European Union promoted initiatives and Solvency standards for risk management in financial organizations.
Important Risk Dichotomies • Hazard (or pure) risks and speculative • Traditional focus on specific, catastrophic exposures • Examination of exposures in isolation • Speculative risks include Price and Credit Risk (p. 1.24) • Subjective and objective risk (table p. 1.24) • Diversifiable and non-diversifiable risk • Diversifiable – affects only some individuals, businesses or groups • Fire, theft, embezzlement • Non-diversifiable affects a large segment of society • Unemployment, inflation, and natural disasters
Categories of Risk • Hazard • Includes property, liability, or personnel loss exposures • Operational Risk • Result from the failure in processes, systems, or controls • Financial Risk • Result from the effect of market forces on financial assets or liability; includes market risk, credit risk, liquidity risk, and price risk • Strategic Risk • Arises from trends in the economy and society; changes in the demographic, economic, political, and competitive environments
Why Do We Need Risk Management? • “Ben Bernanke said in 2008 that a significant factor causing the 2008 financial crisis was risk-management weaknesses at large global financial institutions. • “Banks Bundled Bad Debt, Bet Against it and Won” article • http://www.nytimes.com/2009/12/24/business/24trading.html?pagewanted=all&_r=1& • Risk Mitigation and Risk Transfer benefit not only the individual organization but the economy as a whole.
Benefits of Risk Managements to Society • Reduced waste in resources • Improved allocation of productive resources • Reduced systemic risk
RM Tools • Risk Management techniques: • risk avoidance • risk control • hazard or loss reduction • risk retention • risk transfer • Hedging and sub-contracting • Insurance
Total Cost of Hazard Risk • Includes • Costs of losses not covered by insurance or other sources • Insurance premiums or expenses incurred for noninsurance indemnity • Costs of risk control techniques to reduce accidental losses • Costs of administering risk management initiatives
Focus of Risk Management • Reduce the potential loss frequency and loss severity • Reduce deterrence effects of Hazard risks • Reduce and managing the downside risk • Potential loss from new product from delays, errors, cost increases, market decline. • May use stop-loss limits in insurance • Intelligent Risk Taking • Maximizing Profitability
Risk Management Goals • Tolerable Uncertainty • Legal and Regulatory Compliance • Survival • Business Continuity • Earnings Stability • Profitability and Growth • Social Responsibility • Economy of Risk Management Operations
Changes and trade-offs in Goals? • Profitability and tolerable uncertainty • Economy of operations and legality or social responsibility • Growth vs. tolerable uncertainty
Holistic Risk Management • Manages risk across all levels and functions within an organization • Provides a more complete picture of an organization’s risk portfolio and profile • Provides for better decisions and improved outcomes for senior management • Facilitates a complete understanding of the risks involved
Regulatory Requirements • Sarbanes-Oxley Act of 2002 • Requires both the management of public companies and their auditors to assess and report on financial risk and controls • Dodd-Frank Act of 2010 requires that financial bank holding companies and certain other public companies have a risk committee and at least one member of the committee must be a risk management expert • Basel III and Solvency II in Europe provide risk management requirements for financial firms and insurers.
Enterprise Risk Management (ERM) • Holistic approach to risk management • Provides a way to manage all of an organization’s risks, including operational, financial, and strategic risk. • Three theoretical pillars to explain ERM • Interdependency – should not consider exposures as “silo events” • Eg., mortgage loans in different geographic areas are not independent • Correlation – increases risk • Eg., if all suppliers are in hurricane area • Portfolio Theory – assumes both individual risk and their interactions; • Eg., an airline may have increased portfolio risk with increased fuel prices; this will also impact consumer demand
Organizational Relationships • CRO - Chief Risk Officer – reports to both the chief executive officer and the board risk committee • Responsibility includes helping create culture in which divisions, units, and employees become Risk Owners.
Requirements for Implementing ERM • Risk managers must have authority to make and enforce necessary changes, often against significant resistance • Effective Communication • Knowledge of the type of information the CEO and other senior managers need to understand the organization’s risk portfolio. • The ability to avoid “entrenched silos”, decisions made without considering the impact on other divisions or on the overall organization.
Risk Management Framework and Process – Chapter 5 • Components and sets of the RM model
Traditional Steps in the RM Process • Identify and analyze loss exposures • Examine feasibility of alternative management techniques • Select risk management technique • Implement • Monitor and improve risk management program
How do we identify the Risk Management exposures? • survey/questionnaire • loss history of an organization • financial statements • other records and documents • flowchart of organization’s operations • personal inspection of facilities • Professional experts
Examine the feasibility of RM Techniques • risk control techniques - exposure avoidance - loss prevention - loss reduction - segregation of loss exposures - contractual transfers for risk control • risk financing techniques - retention - transfer
Risk Financing • Retention • Current expensing of losses • Unfunded reserve • Funded reserve • Borrowing • Captive • Transfer • Contractual transfer for risk financing • Commercial insurance • Hedging
Focus of Analysis • Potential loss frequency • Potential loss severity • Risk Control to Prevent losses • Risk financing to reimburse for losses • most risk control and risk financing techniques can be adapted to deal with business risks
Select the RM Technique • forecasts • The frequency and severity of the expected loss • The effects of various RC and RF techniques will have on the predictability, frequency, and severity of loss • The cost of the technique • selection criteria • Financial and other constraints
Implement the RM Decision • technical decisions • managerial decisions
Monitor the RM Program • establish standards of acceptable performance • compare actual results with standards • correct substandard performance
Steps to the Enterprise-wide RM Process • Scan the Environment • Identify risks • Analyze risks • Treat risks • Monitor and make sure the process is effective • (chart p. 5.19)
Four components of the ERM framework • Lead and establish accountability • Align and integrate • Allocate resources • Communicate and report
Establishing Accountability • Identify RISK OWNERS and their roles in the organization • Someone who is accountable for the identification, assessment, treatment, and monitoring of risks in a specific environment • Establish Key performance Indicators (KPI) • A measurement that defines how successfully an organization is progressing toward its long term goal • Establish key risk indicators (KRI) and use them to evaluate performance • Develop risk criteria to evaluate the significance of risks
Power, Inc. Case. • Page 5.22-5.5.30