Risk Management Framework
Category: Risk Management | Nov 23, 2009 |
Risk management is the process of identifying, prioritising, assessing, analysing mitigating and controlling risk. Regulatory challenges have been driving risk management in recent years.
Risk management process should involve the appointment of a risk manager who will be responsible and accountable for the design and development of the risk management framework and oversees the implementation of the framework by the business units. The risk manager carries out the ongoing monitoring and reporting to the executive management and the Board explaining the business risks and the effectiveness and efficiency of the risk management practice. The risk manager recommends changes to the risk appetite or risk tolerance of the company.
Risk management should remain relevant and be adding measurable value to the business. Components of risks should be expressed in the simplest form possible so that it will not be overcomplicated for others in the business to understand.
Risk identification
The types of risks to which the business is exposed should be identified. The classification must be relevant to the underlying nature of the business. It may not be a quick process to consider and identify the risks inherent in a company, but the value of such an exercise should not be underestimated. The analysis will direct senior management to areas of exposure, and serve as a tool to ensure active tackling of all identified threats to the company.
The following headings should act as prompts for the company but this is not exhaustive, these are just the low hanging fruits:
Credit risk, Market risk, Liquidity risk, Operational risk, Compliance risk, Regulatory risk, Reputation risk, Litigation risk, Outsourcing risk, Technological risk, Fraud and other fiduciary risk, Foreign exchange risk, Concentration risk, key personnel risk, strategy risk, product risk.
Risk Mitigation
Credit Risk.
- No credit facility. Receive your cash before you hand over the assets or receive assets before you hand over your cash.
- Only deal with counterparties and clients that are regulated or recommended.
- Credit check counterparties with credit agencies for default.
- Check rating of counterparties at rating agencies.
- Cash deposits are held with high ‘A’ rated banks.
- Loan to be payable early.
- Loan is secured on quality collateral.
- Draft legal agreements to ensure prompt payment and action for delay or non payment.
- Fees are deducted from client account – set-off /netting rights
- Daily matching and reconciliation of trades.
- Segregation of client money
- Open a position with initial deposit monitor automated real time marked to market position credit profit and debit losses automatically, if outside margin, make margin call for fund injection or reduce exposure, close out position if market movement continues to erode the position.
- Analyse the current exposure, current replacement cost of the contract by asking “what would it cost to replace the deal in the market, if the counterparty were to default today?”.
- Analyse the potential exposure likely replacement cost of the contract by asking “what is an estimate of the maximum likely replacement cost of the contract, if the counterparty defaults in the future?”.
Market Risk
- Set maximum amount you are prepared to invest in the market.
- Set stop loss for maximum fall in market you can accept.
- Set stop loss for maximum rise so as to preserve your profit.
Liquidity Risk
- Overdraft facility
- Equity financing – easy injection of funds from your investors
- Cash payable on demand from debtors
- Predictable inflow and out flow of cash
Concentration risk
- Set concentration limit not more that 25% of total assets in one counterparty
Operational Risk
- Risk database
- Maintain error register
- Disaster recovery test/BCP
- Verification of client identity checks
- Service level agreement checks
- Insurance claims promptly made.
- Staff deputies appointment – no overreliance on one person
- Training and competence of staff
- Fraud – 4 eyes, holiday, limits, password, and segregation, preparer of statement is not authoriser.
- IT system efficiency test
- Information security
- Legal risk – review agreements
- Regulatory risk – interpreter regulations and implement
- Electronic trading to reduce error
Risk analysis
Once the company has completed a process of risk identification, it is likely that there will be a daunting list of risk issues that are, or should be, addressed by the company. The next stage of the process will be to catalogue the risk that the company faces across the business and examine the likely probability of a particular risk being encountered and the likely impact. Look at the likelihood of occurrence and the consequences or impact if the event does occur i.e. the frequency and severity.
Ideally, analysis should be done by event data so as to make it scientific, so that a design model can be created pushing analytic methods to the absolute limit. Look at the number of losses and the number of complaints and litigations. If however the company does not have enough historic data to use to measure loss, the analysis would have to be done by applying judgement based on experience and insight of senior management into the business model and operational infrastructure. This process will require discussion between those who have an interest in the issues.
Risk retention
Effective risk management, if embedded into the company’s strategic and operational processes, provides the framework to overcome uncertainty, to help management determine and agree an acceptable level of risk and opportunity. The challenge, however, is to determine how much risk the business is prepared to accept. When certain risks are accepted there then has to be an allocation of capital that will be used to absorb and accommodate the risk.
An accurate measure of risk would help in determining the amount of capital required so that the company is not overly conservative and there is no overestimation in a situation where balance sheet is thin so there is no over-allocation of capital. In the same token, risk managers must ensure that the capital does not underestimate risk. Regulatory capital requirements may need to be covered between 3 to 5 times to cater for risks. The company has to consider assess to capital and ability to raise capital from shareholders and the market condition for raising capital.
Risk transfer
The whole concept of insurance is based on risk. The insurer transfers risk off the company’s balance sheet and on to their balance sheet in return for a payment of a premium. Professional indemnity insurance, liability insurance, error & omission insurance, fraud & fidelity insurance are useful covers that transfer risk.
It is important to ensure that the insurer is solid with good credit record and that it pays claims promptly and provides quality service. The company should also ensure that it can survive the period between the making of a claim and receiving settlement. Another way of transfer is the outsourcing of custodian activities to banks so that client assets can be held by those banks. Guarantee from a parent company also gives financial backing and comfort in the event of financial insolvency and a bail out to protect the reputation of the group as a whole.
Risk control
Having process and procedures in place to ensure that the affairs of the company are managed in an efficient manner with an eye on risk exposures. Use compliance team to monitor compliance with rules and regulation, internal audit to give assurance of effectiveness of control measures, legal support to properly draft contractual language, product approval process for quality, portfolio risk and performance management, self–assessment process, staff training and development, incentive structure that enables staff to consider how much risk they take to make money. Structuring deals with risk in mind, proactive culture rather than reactive, aligning risk appetite or tolerance to strategy.
Risk avoidance
The company may determine that it would avoid certain strategy or exit certain types of business to avoid the risk involved e.g. not using derivatives. The risk manager should be able to say ‘no’ to activities that exposes the company to significant risk, explain reasons for saying ‘no’ and obtain acceptance of their position explaining all options that has been considered in reaching that conclusion.
Conclusion
A robust risk management framework with all the necessary data, analytics and tools will enhance the opportunity and capability to grow value linking growth and risk with return and minimising operational surprises and losses.
Watch the video related to risk management
The joys of risk management brought to you by george castanza
You left out the comedian, doing the risk management talk.
.
That last scene just kills me XD
They should call it roundtine. You know what I’ m talking about. LOL
why do they call it Old Christine, they should call it Rotunda.
I hope the class thinks this is funny….otherwise I’M SCREWED ! ((HAVE SOME CAKE ON FRIDAY))
Understanding and allocation of risks involved in any investment or work is called risk management. First, you need to do a thorough study of the subject to understand the risks involved. Then for each risk you choose a way to allocate it such as buying insurance or having some contractual obligations for other parties involved in the work or the investment.
If some competent engineer/analyst has done a FMECA or FMEA, an FTA, and other safety analyses. AND, these analyses have been peer-reviewed and corrected (if necessary), then I see no need for further modelling.
If the system in question is dynamic (changing part types, changing design, changing configuration), then yes, an ongoing model with a full-time or most-time risk manager may be necessary.
Even if the risk manager is not doing his/her job, a continuing model wouldn't be necessary. A simple peer review of the existing models and analyses would be all that is necessary.
.
http://www.meridianlink.com/articles/security_risk.pdf
http://www.netaddiction.com/articles/eia_framework.pdf
http://www.thefreelibrary.com/Internet+Risk+Impact+Summary+Report+for+Q3+2003-a0113377379
First you need to learn to spell interpretation correctly. Mistakes like that in a resume are really damaging.
You may find a course at a community college. I took one from Dun & Bradstreet by correspondence years and years ago and found it quite helpful.
In business, the term operational risk management (ORM) is the oversight of many forms of day-to-day operational risk including the risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events. Operational risk does not include market risk or credit risk.
Good for you. But there is no such thing as MBA in risk management, or MBA in marketing, of MBA in finance. The MBA is a general broad degree covering a wide variety of business issues and training students for careers in managing any area of business up to CEO. MBA students study accounting, finance, marketing, statistics, management, economics, strategy, policy, leadership and similar courses. The MBA was developed because people with technical backgrounds getting promoted into management are not always able to manage, and people in management often don't understand the technical fields they manage. That's why MBA programs prefer students with degrees in other than business and with 2-4 years of work experience. Their graduates learn to manage and can speak the language of the people they manage, whether that is engineering, chemistry, medicine, music, or any other field.
Many MBA programs offer concentrations, but this usually amounts to 2-3 elective courses in a specific field in the second year of the program. So don't worry about a concentration but be careful in choosing the right program. If you find one with Risk Management courses, consider the quality of the school first, and the concentration second.
Before you consider which MBA program is for you, consult the Official MBA Guide, a comprehensive free public service with more than 2,000 MBA programs listed worldwide. It allows you to search for programs by location (US, Europe, Far East, etc.), by concentration (finance, marketing, aviation management, health management, accounting, etc.), by type of program (full-time, distance learning, part-time, etc), and by listing your own criteria and preferences to get a list of universities that satisfy your needs. You can use the Guide to contact schools of your choice, examine their data, visit their web site, and send them pre applications. You can see lists of top 40 schools ranked by starting salaries of graduates, GMAT scores, and other criteria. It's the best service available at http://officialmbaguide.org.
You'd do a lot better researching the general principles of risk management strategy before asking individual insurers (it's a huge subject)
You can read up on various principles through the IAIS which is pretty much the lead organisation in the world for setting requirements for insurers.
http://www.iaisweb.org/index.cfm?pageID=2
Also ..a personal tip …. although obviously rules are different from jurisdiction to jurisdiction, some of the most comprehensive and yet concise I've seen are the Australian ones (they are very hot on risk management in Aus).
You can read the guidance notes here….
http://www.apra.gov.au/General/General-Insurance-PPGs.cfm
That way you can target your questions and get a much better response
What is Quality Assurance?
The answer will be something along the lines of fitness for purpose.
Also, perhaps you could do a bit of research on the Prince2 project methodology…….it covers all of the areas you are interested in.
this guy sounds just like me..this is horrible!
Options trading isn’t difficult if you spend the time to learn appropriate techniques and strategies. There are alot ofinformational pieces for free. Do somesearching and you’ll find what you need to be profitable trading stock options.