RISK MANAGEMENT

Cucu Elena Marinela

Erasmus - KATHO

What is risk management?

Risk management is about following a deliberate set of actions designed to identify, quantify, manage and then monitor those things, events or actions that could lead to financial loss. Categories of risk: Strategic risk: macroeconomic factors, poor business decisions and direction setting; Business/financial risk: market risk, credit risk;

Program and project risk: the risk that a major change initiative could ail or that the benefits expected my not materialize; Operational risk: management failure, system failure, human error, procedural failures; Technological risk: bringing new technology products to market and introducing new technology. The basic form of managing risk involves four stages: Identification Quantification Managing or responding can be done in five ways: - by transferring the risk - avoidance - reducing the risk by taking actions that minimize its impact or probability - putting contingency in place that allows the company to cope with the risk should it materialize - accepting the risk and its consequences

Monitoring and controlling involves two aspects: - to ensure the actions agreed during the response stage are undertaken and their impact is tracked - to monitor the risk over time. Risk management in banking is different, as it is based upon quantitative measures of risk, such as: sensitivity volatility

downside measures of risk, which incorporate both sensitivity and volatility, thus being the most comprehensive measure of risk. Failing to manage risk can result in financial loss of one kind or another. At macroeconomic level, the failure of governments to manage their economies can lead to boom and bust, recessions. 2

 At the strategic level, organizations can rush into investing in speculative bubbles and seeking first mover advantage without thinking about the downside risks. A good example is Internet baking. At the project and program level, huge sums of money can be wasted on major change projects which in the end dont bring any benefits to the organisations.

2. The evolution of risk management

Risk management as a discipline has emerged as a response to the increasing complexity of the business environment. A significant impact had the globalization process, as the level of risk is much higher for corporations that operate globally. Consequently, regulation has become an essential mechanism for protecting a companys investors and stakeholders from the risks they take. These regulations are mainly aimed at the board of directors, as they are the one who control the destiny of the organisation. Such regulation has called for ore discipline and control in three principal areas: effectiveness and efficiency of operations, reliability of financial reporting, compliance with law and regulations.

3. The e-dimension
The Internet has resulted in a whole variety of new risks that have to be managed. The first and the most obvious is the risk of e-mail, which is an insecure method of communication. Other risks related to the Internet are: The me-too risk: many companies rushed into creating an on-line presence because they felt they had no choice, otherwise the dotcom businesses would have stolen from their market share. The risk of failing to deliver a robust product The risk of poor data currency The risk of online fraud The risk of security breaches and unauthorized access

4. The global dimension

There are a number of risks associated with the process of globalization that need to be managed. First, there is the risk from pressure groups and boycotts that can seriously hit corporations and brand image. This means that transnational corporations have to manage the

risks from political, environmental, anticapitalist and human rights activists as carefully as any other risk they face. Secondly, there is the financial risk of globalization, which arises mainly from the country risk. There are six main categories to country risk: Economic risk is the risk that the expected return on an investment made within a country is affected by changes in that countrys economic structure or growth (fiscal and monetary policy, local recessions and resource availability). Transfer risk arises from restrictions in capital movements imposed by foreign governments, especially during times of economic crisis. Exchange risk is the risk of a sudden change in the value of a countrys currency. Location or neighbourhood risk Sovereign risk is the risk associate with the failure of the government to meet its loan obligations. Political risk relates to the general political stability of a country. How country risk is managed depends very much on the nature of the relationship the organization has with that country. Fr instance, if it ha a manufacturing unit in another country, the risk will be long-tem and the organization should assess all country risks and for a long time after.

5. The state of the art

Managing the risk of globalization As awareness of the environmental and social consequences of globalization increases, the risk that transnational companies have to manage becomes more complex. Companies should be aware of NGOs activities, because heir activities have an increasing impact on global corporations. Moreover, these corporations could involve actively NGOs in the process of establishing appropriate business and social responsibility, as a part of the process of managing these risks. Managing technical risks There are some strategies that a company can use when it introduces new technology products in order to deal with the combination of product failure and market failure: Obtains the same cash inflows, but sooner Reducing cash outflows Reducing the risk of cash inflows

Obtaining the same outflows, but later Managing the e-channel risks This category includes more types of risks: E-mail risk The financial risk of an e-mail business

Developing a reliable internet presence Online fraud

Unauthorized access Managing operational risks Operational risk management requires organisations to establish a risk management framework that includes: Strategy Policies Risk management process Risk mitigation strategies Operations management

Culture. Risk roles and responsibilities It is important to ensure that the responsibilities for risk management are clearly defined throughout the enterprise. The main responsibles for the risk management, at organization level, are: the chief executive, the chief financial officer, the chief risk officer, the internal audit project and program managers. The ten steps that are required to make risk management work are: Understanding our risk appetite Formalizing the process Identifying and categorizing risks at all levels Managing risks actively Developing a risk culture Learning from the success and mistakes of others Asking yourself difficult questions Using known method and tools Using expert advice Balancing risk and reward.

Personal opinion
Risk management becomes more important nowadays in the activity of large corporations. The main reason for this is the globalization and the increasingly intense competition that this has brought. The risk at a global level is much higher than in the domestic market, because much more factors must be taken into account. Traditional risk management focuses on risks stemming from physical or legal causes (e.g. natural disasters or fires, accidents, death, and lawsuits). Financial risk management, on

the other hand, focuses on risks that can be managed using traded financial instruments. However, there are risks that are not necessarily referring to the business operations of the company, but rather to the way it does business, like the workforce that it employs (in the underdeveloped countries, it can be about workforce exploitation), how much energy it spends (there is a lot of public pressure on companies to be more concerned with the effect of their activities on the environment). Many risk managers tend to focus rather on the material risks that can affect the company, not taking into account the aspects that can harm he companys image and the way it is perceived by its customers. There are many advantages that a professional risk management can bring to a company. However, risk management also faces difficulties allocating resources. Managers must solve the opportunity cost problem: resources spent on risk management could have been spent on more profitable activities. Ideal risk management minimizes spending while maximizing the reduction of the negative effects of risks. There are limitations in managing risks. If risks are improperly assessed and prioritized, time can be wasted in dealing with risk or losses that are not likely to occur. Spending too much time assessing and managing unlikely risks can divert resources that could be used more profitably. Unlikely events do occur but if the risk is unlikely enough to occur it may be better to simply retain the risk and deal with the result if the loss does in fact occur. Prioritizing too highly the risk management processes could keep an organization from ever completing a project or even getting started. This is especially true if other work is suspended until the risk management process is considered complete. It is also important to keep in mind the distinction between risk and uncertainty. Risk can be measured by impacts and probability. Uncertainty, on the other hand, cannot be measured, and therefore cannot be managed. Another important issue that is sometimes disregarded by risk managers is the impact of corporate culture on managing risks. The conventional risk management approach of focusing on business processes, systems, and infrastructure issues inadvertently ignores the fact that risk management is largely a cultural issue. Often, the execution of risk management strategies is devoid of the companys cultural perspective.

Articles on risk management

1.Ten predictions for risk management The RMA Journal, May, 2003 by James Lam

While the book offers us a very succinct presentation of the development and the main features of risk management process, the article looks at the way risk management activity will evolve in the following decade. The starting point is how risk management can influence the efficiency and profitability of a company. Companies that have implemented ERM programs have reported material improvements in loss experience, customer satisfaction, regulatory capital relief, pricing performance, and shareholder value. This is why the author of the article is optimistic about the future of risk management, considering that the number of companies which will adopt risk management systems will grow exponentially. The predictions he makes about the future are: ERM will become the industry standard for risk management: enterprise-wide risk management will prove itself to be the best way to ensure that a firm's internal and external resources work efficiently and effectively in optimizing its risk/return profile. A CRO will become prevalent in risk-intensive businesses, as already many important Audit committees will evolve into risk committees. The reason for that is the fact that companies have created this position. board directors have begun to realize that their responsibilities go beyond traditional audit activities, and that they need to ensure resources and controls are in place for all types of risk. Risk transfer will be executed at the enterprise level. This means that in the future, companies will make risk-transfer decisions based on an explicit comparison between the cost of risk retention versus the cost of risk transfer and execute only those transactions that increase shareholder value. Advanced technology will have a profound impact on risk management. Medium-sized companies will have access to sophisticated risk models that were once the privilege of large organizations. A measurement standard will emerge for operational risk. Today, there are still Risk education will be a part of corporate training and college finance programs. problems regarding the measurement an even the definition of operational risk.

1. Top 10 risk managers' mistakes Risk & Insurance, Oct 1, 2005 by John McDonald The article presents a list of the greatest risk management errors that managers do, a list developed by a consulting firm. The major mistake a manager can do is to gamble on risk by assuming a catastrophe won't strike their company. Secondly, a risk manager is tempted to underestimate how high the stakes are. This means they dont properly asses risks and their

consequences, or, if they estimate it, they can adopt the position: this wont happen to me and wont take any actions. Anther mistake is that some managers believe that the best way to protect the firm from all kind of risks equals increasing insurance coverage. This means that they are not looking for other solutions and it can lead to an unreasonably high cost of risk management, which of course will bring about a drop of the profitability of the company. Other missteps include the failure to maintain a focused and centralized program and the failure to educate and train employees for emergencies. The second half of the list focuses on what risk managers do wrong after their businesses make the initial commitment to prevent future risks. The best response to these mistakes, as the author sustains, is to educate risk managers and CFOs about risk assessment. 3. Risk management's missing link The RMA Journal, Dec 2003, by Jee Meng Chen The article focuses on the fact that risk management should come only after corporate culture management. In order to support that, the author presents the case of NCBS bank which has failed managing the risk of launching new products. The bank was characterized by a low overall risk appetite. In addition, the head office's control over local business operations was evident in the centralized credit-decision processes. During the Asian crisis, the group NCB, which included NCBS, decided to start a major restructuring process, in order to improve profitability. Overall staff strength was reduced, and unprofitable branches ceased operations. One unprecedented change was the creation of new strategic business units (SBUs). Local and overseas branches were given the mandate to develop their investment and treasury operations, particularly in capital market instruments and structured treasury products. The supporting decision-making structure and processes were, however, not properly laid down to accommodate the change in business models. A series of cost-cutting measures and new business initiatives were implemented. In the following two years, improvements in NCBS's financial performance were considered remarkable, as minimal technical support came from its head office after the restructuring. Then, in the second quarter of 2002, NCBS was audited. Weaknesses were noted in virtually every aspect of the branch's operations. Of most concern, however, were the following issues: Delayed system implementation Engagement in complex swaps, contrary to the head office's new product approval procedures There was no proper risk management framework to measure and monitor the branch's exposure to potential market risks associated with its complex swaps transactions

NCBS received a poor rating in the final audit report because of its inadequate risk management and control framework. This showed that the restructuring process have failed because the factor human resources and the organizational culture wasnt taken into account when the decision of changing the banks structure and way of working was taken. The conclusion of the author is that insider fraud, lack of due diligence, or a "don't ask unnecessary questions" mentality is sufficient to crack any system. The conventional risk management approach of focusing on business processes, systems, and infrastructure issues inadvertently ignores the fact that risk management is largely a cultural issue The advice given to bank practitioners is to manage risk by managing the firm's corporate culture. And auditors should consider conducting a thorough enterprise-wide cultural audit, because risk entry points do not necessarily manifest themselves in operational lapses and lack of operating guidelines.