ItRM [Lectures]

How does risk work?

How does risk work?

It can be defined as the effect of uncertain future events on a company or on the outcomes the company achieves.

It arises out of uncertainty

How are risks classified?

According to the source of uncertainty

Risks should be classified to help managers make better decisions for their specific company and environment.

What is the classification of risks?

operational risk, compliance risk, investment risk

What is a OPERATIONAL RISK?

This refers to the risk of losses from inadequate or failed people, systems, policies, and external events beyond the company's control

What is another example of operational risk?

Rouge Trading

• refers to situations wherein traders bypass management controls and place unauthorised trades, at times causing large losses for the companies they work for:

• involve fraudulent trading that is done for personal enrichment or to make up losses

What are the risks associated with managing the environment?

political, legal, settlement risk

What is a POLITICAL RISK?

Refers to potential policy changes by a new ruling party affecting monetary policy, fiscal policy, investment incentives, public spending, and procurement

What is a LEGAL RISK?

It should be managed by ensuring the company identifies and adheres to all legal commitments

What is a SETTLEMENT RISK?

It occurs when one party fulfills its obligation in a transaction, like transferring securities or funds, but the counterparty fails to do so, often due to bankruptcy

What is a COMPLIANCE RISK?

This refers to the risk that a company fails to follow all applicable rules, laws, and regulations and faces sanctions as a result

What are the KEY COMPLIANCE RISKS?

Corruption, tax reporting, insider trading, ani-money-laundering

What is the CORRUPTION?

Defined as the abuse of power for private gain, has received heightened attention because of tightened laws and regulations on bribery and increased regulatory scrutiny, investigations, prosecutions, and fines

What is the TAX REPORTING?

Composes of tax avoidance (using tax code provisions to minimise the tax that is owed) and tax evasion (not paying taxes in violation of the tax law)

What is the INSIDER TRADING?

Trading of a company's stocks or securities by individuals with access to non-public, material information about the company, which is illegal and poses a significant compliance risk

What is the ANTI-MONEY-LAUNDERING?

It’s a set of rules to prevent money derived from criminal activities from entering the financial system and acquiring the appearance of being from legitimate sources

What is an INVESTMENT RISK?

It means that the value from fluctuations is crucial for investment professionals but less so for support staff, so it gets less coverage than operational and compliance risks.

What does investment risk consist of?

Market, credit and liquidity risk

What is MARKET RISK?

The risk caused by changes in market conditions affecting prices

They often implement an approach called risk budgeting to determine how risk should be allocated among different business units, portfolios, or individuals

What is CREDIT RISK?

The risk for a lender that a borrower fails to honour a contract and make timely payments of interest and principal

Sovereign risk is the risk that a government will not repay its debt because it does not have either the ability or the willingness to do so

What is LIQUIDITY RISK?

The ability to buy and sell quickly without incurring a loss. It is a core concern for companies and is often neglected when sources of financing, such as bank credit, are plentiful.

When markets are illiquid, the ability to trade assets is substantially reduced, which harms these firms

What is the advantage of the risk management process?

It helps companies reduce the likelihood and severity of adverse events and enhance management’s ability to realise opportunities

What are the disadvantages of the risk management process?

It can be investment losses and even bankruptcy

Or even, sanctions for the breach of regulations, loss of licenses to provide financial services, and damage to the company’s reputation and the reputations of its employees

What is risk management?

It’s a process, or even, a series of actions to achieve a company’s objectives

What is the FIRST step of the risk management process?

Setting objectives

• It enables management to identify potential events that could affect the realisation of those objectives.

• These objectives depend on external factors that may be difficult for companies to influence and control, which leads to a high degree of uncertainty.

• A strong risk management process helps decision-makers ensure that the company is on track to achieve its objectives

What is risk tolerance?

The level of risk a company can and is willing to take depends on its financial health, earnings, cash flow, and equity capital

What is risk appetite?

It’s a willingness to take on risk, which depends on its attitude toward risk and on its risk culture

What is the SECOND step of the risk management process?

Detecting and identifying events

• It may affect achieving the company’s objectives

• It includes the risks that are hidden, by involving employees from various roles

• It also provides a framework to prepare for, detect, and mitigate adverse events early, potentially uncovering hidden opportunities

What is the THIRD step of the risk management process?

Assess and Prioritise Risks

• It uses the risk matrix because it can be used to prioritise risks and select the appropriate response for them

Why is the selection of key risk measures so important?

It provides a warning when risk levels are rising

They require the collection and compilation of data from various internal and external sources

What is the FORTH step of the risk management process?

Select a Risk Response

• Formulate responses to deal with the risks identified in the previous step.

• For each risk, management must select an appropriate response and develop actions to align the company’s risk profile with its risk tolerance.

What are the four “T’s” in risk response strategy?

Tolerate, Treat, Transfer, Terminate

What is TOLERATE?

Involves accepting the risk and its effect. In some cases, the risk is well understood and taking it provides opportunities to create value. In other cases, the risk must be taken because other risk response strategies are unavailable or too costly

What is TREAT?

Involves taking action to reduce the risk and its effect

What is TRANSFER?

Involves moving the risk and its effect to a third party

What is TERMINATE?

Involves avoiding the risk and its effect by ceasing an activity

What is INTERNAL RISK LIMITS?

It incorporate the company’s overall risk tolerance and risk management strategy

What is the FIFTH and last step of the risk management process?

Control and Monitor

• Involves a range of controlling and monitoring activities that must be performed on time

What is ENTERPRISE RISK MANAGEMENT (ERM)?

Integrates risk management across all levels of a company, aligning with objectives from corporate to project levels

What are the BENEFITS of risk management?

Supporting strategic and business planning;

Recognising responsibility and accountability;

Assisting with the early detection of unlawful and fraudulent activities, thus complementing compliance procedures and audit testing

What is VALUE AT RISK?

Measure of potential investment loss in typical market conditions