Professional Documents
Culture Documents
Risk Management Project
Risk Management Project
Risk Management Project
strategies to manage it, the practice by which a firm optimizes the manner in
which it takes business risks is called risk management. The point of risk
management is not to eliminate it; that would eliminate reward. Hence this Risk
needs to be managed.
Potential Benefits
RISK APPETITE
Risk appetite, at the organizational level, is the amount of risk exposure, or
potential adverse impact from an event, that the organization is willing to
accept/retain. Once the Risk Appetite threshold has been breached, risk
management treatments and business controls are implemented to bring the
exposure level back within the accepted range.
The design of a risk appetite framework does not have to start from scratch. It
should build on and unify existing risk and business management processes and
reports.
Approaches TOP DOWN or BOTTOM UP APPROACH
The top-down desired risk profile must be compared with the bottom-up
reality
Organisations use different ways to measure their Risk Appetite, ranging from
simple qualitative measures such as defining risk categories and setting
target levels around these, to developing complex quantitative models of
economic capital and earnings volatility. Again, risk appetite is not a magic number, nor
always quantifiable. It is dependent upon the aims of the business and what risks have to
be taken to achieve those aims.
The final aspect of risk appetite is the target risk/reward balance of the
organization. Organizations setting a lower risk/reward premium will be able take on a
wider range of opportunities, thus potentially building a larger organization, albeit one with a
lower return on capital.
Indictors can be leading, lagging or current in nature. Most managers want leading or
preventative indicators to predict problems far enough in advance to prevent or
eliminate them or at least mitigate the damage.
All companies face the challenge of developing leading indicators that can effectively
provide early warnings of potential future losses. Clearly, the challenge is to
implement KRIs in such a way as to improve consistency, relevance, transparency and
completeness. To achieve this, some standardisation is required across the firm and,
across the industry.
Monitor
Control
Assess Risks
Identify
Risks
Set
Objectives
TYPES OF RISKS
EVENTS
Technology
Error
Fraud and
Theft
Legal and
Regulatory
Security
Transaction
Risk
b)Predictive Model - account for the unexpected losses and to predict them over
extended periods.
Types of
System Risk
I. Accidental Threats
Unauthorized access
Unauthorized alteration to data
Leakage of sensitive information
ACCIDENTAL THREATS
Fire damage:
Fire is a major threat to the physical security of a computer installation.
Following are the major features of a well-designed fire protection
system:
Installation of both automatic and manual fire alarms at strategic
locations.
Installation of manual fire extinguishers at strategic locations.
Fire extinguishers and fire exits should be clearly marked.
Place master switches for power.
Place smoke detectors.
Use sprinkler system/ halogen gas to put off fire.
When a fire alarm is activated, a signal may be sent automatically to
permanently manned fire station.
All staff members should know how to use the system.
Water damage:
Water damage to a computer installation can be the outcome of a fire; the
specific system sprays water that enters hardware. It may also result from other
resources such as floods, cyclones, etc.
Some of the major ways of protecting the installation against water damage are
as follows:
Have waterproof ceilings and walls.
Ensure an adequate drainage system exists.
In flood areas have the installation above the high water level.
Have a master switch for all water mains.
Use a dry pipe automatic sprinkler system.
Cover hardware with a protective fabric when it is not in use.
ENERGY VARIATION
Energy
Variations
Increase in
power
Temporary
Loss of
power
Sustained
Stabilizer/
Voltage
Regulator
Temporary
Circuit
breakers
Battery
Back-Up
Sustained
Generator
Hardware Failures:
There are cases when hardware failures cause the operating system to crash.
There could also be cases of system failures which cause the whole segment of
memory to be dumped to disks and printers resulting in unintentional disclosure of
confidential information.
Backing-up data:
Backing up data is the single most important step in preventing data loss. Regular
backups are vital insurance against a data-loss catastrophe, yet many organizations
learn this lesson the hard way.
By far the best method of taking a back-up is replication of data to an off-site location
using local mirrors of systems.
Following are some rules of thumb to guide you in developing a solid backup strategy.
Develop a written backup plan
Your database and accounting files are your most critical data assets. They should be
backed up before and after any significant use. For most organizations, this means
backing up these files daily. Nonprofits that do a lot of data entry should consider
backing up their databases after each major data-entry session.
Store a copy of your backups off-site to insure against a site-specific disaster such as
a fire, break-in, or flood. Ideally, you should store your backups in a safety-deposit
box.
INTENTIONAL THREATS:
ADMINISTRATIVE CONTROLS:
1. Log on Procedures
2. Call Back Devices
3. Firewalls
4. Encryption
5. Anti-Virus Software
6. Hiring Tiger Teams
Speculative Risk:
A risk in which either a gain or a loss may occur.
CAPM or the Capital Asset Pricing model is the most frequently used financial
model to enable portfolio diversification. If returns on risky assets have less
than perfect correlation, i.e., they do not naturally hedge against each other,
risk averse individuals diversify risk in their holding of assets. A well
diversified portfolio would have less fluctuation than returns on individually
held financial assets.
Given that non-systematic risk is virtually nullified by a large portfolio
(CAPM assumes such a large portfolio), the only risk that remains is the
systematic risk. Thus, the only type of risk for which and investor would
earn a return would be the systematic risk. This systematic risk is
measured as Beta. Beta () calculates the volatility/exposure of a
securitys return to the entire market (CAPM) portfolio.
WHAT IS HEDGING?
Hedge - In finance, a hedge is a position established in one market in an attempt to offset
exposure to the price risk of an equal but opposite obligation or position in another market
usually, but not always, in the context of one's commercial activity.
SPOT CONTRACTS
FORWARD CONTRACTS
Closed Forward - Closed forwards must be settled on a specified date.
Open Forwards - Open forwards set a window of time during which any portion of the
contract can be settled, as long as the entire contract is settled by the end date.
Foreign Currency Swaps - A financial foreign currency contract whereby the buyer and
seller exchange equal initial principal amounts of two different currencies at the spot rate.
Example:
A company needs to borrow euros to fund an investment project. The cash flows will also
be in euros. It transpires that by issuing a loan in USD the company can obtain the
required funds more cheaply than by issuing a loan in EUR. However, in that case, the
company would be faced with the situation where the interest payments would be in USD
whereas the income would be in EUR. The company therefore decides to enter into a CC
Swap whereby it receives the USD interest rate and pays the EUR interest rate.
The following three examples show how, through a CC Swap, the standard interest rate
for the term and currency of the debenture loan are swapped.
Principal in USD
ABC
Principal in EUR
ING Bank
ABC
on debenture loan
ING Bank
Principal in USD
Principal in USD
ABC
Maturity of debenture
Loan in USD
Principal in EUR
ING Bank
6Time
Month
(years)
Libor
[1]
[2]
[3]
[4]
[3] [4]
0.0
2.8 %
100.0
100.0
0.0
0.5
3.4 %
2.3
1.4
0.9
1.0
4.4 %
2.3
1.7
0.6
1.5
4.2 %
2.3
2.2
0.1
2.0
5.0 %
2.3
2.1
0.2
2.5
5.6 %
2.3
2.5
0.2
3.0
5.2 %
2.3
2.8
0.5
3.5
4.4 %
2.3
2.6
0.3
4.0
3.8 %
102.3
102.2
0.1
Futures
1.Commodity
2.Interest Rate
3.Currency
4.Index
5.Stock
Credit Derivatives
1.Credit Default
2.Total Return Swap
3.Credit Linked Note
RISK MANAGED ?
Risk management isnt just about protecting your business its
also about making it better. Risk management shouldnt be
thought of as a stand-alone compliance or control activity, but as a
competency that allows your organization to realize its potential
whether that means driving top line growth, eliminating costs,
enhancing reputation and brand, or making better use of capital
assets. Organizations need to understand all of their business risks
strategic, operational, financial, compliance align their risk
functions and activities to eliminate overlaps and gaps, and
develop plans to manage, accept, or capitalize on those risks.
Although Return Maximization is an objective holding paramount
importance for an organisations long term goals, the same cannot
be achieved unless Risk Minimisation is paid heed to. Hence it is
essential that an appropriate balance is struck between Risks and
Return.
THANK YOU