Risk Management is the process of measuring, or assessing risk and developing

strategies to manage it, the practice by which a firm optimizes the manner in
which it takes business risks is called risk management. The point of risk
management is not to eliminate it; that would eliminate reward. Hence this Risk
needs to be managed.

Fundamentals of Good Risk Management

Potential Benefits

BOOM TIME DOOM?

Easy for managers to forget about risk

There are external as well as internal risks
associated with success and it should incite
managers to identify the level of internal risk
exposure.
Many businesses focus on performance while
failing to recognize the importance of risk and
control activities.

RISK APPETITE
Risk appetite, at the organizational level, is the amount of risk exposure, or
potential adverse impact from an event, that the organization is willing to
accept/retain. Once the Risk Appetite threshold has been breached, risk
management treatments and business controls are implemented to bring the
exposure level back within the accepted range.
The design of a risk appetite framework does not have to start from scratch. It
should build on and unify existing risk and business management processes and
reports.
Approaches TOP DOWN or BOTTOM UP APPROACH
The top-down desired risk profile must be compared with the bottom-up
reality
Organisations use different ways to measure their Risk Appetite, ranging from
simple qualitative measures such as defining risk categories and setting
target levels around these, to developing complex quantitative models of
economic capital and earnings volatility. Again, risk appetite is not a magic number, nor
always quantifiable. It is dependent upon the aims of the business and what risks have to
be taken to achieve those aims.
The final aspect of risk appetite is the target risk/reward balance of the
organization. Organizations setting a lower risk/reward premium will be able take on a
wider range of opportunities, thus potentially building a larger organization, albeit one with a
lower return on capital.

KEY RISK INDICATORS

Key Risk Indicators (KRIs) relate to a specific risk
and demonstrate a change in the likelihood or
impact of the risk event occurring.
The number of customer complaints is an example
of a risk indicator. As customer complaints increase,
the probability that there are some underlying and
potentially systemic mistakes and errors of
judgement being made is likely to rise.
KRIs Benefits Include:

Understand how the risk profile changes in different circumstances

Appreciate how risk moves and is affected the business environment
Focus attention on risk drivers that are most volatile
Ensure controls around the drivers are robust and effective
Gain a forward looking perspective on the current risk profile
Understand the early warning signals for emerging risks

Indictors can be leading, lagging or current in nature. Most managers want leading or
preventative indicators to predict problems far enough in advance to prevent or
eliminate them or at least mitigate the damage.

All companies face the challenge of developing leading indicators that can effectively
provide early warnings of potential future losses. Clearly, the challenge is to
implement KRIs in such a way as to improve consistency, relevance, transparency and
completeness. To achieve this, some standardisation is required across the firm and,
across the industry.

The challenges posed by KRIs include:

Absence of data base of known loss events
Tendency to focus on well-known risks
Can be costly to implement and maintain
People can only manage KRIs they understand
Incorrect interpretation of data
Use of lagging indicators
Requires a good understanding of the risk cause (for likelihood drivers) and
consequence (for impact drivers)
Usefulness varies from risk to risk
Out of date indicators
Organisational risk maturity and culture

RISK MANAGEMENT PROCESS

Monitor

Control

Assess Risks

Identify
Risks

Set
Objectives

Roles and Responsibilities

Chief Executive Officer: The CEO ensures the implementation of risk
management framework and process and ongoing risk assessment of risks.
He also promotes risk culture and ensures the risk management process is
sustained organisation wide.
Risk Manager: He is the risk management process owner. He is responsible
to ensures the implementation and compliance with the risk management
policy and process.
Risk Management Committee: The RMC defines the risk management
policy framework and process. It also promotes and implement monitoring
of risk management strategies and policies.
Chief Risk Officer: The CRO oversights, advices, and communicates
information regarding the risk appetite of the organisation. He is not a
manager of risk; but only oversees the risk management process.
Audit committee: It ensures adequacy of control framework to manage
risks across the organisation - monitoring.

TYPES OF RISKS

OPERATIONAL RISK MANAGEMENT

Operational risks:
Control risks + Inherent risks for which controls are not in place.

Some of the events that could lead to operational risk include:

EVENTS

Technology
Error

Fraud and
Theft

Legal and
Regulatory

Security

Transaction
Risk

HOW TO MANAGE OPERATIONAL RISK

Operational risk can be divided into three functions:
Efficient and effective maintenance of business infrastructure that mostly
consists of information systems, including security policy, internal controls and
risk management.
Effective internal audit function, which includes assurance about integrity of
information systems, compliance, effective internal controls, assurance and
effective internal audit.
Pricing of operational risk management, which includes measurement of
losses, pricing of operational risks for each line of business, RAROC ( Riskadjusted Return on Capital) and measuring capital requirement.

STEPS TO MANAGE OPERATIONAL RISK

1.Prepare a Risk Plan
a)Casual Model - identify the expected losses and establish relationships

between losses and events

b)Predictive Model - account for the unexpected losses and to predict them over

extended periods.

2. Identification and Measurement of Operational Risks:

a)Top Down Approach financial data from the balance sheet and profit and loss accounts
are converted into a risk amount.
b)Bottom Up Approach - risks are analyzed for each line of business and their occurrence
and losses incurred are identified and measured.
3. Implementation of Risk Mitigation Techniques:
a)Causality - Knowing "what causes what," gives an ability to intervene in the environment and

implement the necessary controls.

b)Self assessment
c)Calculating reserves and capital requirements
d)Creating culture supportive of risk mitigation
e)Strengthening internal controls, including internal and external audits of systems, processes and
controls (this includes IS audit and assurance)
f)Setting up operational risks limits (so businesses will have to reduce one or more of frequency of
loss, severity of loss or size of operations)
g)Setting up independent operational risk management departments
h)Establishing a disaster recovery plan and backup systems
i)Insurance
j)Outsourcing operations with strict service level agreements so operational risk is transferred

4. Forecasting and Prediction:

Every business has to identify the events most relevant to it.
The whole exercise of the operational risk management is the exercise to identify events that
are likely to cause losses.
VaR (Value at Risk) and Scenario Analysis are used as techniques for prediction by taking
historical data or simulation and qualitative factors.

RISK MANAGEMENT AND INTERNAL CONTROLS

In todays business environment, the overall profile of risk management and
internal controls has increased, resulting in greater responsibilities for those
who manage enterprise risk.
Some of the key challenges include:
Increasing expectations for effective risk coverage, driven especially by audit
committees, executive management, and stakeholder demands for stronger
corporate governance and transparency
Providing risk coverage in areas requiring specialized knowledge, such as
information technology, major capital programs, contracts, fraud, acquisitions,
and international ventures
Interpreting and reconciling the volume and disparity of risk and control
information from across the enterprise
Maintaining proper investment and alignment in risk management and internal
control approach, technology, knowledge, and learning programs
Addressing the war for talent through staff recruitment, development, career
planning, and retention for experienced risk management and internal control
professionals
Adding benefit through process and control improvement recommendations,
sharing of leading practices, and working to implement major change initiatives.

RISK MANAGEMENT AND INTERNAL CONTROL

In a recent survey, 42% of the companies that responded believe they

have key risks that are not being formally managed.

FRAMEWORK FOR RISK AND CONTROL

The three primary components of a risk and control framework include
Governance, People, and Methods and Practices, and related subcomponents, are reflected in the diagram below:

INFORMATION SYSTEM RISK MANAGEMENT

The cardinal rule of security is that

No one thing makes a computer secure

Types of
System Risk

I. Accidental Threats

Natural Calamities like Fire,

Flood, Earthquake, etc
Energy
gy variations
Hardware failures

II. Intentional Threats

Unauthorized access
Unauthorized alteration to data
Leakage of sensitive information

ACCIDENTAL THREATS

Fire damage:
Fire is a major threat to the physical security of a computer installation.
Following are the major features of a well-designed fire protection
system:
Installation of both automatic and manual fire alarms at strategic
locations.
Installation of manual fire extinguishers at strategic locations.
Fire extinguishers and fire exits should be clearly marked.
Place master switches for power.
Place smoke detectors.
Use sprinkler system/ halogen gas to put off fire.
When a fire alarm is activated, a signal may be sent automatically to
permanently manned fire station.
All staff members should know how to use the system.

Water damage:
Water damage to a computer installation can be the outcome of a fire; the
specific system sprays water that enters hardware. It may also result from other
resources such as floods, cyclones, etc.
Some of the major ways of protecting the installation against water damage are
as follows:
Have waterproof ceilings and walls.
Ensure an adequate drainage system exists.
In flood areas have the installation above the high water level.
Have a master switch for all water mains.
Use a dry pipe automatic sprinkler system.
Cover hardware with a protective fabric when it is not in use.

ENERGY VARIATION

Energy
Variations

Increase in
power

Temporary

Loss of
power

Sustained

Stabilizer/
Voltage
Regulator

Temporary

Circuit
breakers

Battery
Back-Up

Sustained

Generator

Hardware Failures:
There are cases when hardware failures cause the operating system to crash.
There could also be cases of system failures which cause the whole segment of
memory to be dumped to disks and printers resulting in unintentional disclosure of
confidential information.
Backing-up data:
Backing up data is the single most important step in preventing data loss. Regular
backups are vital insurance against a data-loss catastrophe, yet many organizations
learn this lesson the hard way.
By far the best method of taking a back-up is replication of data to an off-site location
using local mirrors of systems.
Following are some rules of thumb to guide you in developing a solid backup strategy.
Develop a written backup plan
Your database and accounting files are your most critical data assets. They should be
backed up before and after any significant use. For most organizations, this means
backing up these files daily. Nonprofits that do a lot of data entry should consider
backing up their databases after each major data-entry session.
Store a copy of your backups off-site to insure against a site-specific disaster such as
a fire, break-in, or flood. Ideally, you should store your backups in a safety-deposit
box.

DISASTER RECOVERY PLAN (DRP)

Disaster Recovery is the process, policies and procedures related to

preparing for recovery of technology and infrastructure critical to an
organization after a natural or human-induced disaster.
Example: 9/11 Terror attacks on World Trade Center
Objectives of DRP:
Assures the management that normalcy would be restored in a set time
Minimization of losses

General Components of DRP:

1.Emergency Plan
2.Recovery Plan
3.Back-up Plan

It is estimated that most large companies spend between 2% and 4% of their IT

budget on disaster recovery planning, with the aim of avoiding larger losses in the
event that the business cannot continue to function due to loss of IT infrastructure
and data.
Of companies that had a major loss of business data:

INTENTIONAL THREATS:

Unauthorized intrusion can take two forms.

The intruder by physically entering the room may steal assets or carry out
sabotage. Alternatively, the intruder may eavesdrop on the installation by wire
tapping, installing an electronic bug or using a receiver that picks up electromagnetic signals.
The Intentional attacks can be from Intruders outside the organization or even
from privileged personnel who abuse their authority (Ex: Disgruntled
employees).
Mitigation Techniques for Unauthorized Intrusion:
There should be a separate visitor lounge.
Entry should be granted only to IT personnel and using biometric devices, such
as fingerprints, voice prints, retina prints, or signature characteristics.
Use alarms to alert entry made by an intruder.
Old, unused accounts are just that many more passwords for someone to find
out.
Install security patches to the operating system.
Security checking software.

ADMINISTRATIVE CONTROLS:

1. Log on Procedures
2. Call Back Devices
3. Firewalls
4. Encryption
5. Anti-Virus Software
6. Hiring Tiger Teams

FINANCIAL RISK MANAGEMENT

Financial Exposure v/s Financial Risk

Financial risk refers to the probability of loss, while financial exposure is
the possibility of loss.
Financial risk arises as a result of financial exposure.

HISTORY OF FINANCIAL RISK

Early Market Scenario
New Era of Finance

HOW DOES FINANCIAL RISK ARISE?

Financial risks arising from an organizations exposure to

changes in market prices, such as interest rates, exchange
rates, and commodity prices.

Financial risks arising from the actions of, and transactions

with, other organizations such as vendors, customers, and
counterparties in derivatives transactions.

Financial risks resulting from internal actions or failures of

the organization, particularly people, processes, and systems.

TYPES OF FINANCIAL RISK

Pure Risk:
The situation in which a gain will not occur. The best possible outcome is
that of no loss occurring.

Speculative Risk:
A risk in which either a gain or a loss may occur.

Diversifiable Risk & Non-diversifiable Risk:

Essentially diversifiable risk is that which can be mitigated through a process of
pooling risks and vice-versa for non-diversifiable.

WHAT IS FINANCIAL RISK MANAGEMENT?

Financial risk management is a process to deal with the uncertainties

resulting from financial markets.

It involves assessing the financial risks facing an organization and developing

management strategies consistent with internal priorities and policies.

Addressing financial risks proactively may provide an organization with a

competitive advantage.

It also ensures that management, operational staff, stakeholders, and the

board of directors are in agreement on key issues of risk.

PROCESS OF FINANCIAL RISK MANAGEMENT

The process can be summarized as follows:

Identify and prioritize key financial risks.
Determine an appropriate level of risk tolerance.
Implement risk management strategy in accordance with policy.
Measure, report, monitor, and refine as needed.

There are three broad alternatives for managing risk:

1.Do nothing and actively, or passively by default, accept all risks.
2.Hedge a portion of exposures by determining which exposures can and
should be hedged.
3.Hedge all exposures possible.

WAYS OF FINANCIAL RISK MANAGEMENT

Different ways of Financial Risk

Management

Hedging Using Capital Asset Pricing

model (CAPM)

Hedging Using Market Instruments

HEDGING USING CAPITAL ASSET PRICING MODEL (CAPM)

CAPM or the Capital Asset Pricing model is the most frequently used financial
model to enable portfolio diversification. If returns on risky assets have less
than perfect correlation, i.e., they do not naturally hedge against each other,
risk averse individuals diversify risk in their holding of assets. A well
diversified portfolio would have less fluctuation than returns on individually
held financial assets.
Given that non-systematic risk is virtually nullified by a large portfolio
(CAPM assumes such a large portfolio), the only risk that remains is the
systematic risk. Thus, the only type of risk for which and investor would
earn a return would be the systematic risk. This systematic risk is
measured as Beta. Beta () calculates the volatility/exposure of a
securitys return to the entire market (CAPM) portfolio.

According to the CAPM Model,

Cost of Capital (Ke) = Rf + (Rm Rf);
Where, Rf is the Risk Free Rate, is the Beta of the portfolio and Rm is the
Market Rate.

WHAT IS HEDGING?
Hedge - In finance, a hedge is a position established in one market in an attempt to offset
exposure to the price risk of an equal but opposite obligation or position in another market
usually, but not always, in the context of one's commercial activity.

SPOT CONTRACTS
FORWARD CONTRACTS
Closed Forward - Closed forwards must be settled on a specified date.
Open Forwards - Open forwards set a window of time during which any portion of the
contract can be settled, as long as the entire contract is settled by the end date.

Using FX forwards, one can:

Protect costs on products and services purchased abroad
Protect profit margins on products and services sold abroad
Lock-in exchange rates as much as a year in advance

EXAMPLE FOR FX FORWARDS

A Swiss exporter company accepts to receive $ 1,000,000 after 3 months. The exporter
has collected following information.
Spot (CHF/$)
:1.8054/1.8065
3-m forward (CHF/$)
:1.8075/1.8083
3-m LIBOR (assumed)
: CHF 5%, USD $ 6.76%
What option does the exporter have to hedge his position for the FX fluctuation risk?
Solution:
Money market cover:
The exporter has a receivable exposure. Hence, the exposure can be covered in the
money market by borrowing in USD. The receivables can be used to pay- off the loan with
interest while the dollars borrowed today can be converted into CHF and invested.
Amount, which can be borrowed today = [1,000,000] / [1+0.0676 * 3/12] = USD $ 983,381.
The amount can be converted today into
CHF (983,381) (1.8054)= CHF 1,775,396.
If this is invested for 3 months, the exporter can get
(1,775,396) ( 1+0.05 * 3/12) = CHF 1,797,588.
Forward Cover:
Instead of using money market cover, if the exporter takes forward cover then he can get
this at CHF / USD 1.8075 which will give him cash flow in CHF of (1,000,000)(1.8075)=
CHF 1,807,500.00. In this case the exporter shall go for forward cover.

Interest Rate Options

Interest Rate Options are options on the spot yield of U.S. Treasury securities.
Available to meet the investors needs are options on short, medium and long-term
rates. The following contracts are available for trading at the Chicago Board Options
Exchange:
Options on the short-term rate (ticker symbol IRX) are based on the annualized
discount rate on the most recently auctioned 13-week Treasury bill.
Options on the 5-year rate (ticker symbol FVX) are based on the yield-to-maturity of the
most recently auctioned 5-year Treasury note.
Options on the 10-year rate (ticker symbol TNX) are based on the yield-to-maturity of
the most recently auctioned 10-year Treasury note.
Options on the 30-year rate (ticker symbol TYX) are based on the yield-to-maturity of
the most recently auctioned 30-year Treasury bond.

How do interest rate options work?

A call buyer anticipates interest rates will go up, increasing the value of the call position. A put
buyer anticipates that rates will go down, increasing the value of the put position.
A yield-based call option holder will profit if, by expiration, the underlying interest rate rises
above the strike price plus the premium paid for the call.
Conversely, a yield-based put option holder will profit if, by expiration, the interest rate has
declined below the strike price less the premium.

Interest Rate Options features:

Cash settled: Interest Rate Options are settled in cash. There is no need to own or deliver
any Treasury securities upon exercise.
Contract size: Interest Rate Options use the same $100 multiplier as options on equities
and stock indexes
European-style exercise: The holder of the option can exercise the right to buy or sell
only at expiration. This eliminates the risk of early exercise and simplifies investment
decisions.

Foreign Currency Swaps - A financial foreign currency contract whereby the buyer and
seller exchange equal initial principal amounts of two different currencies at the spot rate.

Example:
A company needs to borrow euros to fund an investment project. The cash flows will also
be in euros. It transpires that by issuing a loan in USD the company can obtain the
required funds more cheaply than by issuing a loan in EUR. However, in that case, the
company would be faced with the situation where the interest payments would be in USD
whereas the income would be in EUR. The company therefore decides to enter into a CC
Swap whereby it receives the USD interest rate and pays the EUR interest rate.
The following three examples show how, through a CC Swap, the standard interest rate
for the term and currency of the debenture loan are swapped.

Swap of the principal amounts at the beginning of the CC Swap

Principal in USD
Debenture issue in
USD.

Principal in USD

ABC

Principal in EUR

ING Bank

Swap of interest flows during the CC Swap

USD interest rate

ABC

on debenture loan

USD interest rate

ING Bank

EUR interest rate

Swap of the principal amounts at maturity of the CC Swap

Principal in USD

Principal in USD

ABC
Maturity of debenture
Loan in USD

Principal in EUR

ING Bank

Interest Rate Swaps

A financial interest rate contracts whereby the buyer and seller swap interest rate exposure over
the term of the contract. The most common swap contract is the fixed-to-float swap whereby
the swap buyer receives a floating rate from the swap seller, and the swap seller receives a fixed
rate from the swap buyer.

6Time
Month
(years)
Libor

Fixed Floating Swap

Rate
Rate
Net
Cash
Cash
Cash
Flows Flows Flows

[1]

[2]

[3]

[4]

[3] [4]

0.0

2.8 %

100.0

100.0

0.0

0.5

3.4 %

2.3

1.4

0.9

1.0

4.4 %

2.3

1.7

0.6

1.5

4.2 %

2.3

2.2

0.1

2.0

5.0 %

2.3

2.1

0.2

2.5

5.6 %

2.3

2.5

0.2

3.0

5.2 %

2.3

2.8

0.5

3.5

4.4 %

2.3

2.6

0.3

4.0

3.8 %

102.3

102.2

0.1

OTHER FINANCIAL INSTRUMENTS FOR HEDGING

Futures
1.Commodity
2.Interest Rate
3.Currency
4.Index
5.Stock

Credit Derivatives
1.Credit Default
2.Total Return Swap
3.Credit Linked Note

RISK MANAGED ?
Risk management isnt just about protecting your business its
also about making it better. Risk management shouldnt be
thought of as a stand-alone compliance or control activity, but as a
competency that allows your organization to realize its potential
whether that means driving top line growth, eliminating costs,
enhancing reputation and brand, or making better use of capital
assets. Organizations need to understand all of their business risks
strategic, operational, financial, compliance align their risk
functions and activities to eliminate overlaps and gaps, and
develop plans to manage, accept, or capitalize on those risks.
Although Return Maximization is an objective holding paramount
importance for an organisations long term goals, the same cannot
be achieved unless Risk Minimisation is paid heed to. Hence it is
essential that an appropriate balance is struck between Risks and
Return.

THANK YOU