Professional Documents
Culture Documents
Module 3 CG 2022
Module 3 CG 2022
Types of Risks, Risk Analysis, Risk Management Information System, Risk Governance,
and Responsibility of Risk Profiling, Risk Strategy and Risk Policies.
Learning outcomes:
Counterparty risk
This refers to the kind of risk that an organization/person with which a
corporation has a business relationship with, fails to perform its obligations.
Defaulting by borrowers on their loan agreements with banks.
Prospective buyers “fail to close” on the purchase of a contract with home
sellers.
Domino-like effect (must consider counterparties’ counterparty risk)
Interest rate risk
This refers to the kind of risk where a shift in interest rates will adversely
affect either the company’s assets or its liabilities.
Liquidity risk
This module is strictly for Private circulation only. This is compiled by using the references mentioned. Compiled by
Sunitha.B.K . Do not uploaded on any internet website Page
Page 1
The possibility that the firm will not have sufficient cash on hand or immediately
available credit to pay its bills as they come due.
Market risk management
Market risk management is carried out by ensuring a mutual check and balance system
for business operations through the development of risk management organs and
systems that are independent from profit-making departments.
A major step in appropriate oversight of risk taking by a firm is listing out all of the
risks that a firm is potentially exposed to and categorizing these risks into groups. This
list is called a risk profile.
This module is strictly for Private circulation only. This is compiled by using the references mentioned. Compiled by
Sunitha.B.K . Do not uploaded on any internet website Page
Page 2
Independent risk management function
An independent risk management function is the second line of defense. Its job is to
complement the management activities of the business line. This function has a
reporting structure independent of the risk-generating business lines and is responsible
for the planning, maintenance, and ongoing development of the banking corporation’s
risk management framework. One of its major duties is to challenge the adequacy of the
business lines’ inputs for risk management, risk measurement, the banking
corporation’s reporting systems, and the adequacy of the outputs obtained. Other
compliance, monitoring, and control functions such as the compliance and anti-money
laundering officer, the Chief Accounting Officer, and control of financial reportage are
part of the second line of defense.
Internal audit
Internal audit provides independent review and challenges the corporation’s risk
management controls, processes, and systems.
A strong risk culture and good communication among the three lines of defense are
important characteristics of appropriate risk governance.
Risk Appetite
The Board shall approve the risk profile or appetite of the Company in material risk
areas. The objective of risk appetite statements is to restrict the overall risk levels of the
Company based on pre-defined strategies.
This module is strictly for Private circulation only. This is compiled by using the references mentioned. Compiled by
Sunitha.B.K . Do not uploaded on any internet website Page
Page 3
Risk Manager shall develop the Risk Appetite statements and submit to the
Board for review and approval.
Risk Appetite statements shall be reviewed annually for necessary changes. Any
breach of the appetite statements shall be reported to the Board at the next
meeting.
Risk identification
Risk identification forms the core of the Risk Management system. Multiple
approaches for risk identification are applied to ensure a comprehensive Risk
Identification process.
The company shall identify sources of risk, areas of impacts, events and their
causes with potential consequences. Comprehensive identification is critical,
because a risk that is not identified here will be missed from further analysis.
For all key risks identified during the Risk Identification process, a qualitative
and quantitative assessment is carried out
Risk assessment involves different means by which to grade risks in order to
assess the possibility of their occurrence and extent of damage their occurrence
might cause.
Likelihood rating and impact rating is as per the Rating parameters defined by
the Company.
Risk Prioritization
This module is strictly for Private circulation only. This is compiled by using the references mentioned. Compiled by
Sunitha.B.K . Do not uploaded on any internet website Page
Page 4
For this purpose, the materiality scales are used to identify the severity and
likelihood of these risks.
All risks that fall in the red zone are considered high risk and require immediate
attention in terms of risk management.
The findings of risk prioritization are presented to Senior Management and
Business Units.
Once the top or critical risks are prioritized, appropriate risk mitigation and
management efforts to effectively manage these risks are identified.
In brief, the assessment involves following key steps Rating of each risk as per the
probability of the risk event occurring
Rating the risk as per the financial impact of that risk event should the risk event occur.
This module is strictly for Private circulation only. This is compiled by using the references mentioned. Compiled by
Sunitha.B.K . Do not uploaded on any internet website Page
Page 5
a) Risk Identification and Categorization – the process of identifying the company’s
exposure to uncertainty classified as Strategic / Business / Operational.
c) Risk Estimation – the process for estimating the cost of likely impact either by
quantitative, semi-quantitative or qualitative approach.
Risk Monitoring
1. The risks are to be monitored and treated by the Risk team under the guidance of
Risk owner on a frequent basis. The risk owner reviews all the risks identified and
profiled on quarterly basis with reference to the risk mitigation plan.
2. A risk mitigation action plan is outlined for all priority risks in the high and medium
categories. Senior Management and Business Heads design an action plan to mitigate
and monitor each of these key risks.
4. The Company shall also introduce some high level Key Risk Indicators that will
provide leading and lagging indicators on some key risks.
Risk Reporting
1. The Company’s MIS provides the Board and senior management in clear and concise
manner timely and relevant information concerning the risk profile. The MIS is capable
of capturing major policy breaches and effective in promptly reporting such breaches to
senior management, as well as to ensure that appropriate follow-up actions are taken.
2. Most of the internal reporting and day to day interactions between senior
management and Business Functions ensures that senior management is aware of key
risks and unusual incidents or loss events.
This module is strictly for Private circulation only. This is compiled by using the references mentioned. Compiled by
Sunitha.B.K . Do not uploaded on any internet website Page
Page 6
3. In addition to this, formal risk reporting has been introduced to highlight risk
profiles, trends, key issues and effectiveness of Risk Management Systems.
4. The ongoing business success of the Company depends to a great extent on risk
awareness and the ability to manage risks. This requires transparency of all risk taking
activities and thus an effective risk reporting system.
This module is strictly for Private circulation only. This is compiled by using the references mentioned. Compiled by
Sunitha.B.K . Do not uploaded on any internet website Page
Page 10
Risk treatment
This module is strictly for Private circulation only. This is compiled by using the references mentioned. Compiled by
Sunitha.B.K . Do not uploaded on any internet website Page
Page 11
Risk assessment
Definition: The identification, analysis and evaluation of the nature and impact of risks
and opportunities.
This module is strictly for Private circulation only. This is compiled by using the references mentioned. Compiled by
Sunitha.B.K . Do not uploaded on any internet website Page
Page 12
A risk management information system is technology that enables you to capture,
manage and analyze all your organization’ s risk and insurance data in a single, secure
system. Using risk management software, organizations like yours can improve
departmental efficiencies and generate savings on your total cost of risk. But, a RMIS
and the expert support behind it offers much, much more. A RMIS helps you to
improve data accuracy and reduce administrative burdens.
Automatically highlighting to users, at the point of entry, values that may contain
errors.
Ensuring consistent synchronization of data from multiple sources.
Providing context help for users.
Building adaptive questionnaires forms, and interfaces that ask users for relevant data
only.
Specifying field constraints (for example, dropdown options), mandatory fields,
defaults, and other validation logic.
Post data-entry cleaning and automatic validation against business rules.
This module is strictly for Private circulation only. This is compiled by using the references mentioned. Compiled by
Sunitha.B.K . Do not uploaded on any internet website Page
Page 13
Why is a RMIS beneficial for organizations?
1. Companies all over the world face strict compliance rules. This is because there
have been several companies in the past where frauds have occurred. Hence,
regulatory authorities want records of important data to be maintained. Risk
management information systems are equipped to collect this data and generate
reports in the formats specified by the government. This is the reason that they
are considered to be valuable by many organizations. Inability to maintain this
data and distribute it in a timely manner can lead to lawsuits and fines.
2. Whenever an organization fails to manage risks, its stakeholders suffer. Also, in
the case of large organizations, the information is often covered in the media.
Hence, the reputation of the company suffers. Companies invest billions of
dollars in creating a brand image. Hence, there is no reason why they would not
want to spend a little more and build an information system that would help
them protect the brand image.
3. Organizations have tried to use the cheaper alternative and manage data
pertaining to risks via a set of spreadsheets. However, these spreadsheets are not
connected to one another. Hence, collating data effectively to facilitate decision-
making becomes a challenge. Over the years, companies have realized that it is
cheaper to spend money on an information system than to suffer the impact of
risks that were not managed appropriately.
4. The risk management profile of some companies can be extremely complex. For
instance, some companies have to deal with documents in a wide variety of
languages and currencies. Similarly, large organizations typically have several
overlapping insurance policies with different carriers. Risk management
information systems help map the insurance or the derivative against the asset
which it is trying to secure. This provides a complete picture of the risk profile of
the company.
5. Risk management information systems bring automation to risk management
practices. They are designed to collect data automatically. Periodic reports are
generated and sent out to the concerned personnel at the required times. In the
absence of an integrated risk management information system, all this will have
to be done by humans and that would cost the organization a lot more as
compared to the cost of the software.
This module is strictly for Private circulation only. This is compiled by using the references mentioned. Compiled by
Sunitha.B.K . Do not uploaded on any internet website Page
Page 15
Security Policy
Programming standards
Backup recovery services
Reference Questions
2 MARKS
This module is strictly for Private circulation only. This is compiled by using the references mentioned. Compiled by
Sunitha.B.K . Do not uploaded on any internet website Page
Page 16
8. What is risk management policy?
9. What is risk management strategy?
10. Mention any 2 products of governance cloud eco system.
4 MARKS:
References
https://blog.ipleaders.in/corporate-governance-and-risk-management/
https://diligent.com/blog/relationship-risk-management-corporate-governance.
https://www.boi.org.il/en/BankingSupervision/SupervisorsDirectives/ProperCon
ductOfBankingBusinessRegulations/310_et.pdf
https://www.alkemlabs.com/admin/Photos/Policies/641124928137876Risk_Mana
gement_Policy.pdf
https://www.theirm.org/about/professional-standards/strategy-and-
performance/risk-management-policy-and-procedures
This module is strictly for Private circulation only. This is compiled by using the references mentioned. Compiled by
Sunitha.B.K . Do not uploaded on any internet website Page
Page 17
http://blog.ventivtech.com/blog/bid/286243/What-is-a-risk-management-
information-system-what-can-it-do-for-you
https://www.ventivtech.com/blog/what-is-an-rmis-risk-management-
information-system
https://www.managementstudyguide.com/risk-management-information-
system.htm
This module is strictly for Private circulation only. This is compiled by using the references mentioned. Compiled by
Sunitha.B.K . Do not uploaded on any internet website Page
Page 18