Enterprise-wide risk is now a widely used term in the Financial Services and Energy industries and amongst risk

software vendors to encompass an integrated approach to risk management, across the organisation as a whole, allowing regulatory capital to be freed up and savings to be made. It no longer makes sense to manage risk on a departmental basis as has been the case in the past.

The dissemination of information and a comprehensive approach to management are required so that risks are netted and the impact of external events over the entire business can be evaluated.

An enterprise-wide risk management system should anticipate how an institution could be affected by a particular risk in order to let the institution make faster decisions and see the whole impact of a particular event. CreditRisk Credit risk in general terms means the uncertainty of a counterparty (obligor) to meet its obligations. Counterparties can be individuals, small companies, large corporate entities or even countries. Typically credit risk is measured as an amount of exposure that arises from transactions. In assessing credit risk from a single counterparty, an institution must consider the following issues:

DefaultProbability What is the likelihood that the counterparty will default on its obligation either over the life of the obligation?

CreditExposure In the event of a default, how large will the loss be? Exposures comprise settlement risk (the amount of money that is lost from non payment) plus the replacement cost if a counterparty fails to deliver and goods/services have to be replaced at unfavourable current prices (at the time of default). Various techniques can be applied to estimating or simulating the worst point in time that the counterparty could default.

Recoveryrate In the event of a default, what fraction of the exposure may be recovered through bankruptcy proceedings or some other form of settlement? OperationalRisk

An operational risk is a risk arising from a company's business functions and from the practical implementation of the management's strategy. As such, it is a very broad concept concerning human and systemic errors that include information risks, fraud, physical or environmental risks, etc. The term operational risk is most commonly found in risk management programmes of banks and other financial organisations that have implemented procedures and frameworks such as Basel II.

Globalisation and deregulation in financial markets, combined with increased sophistication in financial technology, have introduced more complexities into the activities of all banks and therefore their risk profiles. These reasons underscore banks and supervisors' growing focus upon the identification and measurement of operational risk.

MarketRisk

Market risk is exposure to the uncertain market value of a portfolio. It is the risk that the value of this portfolio may decline over a given period of time simply because of economic changes or other events that impact the market. The five standard market risk factors are:

Equity risk the risk that stock prices will change; Interest rate risk the risk that interest rates will change; Currency risk the risk that foreign exchange rates will change; Commodity risk the risk that commodity prices (eg. Gas, metals) will change; Credit risk the risk that credit prices/spreads will change.

Market risk can be measured in a number of ways but the most common is to use a Value at Risk methodology which is a well established risk management technique. Trading

Financial trading is performed by professionals who work within a financial institution or corporation. It is also possible for individuals to invest or speculate on a variety of different markets. Trading takes place either in a trading exchange, which is highly regularised or over the counter (OTC) market. Trading consists of buying and selling financial instruments in stock, foreign exchange, fixed income, derivative, commodity or energy markets.

OTC trades are negotiated directly between the two parties without the need for an exchange or intermediary.

Exchange based trading means that the exchange acts as the intermediary between the two parties. The exchange will take an initial margin (to cover potential losses during the first day) and subsequently either request more margin (if the trade creates a further loss) or return margin/pay cash if the trade is in profit. GovernanceandCompliance

Governance is the responsibility of senior management and focuses on creating organisational transparency by defining the mechanisms an organisation uses to ensure that its constituents follow established processes and policies. A proper governance strategy implements systems to monitor and record current business activity, takes steps to ensure compliance with agreed policies, and provides for corrective action in cases where the rules have been ignored or misconstrued.

Compliance is the process that records and monitors the policies, procedures and controls needed to enable compliance with legislative or industry mandates as well as internal policies.

Governance, Risk, and Compliance or "GRC" is an increasingly recognised term that

reflects a new way in which organisations can adopt an integrated approach to all of these three areas. However, this term is often positioned as a single business activity, when in fact, it includes multiple overlapping and related activities within an organisation, e.g. internal audit, compliance programmess such as Sarbanes-Oxley(SOX), MiFID, enterprise risk management (ERM) and operational risk etc.

TechnologyRisk

Technology permeates the operations of an entire institution and therefore technology risk cannot be compartmentalised as a process that focuses on a particular area. Technology enables key processes that a company uses to develop, deliver, and manage its products, services, and support operations. Understanding the role that technology plays in enabling core business operations establishes the framework for understanding where relevanttechnology risks lie.

By understanding the role that technology plays in supporting various business functions, company management is in a better position to determine the relative importance of these functions and prioritize the systems, applications, and data involved. Technology risks are present throughout the company and must be addressed as a whole.

Identifying vulnerabilities and threats provides company management with a view of the risks faced by the company given the enabling role of information technology. Once these risks have been identified, an appropriate technology risk management strategy can be developed and implemented.