Documente Academic
Documente Profesional
Documente Cultură
As we all know now, the risks were actually far greater than anyone could have imagined. To
that point, risk management has become a more important role in the world of finance and
the capital markets than it ever has been before. With many firms focusing their attentions on
developing more and stronger risk measures and teams, the field of risk management is
becoming a more desirable, and consequently more competitive, field than ever before. More and
more risk professionals are choosing to further their credentials by enrolling in the Financial Risk
Manager (FRM) designation
Risk management
Risk management is the identification, evaluation, and prioritization of risks (defined in ISO
31000 as the effect of uncertainty on objectives) followed by coordinated and economical
application of resources to minimize, monitor, and control the probability or impact of
unfortunate events[1] or to maximize the realization of opportunities.
Risks can come from various sources including uncertainty in financial markets, threats from
project failures (at any phase in design, development, production, or sustaining of life-cycles),
legal liabilities, credit risk, accidents, natural causes and disasters, deliberate attack from an
adversary, or events of uncertain or unpredictable root-cause. There are two types of events i.e.
negative events can be classified as risks while positive events are classified as opportunities.
Risk management standards have been developed by various institutions, including the Project
Management Institute, the National Institute of Standards and Technology, actuarial societies,
and ISO standards.[2][3] Methods, definitions and goals vary widely according to whether the risk
management method is in the context of project management, security, engineering, industrial
processes, financial portfolios, actuarial assessments, or public health and safety.
Strategies to manage threats (uncertainties with negative consequences) typically include
avoiding the threat, reducing the negative effect or probability of the threat, transferring all or
part of the threat to another party, and even retaining some or all of the potential or actual
consequences of a particular threat, and the opposites for opportunities (uncertain future states
with benefits).
Certain risk management standards have been criticized for having no measurable improvement
on risk, whereas the confidence in estimates and decisions seems to increase. [1] For example, one
study found that one in six IT projects were "black swans" with gigantic overruns (cost overruns
averaged 200%, and schedule overruns 70%).
Principles of Risk Management
The International Organization for Standardization (ISO) identifies the following principles of
risk management
Risk management should:
Create value – resources expended to mitigate risk should be less than the consequence of
inaction
Be an integral part of organizational processes
Be part of decision making process
Explicitly address uncertainty and assumptions
Be a systematic and structured process
Be based on the best available information
Be tailorable
Take human factors into account
Be transparent and inclusive
Be dynamic, iterative and responsive to change
Be capable of continual improvement and enhancement
Be continually or periodically re-assessed
Source analysis – Risk sources may be internal or external to the system that is the target
of risk management (use mitigation instead of management since by its own definition risk
deals with factors of decision-making that cannot be managed).
Examples of risk sources are: stakeholders of a project, employees of a company or the weather
over an airport.
Problem analysis– Risks are related to identified threats. For example: the threat of losing
money, the threat of abuse of confidential information or the threat of human errors,
accidents and casualties. The threats may exist with various entities, most important with
shareholders, customers and legislative bodies such as the government.
When either source or problem is known, the events that a source may trigger or the events that
can lead to a problem can be investigated. For example: stakeholders withdrawing during a
project may endanger funding of the project; confidential information may be stolen by
employees even within a closed network; lightning striking an aircraft during takeoff may make
all people on board immediate casualties.
The chosen method of identifying risks may depend on culture, industry practice and
compliance. The identification methods are formed by templates or the development of templates
for identifying source, problem or event. Common risk identification methods are:
Risk options
Risk mitigation measures are usually formulated according to one or more of the following major
risk options, which are:
1. Design a new business process with adequate built-in risk control and containment
measures from the start.
2. Periodically re-assess risks that are accepted in ongoing processes as a normal feature of
business operations and modify mitigation measures.
3. Transfer risks to an external agency (e.g. an insurance company)
4. Avoid risks altogether (e.g. by closing down a particular high-risk business area)
Later research has shown that the financial benefits of risk management are less dependent on
the formula used but are more dependent on the frequency and how risk assessment is
performed.
In business it is imperative to be able to present the findings of risk assessments in financial,
market, or schedule terms. Robert Courtney Jr. (IBM, 1970) proposed a formula for presenting
risks in financial terms. The Courtney formula was accepted as the official risk analysis method
for the US governmental agencies. The formula proposes calculation of ALE (annualized loss
expectancy) and compares the expected loss value to the security control implementation costs
(cost-benefit analysis).
Potential risk treatments
Once risks have been identified and assessed, all techniques to manage the risk fall into one or
more of these four major categories:[12]
Investment risk
Investment Risk can be defined as the probability or likelihood of occurrence of losses relative to
the expected return on any particular investment. Description: Stating simply, it is a measure of
the level of uncertainty of achieving the returns as per the expectations of the investor
Business risk
Business Risk is the exposure a company or organization has to factor(s) that will lower its
profits or lead it to fail.
Anything that threatens a company's ability to meet its target or achieve its financial goals is
called business risk. These risks come from a variety of sources, so it's not always the company
head or a manager who's to blame. Instead, the risks may come from other sources within the
firm or they may be external—from regulations to the overall economy.
While a company may not be able to shelter itself from risk completely, there are ways it can
help protect itself from the effects of business risk, primarily by adopting a risk management
strategy.
Financial risk
Financial Risk is a term that can apply to businesses, government entities, the financial market
as a whole, and the individual. This risk is the danger or possibility that shareholders, investors,
or other financial stakeholders will lose money.
There are several specific risk factors that can be categorized as a financial risk. Any risk is a
hazard that produces damaging or unwanted results. Some more common and distinct financial
risks include credit risk, liquidity risk, and operational risk.
Liquidity risk
Liquidity Risk is a firm’s possible inability to meet its short-term debt obligations, thereby
incurring exceptionally large losses. This usually occurs as a result of a firm’s inability to
convert its current assets into cash without incurring capital losses.
Liquidity risk means all firms seek access to lending to meet their short-term financial
obligations, but also to carry out long-term strategic investments. Failure to acquire appropriate
funding within a realistic timeframe could expose a firm to liquidity risk, thereby causing
undesirable consequences.
With respect to securities, this risk occurs when the ask-bid spreads are widening out to levels
that investors need to spend large amounts of amount to deal with them. In general, this risk
arises when a firm or an individual face immediate cash needs that cannot be met by selling an
asset at its market value due to lack of buyers or due to an inefficient market that cannot match
buyers with sellers.
Default risk
Default Risk is the chance that a company or individual will be unable to make the required
payments on their debt obligation. Lenders and investors are exposed to default risk in virtually
all forms of credit extensions. A higher level of risk leads to a higher required return, and in turn,
a higher interest rate.
Investment Rat Risk is the danger that the value of a bond or other fixed-income investment will
suffer as the result of a change in interest rates. Investors can reduce interest rate risk by buying
bonds that mature at different dates. They also may allay the risk by hedging fixed-income
investments with interest rate swaps and other instruments.
A long-term bond generally offers a maturity risk premium in the form of a higher built-in rate of
return to compensate for the added risk of interest rate changes over time.
Management risk
Management Risk is the risk — financial, ethical or otherwise — associated with ineffective,
destructive or underperforming management. Management risk can be a factor for investors
holding stock in a company. Management risk can also refer to the risks associated with the
management of an investment fund.
Inflation Risk aka. “Purchasing Power Risk” is the risk due to “a decrease in purchasing power
of assets or cash flow” due to inflation. A typical example would be a bond that generates a fixed
rate of return.
For instance, suppose this bond is worth $1000 and generates a 5% yield i.e. $50. Suppose when
you purchase the bond that $50 will buy two tanks of gas for your car. Over time inflation will
reduce the purchasing power of that $50 so it only buys one tank of gas. If you are counting on
using the proceeds of the bond to buy gas there is an “inflation risk” that eventually you will not
be covered. The worst case example of inflation risk is if a country experiences “hyperinflation”
where the purchasing power of the currency decreases on a daily basis.
Investing Answers puts it this way: Inflation risk, also called purchasing power risk, is the
chance that the cash flows from an investment won’t be worth as much in the future because of
changes in purchasing power due to inflation.”
Wall Street Oasis says, “Inflation risk is the risk any investor takes on when holding cash or
investing in an asset which is not linked to inflation. The risk is that the cash value will be
reduced by inflation. For example, if an investor holds 40% of a $1,000,000 portfolio in cash
and inflation is running at 5%, the cash value of the portfolio will lose $20,000 per year ($1
million x 0.4 x 0.05) due to inflation.”
Being able to identify and manage financial risks is a very important responsibility for all
individuals and business owners. One financial risk that many people underestimate is the risk
associated with inflation. While inflation tends to devalue your money over time, there are steps
that can be followed to help manage this risk.
Commonly used technique and models in assessing investment alternative under risk or
uncertainty
Some of the most important methods that are used for taking investment decisions under risk are
as follows:
Probability
Probability of Occurrence
0 - 10% or Very unlikely to occur
11 - 40% or Unlikely to occur
41 - 60% or May occur about half of the time
61 - 90% or Likely to occur
91 - 100% or Very likely to occur
The probability is a single percentage number and does not have to be exact as long as the group
applies a consistent approach to estimating the probabilities for all the risks.
Make sure everyone is in agreement before moving on or get a decision from the program
manager.
Reference: Risk Matrix User's Guide, Version 2.2, by Pamela E. Engert and Zachary F.
Lansdowne, Mitre Document MP99B0000029, November 1999, The MITRE Corporation
Likely - Occurs several times in career/equipment service life. All members exposed.
Occurs frequently.
Unlikely - Can assume will not occur in career/equipment service life. All members
exposed. Possible, but improbable; occurs only very rarely.
where, A is the Associated Risk Event and B is the Condition Present. The following table
provides a guide for assessing risk event probabilities.
A risk event that is certain not to occur has, by definition, probability equal to zero. In this case,
we say the risk event does not exist. The table above does not assign a categorical rating
(i.e., High, Medium, or Low) to a risk event that is certain not to occur. A risk event that
is certain to occur has, by definition, probability equal to one. In this case, we say the event is no
longer a risk; on the IS upgrade, it is considered an issue that presently exists on the project. The
above table does not assign a categorical rating (i.e., High, Medium, or Low) to a risk event that
is certain to occur.
A profit table (payoff table) can be a useful way to represent and analyse a scenario where there
is a range of possible outcomes and a variety of possible responses. A payoff table simply
illustrates all possible profits/losses and as such is often used in decison
making under uncertainty.
Illustration
Geoffrey Ramsbottom runs a kitchen that provides food for various canteens throughout a large
organisation. A particular salad is sold to the canteen for $10 and costs $8 to prepare. Therefore,
the contribution per salad is $2.
Based upon past demands, it is expected that, during the 250 day working year, the canteens will
require the following daily quantities:
The kitchen must prepare the salads in batches of 10 meals in advance. The manager has asked
you to help decide how many salads the kitchen should supply for each day of the forthcoming
year.
If 40 salads will be required on 25 days of a 250 day year, then the probability that demand = 40
salads is
Likewise,
Now let's look at the different values of profit or losses depending on how many salads are
supplied and sold.
For example, if we supply 40 salads and all are sold, our profits amount to 40 x $2 = 80.
If however we supply 50 salads but only 40 are sold, our profits will amount to 40 × $2 - (10
unsold salads × $8 unit cost) = 80 - 80 = 0.
Daily supply
Probability 40 salads 50 salads 60 salads 70 salads
40 salads 0.10 $80 $0 $(80) $(160)
Daily Demand
50 salads 0.20 $80 $100 $20 $(60)
60 salads 0.40 $80 $100 $120 $40
70 salads 0.30 $80 $100 $120 $140
Decision Rules
To decide how many salads should be made very day, Geoffrey will first have to define his
attitude to risk, and use one of the following rules to make up his mind :
The maximax rule for an optimist - i.e. someone who wants the best possible upside
potential without being very concerned about possible losses or downside.
The maximin rule for a pessimist looking to minimise his losses - i.e. someone who
wants to minimise the potential downside exposure.
The minimax regret rule is for someone who doesn't like making the wrong decision.
This approach seeks to minimise such "regret".
Alternatively, expected values of profits could be used to make a decision. These are
averages and essentially ignore the spread or risk of outcomes. Risk must thus be brought
back into the decision making process another way.
Expected value of perfect information (EVPI) is the price that one would be willing to pay in
order to gain access to perfect information.[1] A common discipline that uses the EVPI concept
is health economics. In that context and when looking at a decision of whether to adopt a new
treatment technology, there is always some degree of uncertainty surrounding the decision,
because there is always a chance that the decision turns out to be wrong. The expected value of
perfect information analysis tries to measure the expected cost of that uncertainty, which “can be
interpreted as the expected value of perfect information (EVPI), since perfect information can
eliminate the possibility of making the wrong decision” at least from a theoretical perspective.
Sensitivity analysis
Sensitivity analysis is the study of how the uncertainty in the output of a mathematical model or
system (numerical or otherwise) can be divided and allocated to different sources of uncertainty
in its inputs.[1][2] A related practice is uncertainty analysis, which has a greater focus
on uncertainty quantification and propagation of uncertainty; ideally, uncertainty and sensitivity
analysis should be run in tandem.
The process of recalculating outcomes under alternative assumptions to determine the impact of
a variable under sensitivity analysis can be useful for a range of purposes,[3] including:
Simulation
Decision Tree
Decision tree is a decision support tool that uses a tree-like model of decisions and their possible
consequences, including chance event outcomes, resource costs, and utility. It is one way to
display an algorithm that only contains conditional control statements.
Decision trees are commonly used in operations research, specifically in decision analysis, to
help identify a strategy most likely to reach a goal, but are also a popular tool in machine
learning.
Expected Return
The return on an investment as estimated by an asset pricing
model. It is calculated by taking the average of the probability distribution of all possible returns.
For example, a model might state that an investment has a 10% chance of a 100% return and a 9
0% chance of a 50% return. The expected return is calculated as:
Expected Return = 0.1(1) + 0.9(0.5) = 0.55 = 55%.
It is important to note that there is no guarantee that the expected rate of return and the actual
return will be the same. See also: Abnormal return.
The rate of return expected on an asset or a portfolio. The expected rate of return on a single asse
t is equal to the sum of each possible rate of return multiplied by the respective probability of ear
ning on each return. For example, if a security has a 20% probability of providing a 10% rate of r
eturn, a 50% probability of providing a 12% rate of return, and a 25% probability of providing a
14% rate of return, the expected rate of return is (.20)(10%) + (.50)(12%) + (.25)(14%), or 12%.
Calculating expected return is not limited to calculations for a single investment. It can also be
calculated for a portfolio. The expected return for an investment portfolio is the weighted
average of the expected return of each of its components. Components are weighted by the
percentage of the portfolio’s total value that each accounts for. Examining the weighted average
of portfolio assets can also help investors assess the diversification of their investment portfolio.
To illustrate the expected return for an investment portfolio, let’s assume the portfolio is
comprised of investments in three assets – X, Y, and Z. $2,000 is invested in X, $5,000 invested
in Y, and $3,000 is invested in Z. Assume that the expected returns for X, Y, and Z have been
calculated and found to be 15%, 10%, and 20%, respectively. Based on the respective
investments in each component asset, the portfolio’s expected return can be calculated as
follows:
= 3% + 5% + 6%
= 14%
From a statistics standpoint, the standard deviation of a dataset is a measure of the magnitude of
deviations between the values of the observations contained in the dataset. From a financial
standpoint, the standard deviation can help investors quantify how risky an investment is and
determine their minimum required return on the investment.
We can find the standard deviation of a set of data by using the following formula:
Where:
Ri – the return observed in one period (one observation in the data set)
Ravg – the arithmetic mean of the returns observed
n – the number of observations in the dataset
By using the formula above, we are also calculating Variance, which is the square of the standard
deviation. The equation for calculating variance is the same as the one provided above, except
that we don’t take the square root.
An investor wants to calculate the standard deviation experience by his investment portfolio in
the last four months. Below are some historical return figures:
Thus, the investor now knows that the returns of his portfolio fluctuate by approximately 10%
month-over-month. The information can be used to modify the portfolio to better the investor’s
attitude towards risk.
The normal distribution theory states that in the long run, the returns of an investment will fall
somewhere on an inverted bell-shaped curve. Normal distributions also indicate how much of the
observed data will fall within a certain range:
68% of returns will fall within 1 standard deviation of the arithmetic mean
95% of returns will fall within 2 standard deviations of the arithmetic mean
99% of returns will fall within 3 standard deviations of the arithmetic mean
Hence, standard deviations are a very useful tool in quantifying how risky an investment is.
Actively monitoring a portfolio’s standard deviations and making adjustments will allow
investors to tailor their investments to their personal risk attitude.
Coefficient of Variation
mean