ADVANCED FINANCIAL MANAGEMENT

Asset Risk Concept and Pricing

Financial risk management 
Financial risk management is the practice of economic value in a firm by using financial
instruments to manage exposure to risk: operational risk, credit risk and market risk, foreign
exchange risk, shape risk, volatility risk, liquidity risk, inflation risk, business risk, legal
risk, reputational risk, sector risk etc. Similar to general risk management, financial risk
management requires identifying its sources, measuring it, and plans to address them.[1]
Financial risk management can be qualitative and quantitative. As a specialization
of risk management, financial risk management focuses on when and how to hedge using
financial instruments to manage costly exposures to risk
Learning Objectives
Document provides a comprehensive framework to guide candidates in their self-study
preparation for the FRM Exam. It contains information and approximate weightings for each of
the broad knowledge domains covered by the Exam, specific curriculum readings associated
with each knowledge domain, and individual learning objectives for each reading. Since every
FRM Exam question maps to at least one learning objective, the FRM Learning Objectives
document is an important study resource and should be referred to regularly during exam
preparation.
Introduction
One of the underlying tenets of finance is the ever-true trade-off between risk and reward. For
those looking to increase their potential rewards from an investment, the risks associated with the
investment will increase, often at a greater rate. In the years leading up to the subprime mortgage
meltdown of 2007-2008, investors, lenders and bankers all seemingly believed that the risks
associated with investments at that time had been far outweighed by the potential rewards that
could be earned.

As we all know now, the risks were actually far greater than anyone could have imagined. To
that point, risk management has become a more important role in the world of finance and
the capital markets than it ever has been before. With many firms focusing their attentions on
developing more and stronger risk measures and teams, the field of risk management is
becoming a more desirable, and consequently more competitive, field than ever before. More and
more risk professionals are choosing to further their credentials by enrolling in the Financial Risk
Manager (FRM) designation

Risk management 
Risk management is the identification, evaluation, and prioritization of risks (defined in ISO
31000 as the effect of uncertainty on objectives) followed by coordinated and economical
application of resources to minimize, monitor, and control the probability or impact of
unfortunate events[1] or to maximize the realization of opportunities.
Risks can come from various sources including uncertainty in financial markets, threats from
project failures (at any phase in design, development, production, or sustaining of life-cycles),
legal liabilities, credit risk, accidents, natural causes and disasters, deliberate attack from an
adversary, or events of uncertain or unpredictable root-cause. There are two types of events i.e.
negative events can be classified as risks while positive events are classified as opportunities.
Risk management standards have been developed by various institutions, including the Project
Management Institute, the National Institute of Standards and Technology, actuarial societies,
and ISO standards.[2][3] Methods, definitions and goals vary widely according to whether the risk
management method is in the context of project management, security, engineering, industrial
processes, financial portfolios, actuarial assessments, or public health and safety.
Strategies to manage threats (uncertainties with negative consequences) typically include
avoiding the threat, reducing the negative effect or probability of the threat, transferring all or
part of the threat to another party, and even retaining some or all of the potential or actual
consequences of a particular threat, and the opposites for opportunities (uncertain future states
with benefits).
Certain risk management standards have been criticized for having no measurable improvement
on risk, whereas the confidence in estimates and decisions seems to increase. [1] For example, one
study found that one in six IT projects were "black swans" with gigantic overruns (cost overruns
averaged 200%, and schedule overruns 70%).
Principles of Risk Management
The International Organization for Standardization (ISO) identifies the following principles of
risk management
Risk management should:

 Create value – resources expended to mitigate risk should be less than the consequence of
inaction
 Be an integral part of organizational processes
 Be part of decision making process
 Explicitly address uncertainty and assumptions
 Be a systematic and structured process
 Be based on the best available information
 Be tailorable
 Take human factors into account
 Be transparent and inclusive
 Be dynamic, iterative and responsive to change
 Be capable of continual improvement and enhancement
 Be continually or periodically re-assessed

Process of Risk Management

According to the standard ISO 31000 "Risk management – Principles and guidelines on

implementation,"[3] the process of risk management consists of several steps as follows:
Establishing the context
This involves:

1. observing the context

o the social scope of risk management
o the identity and objectives of stakeholders
o the basis upon which risks will be evaluated, constraints.
2. defining a framework for the activity and an agenda for identification
3. developing an analysis of risks involved in the process
4. mitigation or solution of risks using available technological, human and organizational
resources
Identification
After establishing the context, the next step in the process of managing risk is to identify
potential risks. Risks are about events that, when triggered, cause problems or benefits. Hence,
risk identification can start with the source of our problems and those of our competitors
(benefit), or with the problem consequenses.

 Source analysis – Risk sources may be internal or external to the system that is the target
of risk management (use mitigation instead of management since by its own definition risk
deals with factors of decision-making that cannot be managed).
Examples of risk sources are: stakeholders of a project, employees of a company or the weather
over an airport.

 Problem analysis– Risks are related to identified threats. For example: the threat of losing
money, the threat of abuse of confidential information or the threat of human errors,
accidents and casualties. The threats may exist with various entities, most important with
shareholders, customers and legislative bodies such as the government.
When either source or problem is known, the events that a source may trigger or the events that
can lead to a problem can be investigated. For example: stakeholders withdrawing during a
project may endanger funding of the project; confidential information may be stolen by
employees even within a closed network; lightning striking an aircraft during takeoff may make
all people on board immediate casualties.
The chosen method of identifying risks may depend on culture, industry practice and
compliance. The identification methods are formed by templates or the development of templates
for identifying source, problem or event. Common risk identification methods are:

 Objectives-based risk identification– Organizations and project teams have objectives.

Any event that may prevent an objective from being achieved is identified as risk.
 Scenario-based risk identification – In scenario analysis different scenarios are created.
The scenarios may be the alternative ways to achieve an objective, or an analysis of the
interaction of forces in, for example, a market or battle. Any event that triggers an undesired
scenario alternative is identified as risk – see Futures Studies for methodology used
by Futurists.
 Taxonomy-based risk identification – The taxonomy in taxonomy-based risk
identification is a breakdown of possible risk sources. Based on the taxonomy and
knowledge of best practices, a questionnaire is compiled. The answers to the questions reveal
risks.[7]
 Common-risk checking[8] – In several industries, lists with known risks are available.
Each risk in the list can be checked for application to a particular situation.[9]
 Risk charting[10] – This method combines the above approaches by listing resources at
risk, threats to those resources, modifying factors which may increase or decrease the risk
and consequences it is wished to avoid. Creating a matrix under these headings enables a
variety of approaches. One can begin with resources and consider the threats they are
exposed to and the consequences of each. Alternatively one can start with the threats and
examine which resources they would affect, or one can begin with the consequences and
determine which combination of threats and resources would be involved to bring them
about.
Assessment
Main article: Risk assessment
Once risks have been identified, they must then be assessed as to their potential severity of
impact (generally a negative impact, such as damage or loss) and to the probability of
occurrence. These quantities can be either simple to measure, in the case of the value of a lost
building, or impossible to know for sure in the case of an unlikely event, the probability of
occurrence of which is unknown. Therefore, in the assessment process it is critical to make the
best educated decisions in order to properly prioritize the implementation of the risk
management plan.
Even a short-term positive improvement can have long-term negative impacts. Take the
"turnpike" example. A highway is widened to allow more traffic. More traffic capacity leads to
greater development in the areas surrounding the improved traffic capacity. Over time, traffic
thereby increases to fill available capacity. Turnpikes thereby need to be expanded in a
seemingly endless cycles. There are many other engineering examples where expanded capacity
(to do any function) is soon filled by increased demand. Since expansion comes at a cost, the
resulting growth could become unsustainable without forecasting and management.
The fundamental difficulty in risk assessment is determining the rate of occurrence since
statistical information is not available on all kinds of past incidents and is particularly scanty in
the case of catastrophic events, simply because of their infrequency. Furthermore, evaluating the
severity of the consequences (impact) is often quite difficult for intangible assets. Asset valuation
is another question that needs to be addressed. Thus, best educated opinions and available
statistics are the primary sources of information. Nevertheless, risk assessment should produce
such information for senior executives of the organization that the primary risks are easy to
understand and that the risk management decisions may be prioritized within overall company
goals. Thus, there have been several theories and attempts to quantify risks. Numerous different
risk formulae exist, but perhaps the most widely accepted formula for risk quantification is:
"Rate (or probability) of occurrence multiplied by the impact of the event equals risk
magnitude."

Risk options
Risk mitigation measures are usually formulated according to one or more of the following major
risk options, which are:

1. Design a new business process with adequate built-in risk control and containment
measures from the start.
2. Periodically re-assess risks that are accepted in ongoing processes as a normal feature of
business operations and modify mitigation measures.
3. Transfer risks to an external agency (e.g. an insurance company)
4. Avoid risks altogether (e.g. by closing down a particular high-risk business area)
Later research has shown that the financial benefits of risk management are less dependent on
the formula used but are more dependent on the frequency and how risk assessment is
performed.
In business it is imperative to be able to present the findings of risk assessments in financial,
market, or schedule terms. Robert Courtney Jr. (IBM, 1970) proposed a formula for presenting
risks in financial terms. The Courtney formula was accepted as the official risk analysis method
for the US governmental agencies. The formula proposes calculation of ALE (annualized loss
expectancy) and compares the expected loss value to the security control implementation costs
(cost-benefit analysis).
Potential risk treatments
Once risks have been identified and assessed, all techniques to manage the risk fall into one or
more of these four major categories:[12]

 Avoidance (eliminate, withdraw from or not become involved)

 Reduction (optimize – mitigate)
 Sharing (transfer – outsource or insure)
 Retention (accept and budget)
Ideal use of these risk control strategies may not be possible. Some of them may involve trade-
offs that are not acceptable to the organization or person making the risk management decisions.
Another source, from the US Department of Defense (see link), Defense Acquisition University,
calls these categories ACAT, for Avoid, Control, Accept, or Transfer. This use of the ACAT
acronym is reminiscent of another ACAT (for Acquisition Category) used in US Defense
industry procurements, in which Risk Management figures prominently in decision making and
planning.
Risk avoidance
This includes not performing an activity that could present risk. Refusing to purchase
a property or business to avoid legal liability is one such example. Avoiding airplane flights for
fear of hijacking. Avoidance may seem like the answer to all risks, but avoiding risks also means
losing out on the potential gain that accepting (retaining) the risk may have allowed. Not entering
a business to avoid the risk of loss also avoids the possibility of earning profits. Increasing risk
regulation in hospitals has led to avoidance of treating higher risk conditions, in favor of patients
presenting with lower risk.
Risk reduction
Risk reduction or "optimization" involves reducing the severity of the loss or the likelihood of
the loss from occurring. For example, sprinklers are designed to put out a fire to reduce the risk
of loss by fire. This method may cause a greater loss by water damage and therefore may not be
suitable. Halon fire suppression systems may mitigate that risk, but the cost may be prohibitive
as a strategy.
Acknowledging that risks can be positive or negative, optimizing risks means finding a balance
between negative risk and the benefit of the operation or activity; and between risk reduction and
effort applied. By effectively applying Health, Safety and Environment (HSE) management
standards, organizations can achieve tolerable levels of residual risk.
Modern software development methodologies reduce risk by developing and delivering software
incrementally. Early methodologies suffered from the fact that they only delivered software in
the final phase of development; any problems encountered in earlier phases meant costly rework
and often jeopardized the whole project. By developing in iterations, software projects can limit
effort wasted to a single iteration.
Outsourcing could be an example of risk sharing strategy if the outsourcer can demonstrate
higher capability at managing or reducing risks.[15] For example, a company may outsource only
its software development, the manufacturing of hard goods, or customer support needs to another
company, while handling the business management itself. This way, the company can
concentrate more on business development without having to worry as much about the
manufacturing process, managing the development team, or finding a physical location for a
center.
Risk sharing
Briefly defined as "sharing with another party the burden of loss or the benefit of gain, from a
risk, and the measures to reduce a risk."
The term of 'risk transfer' is often used in place of risk sharing in the mistaken belief that you can
transfer a risk to a third party through insurance or outsourcing. In practice if the insurance
company or contractor go bankrupt or end up in court, the original risk is likely to still revert to
the first party. As such in the terminology of practitioners and scholars alike, the purchase of an
insurance contract is often described as a "transfer of risk." However, technically speaking, the
buyer of the contract generally retains legal responsibility for the losses "transferred", meaning
that insurance may be described more accurately as a post-event compensatory mechanism. For
example, a personal injuries insurance policy does not transfer the risk of a car accident to the
insurance company. The risk still lies with the policy holder namely the person who has been in
the accident. The insurance policy simply provides that if an accident (the event) occurs
involving the policy holder then some compensation may be payable to the policy holder that is
commensurate with the suffering/damage.
Some ways of managing risk fall into multiple categories. Risk retention pools are technically
retaining the risk for the group, but spreading it over the whole group involves transfer among
individual members of the group. This is different from traditional insurance, in that no premium
is exchanged between members of the group up front, but instead losses are assessed to all
members of the group.
Risk retention
Risk retention involves accepting the loss, or benefit of gain, from a risk when the incident
occurs. True self-insurance falls in this category. Risk retention is a viable strategy for small
risks where the cost of insuring against the risk would be greater over time than the total losses
sustained. All risks that are not avoided or transferred are retained by default. This includes risks
that are so large or catastrophic that either they cannot be insured against or the premiums would
be infeasible. War is an example since most property and risks are not insured against war, so the
loss attributed to war is retained by the insured. Also any amounts of potential loss (risk) over the
amount insured is retained risk. This may also be acceptable if the chance of a very large loss is
small or if the cost to insure for greater coverage amounts is so great that it would hinder the
goals of the organization too much.

Areas of Risk Management

As applied to corporate finance, risk management is the technique for measuring, monitoring and
controlling the financial or operational risk on a firm's balance sheet, a traditional measure is
the value at risk (VaR), but there also other measures like profit at risk (PaR) or margin at risk.
The Basel II framework breaks risks into market risk (price risk), credit risk and operational risk
and also specifies methods for calculating capital requirements for each of these components.
In Information Technology, Risk management includes "Incident Handling", an action plan for
dealing with intrusions, cyber-theft, denial of service, fire, floods, and other security-related
events. According to the SANS Institute,[16] it is a six step process: Preparation, Identification,
Containment, Eradication, Recovery, and Lessons Learned.

Investment risk 
Investment Risk can be defined as the probability or likelihood of occurrence of losses relative to
the expected return on any particular investment. Description: Stating simply, it is a measure of
the level of uncertainty of achieving the returns as per the expectations of the investor
Business risk

Business Risk is the exposure a company or organization has to factor(s) that will lower its
profits or lead it to fail.

Anything that threatens a company's ability to meet its target or achieve its financial goals is
called business risk. These risks come from a variety of sources, so it's not always the company
head or a manager who's to blame. Instead, the risks may come from other sources within the
firm or they may be external—from regulations to the overall economy.

While a company may not be able to shelter itself from risk completely, there are ways it can
help protect itself from the effects of business risk, primarily by adopting a risk management
strategy.
Financial risk

Financial Risk is a term that can apply to businesses, government entities, the financial market
as a whole, and the individual. This risk is the danger or possibility that shareholders, investors,
or other financial stakeholders will lose money.

There are several specific risk factors that can be categorized as a financial risk. Any risk is a
hazard that produces damaging or unwanted results. Some more common and distinct financial
risks include credit risk, liquidity risk, and operational risk.

Liquidity risk

Liquidity Risk is a firm’s possible inability to meet its short-term debt obligations, thereby
incurring exceptionally large losses. This usually occurs as a result of a firm’s inability to
convert its current assets into cash without incurring capital losses.

Liquidity risk means all firms seek access to lending to meet their short-term financial
obligations, but also to carry out long-term strategic investments. Failure to acquire appropriate
funding within a realistic timeframe could expose a firm to liquidity risk, thereby causing
undesirable consequences.
With respect to securities, this risk occurs when the ask-bid spreads are widening out to levels
that investors need to spend large amounts of amount to deal with them. In general, this risk
arises when a firm or an individual face immediate cash needs that cannot be met by selling an
asset at its market value due to lack of buyers or due to an inefficient market that cannot match
buyers with sellers.

Default risk
Default Risk is the chance that a company or individual will be unable to make the required
payments on their debt obligation. Lenders and investors are exposed to default risk in virtually
all forms of credit extensions. A higher level of risk leads to a higher required return, and in turn,
a higher interest rate. 

Interest rate risk

Investment Rat Risk is the danger that the value of a bond or other fixed-income investment will
suffer as the result of a change in interest rates. Investors can reduce interest rate risk by buying
bonds that mature at different dates. They also may allay the risk by hedging fixed-income
investments with interest rate swaps and other instruments.

A long-term bond generally offers a maturity risk premium in the form of a higher built-in rate of
return to compensate for the added risk of interest rate changes over time.

Management risk
Management Risk is the risk — financial, ethical or otherwise — associated with ineffective,
destructive or underperforming management. Management risk can be a factor for investors
holding stock in a company. Management risk can also refer to the risks associated with the
management of an investment fund.

Purchasing Power Risk

Inflation Risk aka. “Purchasing Power Risk” is the risk due to “a decrease in purchasing power
of assets or cash flow” due to inflation. A typical example would be a bond that generates a fixed
rate of return.
For instance, suppose this bond is worth $1000 and generates a 5% yield i.e. $50. Suppose when
you purchase the bond that $50 will buy two tanks of gas for your car. Over time inflation will
reduce the purchasing power of that $50 so it only buys one tank of gas. If you are counting on
using the proceeds of the bond to buy gas there is an “inflation risk” that eventually you will not
be covered. The worst case example of inflation risk is if a country experiences “hyperinflation”
where the purchasing power of the currency decreases on a daily basis.

Investing Answers puts it this way: Inflation risk, also called purchasing power risk, is the
chance that the cash flows from an investment won’t be worth as much in the future because of
changes in purchasing power due to inflation.”

Wall Street Oasis says, “Inflation risk is the risk any investor takes on when holding cash or
investing in an asset which is not linked to inflation. The risk is that the cash value will be
reduced by inflation. For example, if an investor holds 40% of a $1,000,000 portfolio in cash
and inflation is running at 5%, the cash value of the portfolio will lose $20,000 per year ($1
million x 0.4 x 0.05) due to inflation.”

Being able to identify and manage financial risks is a very important responsibility for all
individuals and business owners. One financial risk that many people underestimate is the risk
associated with inflation. While inflation tends to devalue your money over time, there are steps
that can be followed to help manage this risk.

Commonly used technique and models in assessing investment alternative under risk or
uncertainty

Some of the most important methods that are used for taking investment decisions under risk are
as follows:

1. Sensitivity Analysis 2. Scenario Analysis 3. Decision Tree Analysis 4. Break-Even Analysis 5.

Risk-Adjusted Discount Rate Method 6. Certainty-Equivalent Analysis.
Risk refers to the deviation of the financial performance of a project from the forecasted
performance. One needs to forecast the cash flows and other financial aspects while selecting a
project.

Probability

Acquisition Risk Management Probability Definitions

The risk rating is based on the probability of impact and the level of impact (manual mapping
approach):

Probability of Occurrence
0 - 10% or Very unlikely to occur
11 - 40% or Unlikely to occur
41 - 60% or May occur about half of the time
61 - 90% or Likely to occur
91 - 100% or Very likely to occur

The probability is a single percentage number and does not have to be exact as long as the group
applies a consistent approach to estimating the probabilities for all the risks.

Make sure everyone is in agreement before moving on or get a decision from the program
manager.

Reference: Risk Matrix User's Guide, Version 2.2, by Pamela E. Engert and Zachary F.
Lansdowne, Mitre Document MP99B0000029, November 1999, The MITRE Corporation

Operational Risk Management Probability Definitions

  Frequent - Occurs often in career/equipment service life. Everyone exposed.
Continuously experienced.

 Likely - Occurs several times in career/equipment service life. All members exposed.
Occurs frequently.

 Occasional - Occurs sometime in career/equipment service life. All members exposed.

Occurs sporadically, or several times in inventory/service life.

 Seldom - Possible to occur in career/equipment service life. All members exposed.

Remote chance of occurrence; expected to occur sometime in inventory service life

 Unlikely - Can assume will not occur in career/equipment service life. All members
exposed. Possible, but improbable; occurs only very rarely.

Reference: Pocket Guide to Operational Risk Management

Other Risk Management Probability Definitions

The associated risk event represents a future event that may occur. When we assess the
probability a risk may occur, we are technically assessing a conditional probability; that is,

0 < Prob (A|B) < 1

where, A is the Associated Risk Event and B is the Condition Present. The following table
provides a guide for assessing risk event probabilities.

Risk Event Probability Interpretation Rating

 > 0 - <= 0.05 Extremely sure not to occur Low
> 0.05 - <= 0.15 Almost sure not to occur Low
> 0.15 - <= 0.25 Not likely to occur Low
> 0.25 - <= 0.35 Not very likely to occur Low
> 0.35 - <= 0.45 Somewhat less than an even chance Medium
> 0.45 - <= 0.55 An even chance to occur Medium
> 0.55 - <= 0.65 Somewhat greater than an even chance Medium
> 0.65 - <= 0.75 Likely to occur High
> 0.75 - <= 0.85 Very likely to occur High
> 0.85 - <= 0.95 Almost sure to occur High
> 0.95 - < 1 Extremely sure to occur High

A risk event that is certain not to occur has, by definition, probability equal to zero. In this case,
we say the risk event does not exist. The table above does not assign a categorical rating
(i.e., High, Medium, or Low) to a risk event that is certain not to occur. A risk event that
is certain to occur has, by definition, probability equal to one. In this case, we say the event is no
longer a risk; on the IS upgrade, it is considered an issue that presently exists on the project. The
above table does not assign a categorical rating (i.e., High, Medium, or Low) to a risk event that
is certain to occur.

Payoff (decision tables)

4

A profit table (payoff table) can be a useful way to represent and analyse a scenario where there
is a range of possible outcomes and a variety of possible responses. A payoff table simply
illustrates all possible profits/losses and as such is often used in decison
making under uncertainty.

Illustration

Geoffrey Ramsbottom runs a kitchen that provides food for various canteens throughout a large
organisation. A particular salad is sold to the canteen for $10 and costs $8 to prepare. Therefore,
the contribution per salad is $2.

Based upon past demands, it is expected that, during the 250 day working year, the canteens will
require the following daily quantities:

 On 25 days of the year, 40 salads.

 On 50 days of the year, 50 salads.
 On 100 days of the year, 60 salads.
  On 75 days 70 salads.

The kitchen must prepare the salads in batches of 10 meals in advance. The manager has asked
you to help decide how many salads the kitchen should supply for each day of the forthcoming
year.

Constructing a payoff table:

If 40 salads will be required on 25 days of a 250 day year, then the probability that demand = 40
salads is

P(Demand of 40) = 25 days ÷ 250 days = 0.1

Likewise,

 P(Demand of 50) = 0 .20;

 P(Demand of 60) = 0.4 and
 P(Demand of 70) = 0.30

Now let's look at the different values of profit or losses depending on how many salads are
supplied and sold.

For example, if we supply 40 salads and all are sold, our profits amount to 40 x $2 = 80.

If however we supply 50 salads but only 40 are sold, our profits will amount to 40 × $2 - (10
unsold salads × $8 unit cost) = 80 - 80 = 0.

Similarly, we can now construct a payoff table as follows:

 Daily supply
  Probability   40 salads 50 salads  60 salads  70 salads 
 40 salads  0.10  $80  $0 $(80)  $(160) 
 Daily Demand
 50 salads  0.20  $80  $100 $20   $(60)
 60 salads  0.40  $80  $100 $120   $40
 70 salads  0.30  $80  $100 $120 $140 

Decision Rules

To decide how many salads should be made very day, Geoffrey will first have to define his
attitude to risk, and use one of the following rules to make up his mind :

 The maximax rule for an optimist - i.e. someone who wants the best possible upside
potential without being very concerned about possible losses or downside.
  The maximin rule for a pessimist looking to minimise his losses - i.e. someone who
wants to minimise the potential downside exposure.
 The minimax regret rule is for someone who doesn't like making the wrong decision.
This approach seeks to minimise such "regret". 
 Alternatively, expected values of profits could be used to make a decision. These are
averages and essentially ignore the spread or risk of outcomes. Risk must thus be brought
back into the decision making process another way.

EXPECTED VALUE OF PERFECT INFORMATION (EVPI)

Expected value of perfect information (EVPI) is the price that one would be willing to pay in
order to gain access to perfect information.[1] A common discipline that uses the EVPI concept
is health economics. In that context and when looking at a decision of whether to adopt a new
treatment technology, there is always some degree of uncertainty surrounding the decision,
because there is always a chance that the decision turns out to be wrong. The expected value of
perfect information analysis tries to measure the expected cost of that uncertainty, which “can be
interpreted as the expected value of perfect information (EVPI), since perfect information can
eliminate the possibility of making the wrong decision” at least from a theoretical perspective.

Sensitivity analysis 
Sensitivity analysis is the study of how the uncertainty in the output of a mathematical model or
system (numerical or otherwise) can be divided and allocated to different sources of uncertainty
in its inputs.[1][2] A related practice is uncertainty analysis, which has a greater focus
on uncertainty quantification and propagation of uncertainty; ideally, uncertainty and sensitivity
analysis should be run in tandem.
The process of recalculating outcomes under alternative assumptions to determine the impact of
a variable under sensitivity analysis can be useful for a range of purposes,[3] including:

 Testing the robustness of the results of a model or system in the presence of uncertainty.

 Increased understanding of the relationships between input and output variables in a
system or model.
 Uncertainty reduction, through the identification of model inputs that cause significant
uncertainty in the output and should therefore be the focus of attention in order to increase
robustness (perhaps by further research).
 Searching for errors in the model (by encountering unexpected relationships between
inputs and outputs).
 Model simplification – fixing model inputs that have no effect on the output, or
identifying and removing redundant parts of the model structure.
 Enhancing communication from modelers to decision makers (e.g. by making
recommendations more credible, understandable, compelling or persuasive).
 Finding regions in the space of input factors for which the model output is either
maximum or minimum or meets some optimum criterion (see optimization and Monte Carlo
filtering).
 In case of calibrating models with large number of parameters, a primary sensitivity test
can ease the calibration stage by focusing on the sensitive parameters. Not knowing the
sensitivity of parameters can result in time being uselessly spent on non-sensitive ones.[4]
 To seek to identify important connections between observations, model inputs, and
predictions or forecasts, leading to the development of better models

Simulation

simulation performs risk analysis by building models of possible results by substituting a range

of values—a probability distribution—for any factor that has inherent uncertainty. ... Probability
distributions are a much more realistic way of describing uncertainty in variables of
a risk analysis

Decision Tree
Decision tree is a decision support tool that uses a tree-like model of decisions and their possible
consequences, including chance event outcomes, resource costs, and utility. It is one way to
display an algorithm that only contains conditional control statements.
Decision trees are commonly used in operations research, specifically in decision analysis, to
help identify a strategy most likely to reach a goal, but are also a popular tool in machine
learning.

Estimating Risk and Return on Assets

In this module, we will study the basics of risk and return relationship, probability and
probability distribution in determining the expected rate of return on investment, measuring the
variability of probability of distribution using standard deviation, and analyzing the risk-return
relationship in portfolio of assets.
At the end of the module, you should be able to:
1. Understand the concept of basic risk and return.
2. Apply probability and probability distribution in determining the expected rate of return on an
investment.
3. Measure the variability of a probability distribution using standard deviation.
4. Explain the coefficient of variable as a tool to measure risk.
5. Learn how to analyze the risk-return relationship in a portfolio of assets. 6. Understand how
portfolio risk is affected by change of investment.
Risk and Return Concept
Risk is the changeability of an asset’s future earnings. It can also refer to the possibility that
some disadvantageous event will occur. Whenever future outcomes are not totally certain or
predictable, then, we can say that there is risk. In business, uncertainty of the future profits
creates the possibility of risk. Risk can be a possibility of loss or not achieving what is expected.
Risk involves the chance an investment's actual return will differ from the expected return. Risk
includes the possibility of losing some or all of the original investment. A risky financial asset is
an investment with a return that is not warranted. Financial assets carry diverge levels of risk.
For example, an investor in corporate bonds is generally of a lesser risk than holding a stock. A
prospective investor in government bonds yielding 12 percent return is risk free simply because
government bonds are not risky. But an investor who puts his money in a newly organized
business is in risk. Further study analysis of the situation should be done because of the
uncertainty of the expected returns.
Risk and Return Relationship
Considering our definition of risk above in relation to financial assets, we can further say that
investment risk is related to the probability of getting fewer returns than expected. The
possibility of negative or low earnings yields riskier investment and vice versa. Investors expects
that the higher the risk, the higher the returns most of the times. Financial Management 2
To lessen risk if not totally eliminating it, an investor can utilize historical information to
describe past returns and risks.
Probability and Probability Distribution
Probability is the possibility that an event will happen. Probabilities range between 0 to 1.0.
Example: The weather forecaster says that there is 70 percent chance that it will rain today. So,
there is 30 percent that it will not rain. If all the possible events or results are enumerated and the
probability is assigned to each event, the listing is called probability distribution.
Expected Rate of Return

Expected Return

The return on an investment as estimated by an asset pricing
model. It is calculated by taking the average of the probability distribution of all possible returns. 
For example, a model might state that an investment has a 10% chance of a 100% return and a 9
0% chance of a 50% return. The expected return is calculated as:

Expected Return = 0.1(1) + 0.9(0.5) = 0.55 = 55%.

It is important to note that there is no guarantee that the expected rate of return and the actual
return will be the same. See also: Abnormal return.

Expected rate of return

The rate of return expected on an asset or a portfolio. The expected rate of return on a single asse
t is equal to the sum of each possible rate of return multiplied by the respective probability of ear
ning on each return. For example, if a security has a 20% probability of providing a 10% rate of r
eturn, a 50% probability of providing a 12% rate of return, and a 25% probability of providing a 
14% rate of return, the expected rate of return is (.20)(10%) + (.50)(12%) + (.25)(14%), or 12%.

Calculating Expected Return of a Portfolio

Calculating expected return is not limited to calculations for a single investment. It can also be
calculated for a portfolio. The expected return for an investment portfolio is the weighted
average of the expected return of each of its components. Components are weighted by the
percentage of the portfolio’s total value that each accounts for. Examining the weighted average
of portfolio assets can also help investors assess the diversification of their investment portfolio.

To illustrate the expected return for an investment portfolio, let’s assume the portfolio is
comprised of investments in three assets – X, Y, and Z. $2,000 is invested in X, $5,000 invested
in Y, and $3,000 is invested in Z. Assume that the expected returns for X, Y, and Z have been
calculated and found to be 15%, 10%, and 20%, respectively. Based on the respective
investments in each component asset, the portfolio’s expected return can be calculated as
follows:

Expected Return of Portfolio = 0.2(15%) + 0.5(10%) + 0.3(20%)

= 3% + 5% + 6%

= 14%

Thus, the expected return of the portfolio is 14%.

Note that although the simple average of the expected return of the portfolio’s components is
15% (the average of 10%, 15%, and 20%), the portfolio’s expected return of 14% is slightly
below that simple average figure. This is due to the fact that half of the investor’s capital is
invested in the asset with the lowest expected return.

What is Standard Deviation?

From a statistics standpoint, the standard deviation of a dataset is a measure of the magnitude of
deviations between the values of the observations contained in the dataset. From a financial
standpoint, the standard deviation can help investors quantify how risky an investment is and
determine their minimum required return on the investment.
 

 Calculating Standard Deviation

We can find the standard deviation of a set of data by using the following formula:
 

Where:

 Ri – the return observed in one period (one observation in the data set)
 Ravg – the arithmetic mean of the returns observed
 n – the number of observations in the dataset

By using the formula above, we are also calculating Variance, which is the square of the standard
deviation. The equation for calculating variance is the same as the one provided above, except
that we don’t take the square root.

Standard Deviation Example

An investor wants to calculate the standard deviation experience by his investment portfolio in
the last four months. Below are some historical return figures:
 

The first step is to calculate Ravg, which is the arithmetic mean:

 

The arithmetic mean of returns is 5.5%.

Next, we can input the numbers into the formula as follows:

The standard deviation of returns is 10.34%.

Thus, the investor now knows that the returns of his portfolio fluctuate by approximately 10%
month-over-month. The information can be used to modify the portfolio to better the investor’s
attitude towards risk.

If the investor is risk-loving and is comfortable with investing in higher-risk, higher-return

securities and can tolerate a higher standard deviation, he/she may consider adding in some
small-cap stocks or high-yield bonds. Conversely, an investor that is more risk-averse may not be
comfortable with this standard deviation and would want to add in safer investments such as
large-cap stocks or mutual funds.

Normal Distribution of Returns

The normal distribution theory states that in the long run, the returns of an investment will fall
somewhere on an inverted bell-shaped curve. Normal distributions also indicate how much of the
observed data will fall within a certain range:

 68% of returns will fall within 1 standard deviation of the arithmetic mean
 95% of returns will fall within 2 standard deviations of the arithmetic mean
 99% of returns will fall within 3 standard deviations of the arithmetic mean

The graphic below illustrates this concept:

 
 

Hence, standard deviations are a very useful tool in quantifying how risky an investment is.
Actively monitoring a portfolio’s standard deviations and making adjustments will allow
investors to tailor their investments to their personal risk attitude.

Coefficient of Variation

Coefficient of Variation Coefficient of Variation Formula = Standard Deviation

mean