You've reached the end of your free preview.
Want to read all 81 pages?
Unformatted text preview: BFF5902
Introduction to Risk
Principles
Review Lecture Risk Management from
AS/NZS 4360:2004
“THE CULTURE, PROCESSES AND
STRUCTURES THAT ARE DIRECTED
TOWARDS THE EFFECTIVE MANAGEMENT
OF POTENTIAL OPPORTUNITIES
AND ADVERSE EFFECTS.”
C
O
M
M
U
N
I
C
A
T
E
C
O
N
S
U
L
T Structure Direction 1. Strategic Ct 2. Identify Threats A
S
S
E
S
S 3. Analyze
4. Assess
5. Assess/ M
O
N
I
T
O
R
&
R
E
V
I
E
W 7. Manage the Risk Processes Culture Communication Opportunities Risks Risk Management from
AS/NZS ISO 31000:2009
“Risk: Effect of uncertainty on objectives.
Risk Management: The Coordinated activities to
Direct and control an organisation
with regard risk”
C
O
M
M
U
N
I
C
A
T
E
C
O
N
S
U
L
T Structure Direction 1. Strategic Ct 2. Identify Threats A
S
S
E
S
S 3. Analyze
4. Assess
5. Assess/ M
O
N
I
T
O
R
&
R
E
V
I
E
W 7. Manage the Risk Processes Culture Communication Opportunities Risks Risk Management
Culture
Risk Culture
This means that all our business behaviours
relating to our individual performance
encompass informed decisions to do or not to
do things based on a reasonable analysis of
foreseeable risks, opportunities and their
associated impacts on the corporate objectives. Opportunities Risks the Business Risk
Environment • The optimum place for risk to be managed is at the point that the
exposure to risk occurs. Most risks
faced by a corporation are best
managed in a decentralised way
within a centralised policy
coordinated by a professional risk
manager or manager with a passion
for a risk culture. Risk Management
• According to COSO there are Five
methods used to manage risk: 1. Avoidance. This method can result in
opportunity loss.
2. Retention. Risk retention can be both active
and passive.
3. Non-insurance Transfers. This technique
results in risk being transferred to a party other
than an insurance company.
4. Loss Control. activities undertaken by the
organisation to control the frequency and severity
of losses.
5. Insurance. It includes risk transference, the
pooling
technique and the law of large
numbers
in its application Risk Principles •The concept of risk has three
elements: – 1. The perception that
something could happen
– 2. The likelihood of something
happening
– 3. The consequences if it
happens. Perception
• The process by which we become aware of objects
and events in the external world. • The process of making sense of the world around
us. • Many people ignore the fact that all of us are different and that these differences equip us to
view the world from our very own vantage points.
Usually we spend more energy defending our own
position than understanding others. Perception
• Much of our knowledge comes to us through our senses, through perception.
Perception, though, is a complex
process. The way that we experience
the world may be determined in part by
the world, but it is also determined in
part by us. We do not passively receive
information through our senses. Perception
• Arguably, we contribute just as much to our experiences as do the objects
that they are experiences of. How we
are to understand the process of
perception, and how this should
effect our understanding of the world
that we inhabit, is therefore vital for
epistemology Sensory Perception
• It may seem like your senses passively perceive the world as it is,
but that is not the case. The world
cannot tell us what is important, why
things happen, and what to do. The
brain is what takes that information
and makes it useful to us. Sensory Perception
• However, what is useful changes at any given moment, which is why the meaning created by
the brain is necessarily grounded in history.
This includes both shared human history and
private, personal history—the biases,
memories, and assumptions that shape how
we perceive. Perception is not a passive
transmission of reality, but is instead an
active process of interpretation, categorization,
and prioritization, leading to knowledge. How are theories built?
Ob1 Ob2
Ob3
Ob4 Filte
r Unprejudiced
& Independent
Observer
Selects Filter
Ob’
n’ The Principle of
Induction Universal
Observation
Statement
(Fact) How Do We Harmonise
Perception
• The modern risk manager must in the first instance acknowledge the
‘perceptive diversity’ of the
organisation. This diversity of it self is
not a thing to be concerned about, but
it must be acknowledged.
Intellectual/perceptive diversity is often
suggested as one of the new factors of
production in the knowledge economy. Perception Harmonisation
• Understanding perceptive diversity is
critical in developing risk
communication strategies and
architecture.
• Obviously, it is of no value to have
everyone in the organisation seeing
risk from their own perspective i.e.
their own notion of what risk is!. Perception Harmonisation
• The risk manager needs to develop language and concept tools to address this
issue. These tools include establish a
common definition of what risk is to the
organisation, establishment of risk
tolerance and risk appetite guidelines,
together with the development of
appropriate risk behaviours (risk sociology)
for the organisation. Changing Risk Perceptions
• Most humans will not change their behaviour, beliefs of habits unless
motivated to do so. Most will not
change even if the change is for the
better, unless there is a compelling
reason to do so. Ingrained beliefs and
behaviours need some help to shift. Changing Risk Perceptions
Risk perception change program Perception mapping
Risk perception
workshop
Risk goal setting
Risk Behaviour
analysis
Risk
communication Changing Risk Perceptions
• Risk perception workshop which aim to do align perceptions. Such
workshops should be introspective
and focuses on how we assess risks,
why we choose to behave in ways we
do and how we can influence each
other’s risk decision making. Changing Risk Perceptions
• Establish goal setting activities/dialogues. These program’s should be focused on
changing risk response patterns and riskbased decision making processes. Once
participants accept the goals that they had
identified as their own persona behavioural
goals, they become more conscious of
their decision making and risk behaviour. Changing Risk Perceptions
• Behaviour analysis identifies the underlying motivations and triggers that
lead to an individual or group behaviour,
with respect to business operations.
• It is particularly useful in converting
undesired behaviour into desired
behaviour. It should also feed back into
the organisations risk perception and
goal setting activities. Changing Risk Perceptions
• Risk communication needs to target cognitive, emotional and motivational
levels when we inform people of
relevant risks in the workplace. The
risk communicator also needs to be
creditable. If they an expert,
trustworthy, altruistic, open and
likeable, the information they provide
will be more likely to be accepted. Knowledge Risk •In reality we make decisions that best fit the
available data at that point
in time when we are
required to decide or make
a choice. Knowledge Risk
We will never be in a
position of perfect
knowledge. Knowledge Risk
• Risk management is about improving
the outcomes of decision making
processes. To do this we require
adequate knowledge of the subject
discipline and the context in which
the decision is to be made, in other
words its knowledge paradigm. Knowledge Risk
• The trouble is the difference between knowledge and information is
becoming more ambiguous.
• According to Fritz Machlup, ‘Knowledge
is structured and very complex’, but
can be acquired by thinking, with its
components connected in varying
ways and strengths’. Knowledge Risk
• Information is such a
component and is
acquired by the
receiver/interpreter
being told, tweeted,
etc and it can be
occluded by the
knowledge structure,
causing the structure
to change and create
new knowledge. Knowledge Risk
• Machlup argues that the observation of nature does not result in information in its
own right. For the observation to become
information it must be shared between two
individuals; the informer (signaller, pointer,
lecturer, writer etc) and the receiver
(student). The act of thinking, inferring or
interpreting data is not informational because
it does not occur between two people. Knowledge Risk
• Thus, Machlup claims that any experience
external or internal,
related or unrelated to
new information, may
initiate new knowledge.
Information is a
process, knowledge
is a state. Knowledge Risk
• Machlup follows the ‘Shannon and Weaver’
view of communication. In their model
messages/information are transmitted
from one person to another via a series of
steps. At each of these steps the message
can be altered/changed by interference.
. youtube
.com/watch?v=etcIX0aC-4E The Shannon and Weaver
Communication Model Shannon and Weaver
• Sender/Information source: The person who wishes to communicate
the message. He or she makes up the
message and the way it is
communicated.
• Influence: Sender basis his/her
message on his/her self concept,
culture, background and attitudes Shannon and Weaver
• Encoder/Transmitter: This is the was the message is changed into signals, for example
sound waves, the language used when
speaking, or the grammar used when writing.
• Influence: The sender encodes the message
into verbal or non-verbal language or both,
before transmitting. The words or symbols
chosen can make an enormous difference in
how the message is received. Shannon and Weaver
• Decoder/Receiver: Decoding is done by the
receiver when he gets the message. He has
to
decode the message that was coded by the
receiver in order to be able to understand it.
• Influence: The decoding or interpretation is
dependant on the meaning placed on the
message by the receiver. Shannon and Weaver
• Receiver/Destination: The recipient of the message from the sender, if different
from the
decoder. He usually gives feedback to the
sender in order to make sure that the
message was properly received.
• Influences: The receiver basis his/her
intepretated meaning on his/her self
concept, culture, background and attitudes Shannon and Weaver
• Noise: The message is transferred through a
channel, which can be interrupted by
external
noise. This in turn could result in the receiver
getting an inaccurate message. This is why
feedback from the receiver is important in
case the message is not properly received.
Furthermore, the noise can also affect the
decoding of the message by the receiver. Shannon and Weaver
• Noise Influence: Disturbances which may mean the message that
was sent or intended is not the one
that was received. These
disturbances could be a shut door,
children crying, language issues or
political e.g. conflict between levels
of management Shannon and Weaver
• Feedback: This is when the receiver asks for clarifications from the sender. Feedback is
important in order to make sure that the
message has been well received.
• Influence: Feedback can be verbal or written
or a none verbal response such as a nod or
• smile. A person may reject a message by
simply walking away, even a "no" response
• represents a form of feedback. Distinctions Between Data,
Information & Knowledge
• Date is raw, unprocessed and relatively
un-meaningful,
• Information has some meaning, though
it is transitory and piecemeal,
• Information tends to be timely and
short lived, often seen as a flow of
messages, e.g. tweets, which give
something to the receiver/interpreter. Knowledge Risk
• Knowledge is more enduring than information and is structured and
organised.
• Knowledge reflects something the
receiver/interpreter already has. It allows
the receiver to understand/interpret the
information in a meaningfully way,
thereby creating greater utility. Intermission Objectives of Risk
Management Objectives of Risk Management
• Maintain and enhance strategic risk enablers
• Avoid risks that could materially affect
the value of the firm
• Contribute to sustainability – ADD
VALUE
• Take risks that the firm can manage in
order to increase operational efficiency
• Ensure transparency of risks through
internal and external reporting
• Ensure ongoing analysis and Classification of Risk
• Risk classification can be described as a conventional, rank-based “Linnaean”
taxonomy or more appropriately as a
evolutionary cladistic system of
taxonomy.
• A “Cladistic” system of classification is a
method which groups items hierarchically
into discrete clusters which share
common characteristics. Classification of Risk
• Cladistic classification makes no prior
judgement about the nature of the
hierarchical structure but rather tries
to organise the data based on an
evolutionary framework which is
exactly what happens in risk. High Order Generic
Classifications
• Diebold et al Risk Classification:Known (K). There is broad agreement
between experts on the relevant theories
and the underlying models.
Unknown(u). Where there is more than
one competing theory or a model with
none dominant.
Unknowable (U). Where there is no
theoretical model. High Order Generic
Classifications
• Evans and Ganegoda added “Ambiguity-A” risks to the Diebold Classification in 2010. It
was to deal with future outcomes that are
vaguely defined due to ambiguous
behaviour of the market participants, but
the risks are neither K nor u. The
uncertainty is created by market
participants’ ability to respond differently to
events and circumstances. High Order Generic
Classifications
• Therefore;
• Ambiguity (A), risk occurs when we know the risk exists, but recognise that
there is a range of outcomes, each of
which can be modelled, but where we
are uncertain as to which outcome will
occur due to the difficulty of predicting
human actions and counteractions. Benefits of Risk
more rigorous basis for strategic planning
• aManagement • better identification and exploitation
• no costly surprises
• better outcomes
• greater openness and transparency
• a better preparedness
• improved loss control, reduced loss/incident
damage
• potential for reduction or stability in risk
financing
• improved flexibility
• compliance with relevant legislation Step 1 : Establish Your Context
•scope
•organisational
•environmental
•outputs and business objectives
•risk criteria (i.e. threshold levels)
•linkage to other plans Step 6 : Monitor and Review Your Risks
•process
•environment
•organisation
•strategy
•stakeholders
Accept/Retain
•based on judgement or
documented procedures/policy
Avoid
•consider discontinuing or
avoiding activity
•consult
•risk treatment preferable to
risk aversion Step 2 : Identify Your Risks
•identify key processes, tasks, activities
•recognise risk areas
•define risks
•categorise risk Communicate and
consult - at all steps Step 5 : Treat Your Risks Reduce consequence
•contingency planning
•contractual arrangements
•public relations Step 3 : Analyse Your Risks
•identify controls
•determine likelihood
•determine consequence/impact
•rate risks Step 4 : Evaluate and Prioritise Your
Risks
•identify acceptable/unacceptable risks
(referring risk rating against risk criteria)
•prioritise risks for treatment Transfer
•insurance
•outsourcing
Reduce likelihood
•controls
•process improvement
•training
•policies and communication
•audit and compliance The risk management process Risk Context
• Establishing the context defines the basic parameters within which risks
must be managed and sets the scope
for the rest of the risk management
process. The context includes the
organization's external and internal
environment and the purpose of the
risk management activity. Risk Context
• This also includes consideration of the interface between the external
and internal environments.
• This is important to ensure that the
objectives defined for the risk
management process take into
account the organizational and
external environment. Risk Context
• External context may include:
• the business, social, regulatory, cultural,
competitive, financial and political
environment;
• the organization's strengths,
weaknesses, opportunities and threats;
• external stakeholders; and
• key business drivers. Risk Context
• Internal context includes:
Governance model;
Risk management approach;
Active corporate culture;
internal stakeholders (employees,
contractors etc); Organisational structure and, Management style Risk Context
capabilities in terms of resources such
as people, systems, processes, capital;
and
goals and objectives and the strategies
that are in place to achieve them. Risk Context
• Internal context is important because:
risk management takes place in the context
of the goals and objectives of the
organization;
the major risk for most organizations is that
they fail to achieve their strategic, business
or project objectives, or are perceived to
have failed by stakeholders; Risk Context
the organizational policy and goals and
interests help define the organization's
risk policy; and
specific objectives and criteria of a
project or activity must be considered in
the light of objectives of the
organization as a whole. Risk Decision Making
• Managing risk requires balanced thinking
– A balance needs to be struck between the costs of
managing the risk, the benefits to be gained and what
level of risk management it is prudent to apply.
– Recognising that a risk‑free environment is
uneconomic
– a decision is needed to decide what level of risk is
acceptable.
– In some cases the cost of measures to avoid or reduce
risks and mistakes to an acceptable level can be high
and the measures do not provide sufficient benefits.
– In other cases the nature of the risk may warrant
costly preventive measures because the level of risk
that is acceptable is extremely low
– cease or dispose of the activity. Risk Appetite • The level of risk that an entity is
prepared to tolerate – Individual and composite risks fall
within set acceptable tolerances
– Risk acceptance – risk transfer risk
elimination – risk avoidance – risk
increase – risk acceptance are set by
appetite. • The competence and capability of
an entity’s human resources. Risk Appetite
• What is the capacity of the organisation’s
human resources to act in the interests of
the entity? (e.g. human factor risk) • What risks will the organisation not accept?
(e.g. environmental or quality compromises) • What risks will the organisation take on new
initiatives? (e.g. new product lines) • What risks will the organisation accept for
competing objectives? (e.g. gross profit vs. market
share?) Risk Appetite
• Appetite is determined through establishing the performance limits or
criteria for all business functions –
business metrics.
• These metrics are then communicated
to all areas of business decision
making for inclusion into their risk
decision making approaches. Bank Regulation
• Herstatt risk
– 1974 failure of Bankhaus Herstatt, an active
player in FX market
– Bank shut down in noon, after having
received DEM, Counterparties never received
their USD
– Serious liquidity squeeze for counterparties
– Shock for whole FX market
– Birth of Basel Committee on Banking
Supervision (BCBS)
Copyright Warren Gillian What is the Basel
Committee?
• Basel Committee on Banking Supervision was •
•
•
• established by the central-bank governors of the
G10 countries in 1974
– Belgium, Canada, France, Germany, Italy, Japan,
Luxemburg, Netherlands, Spain, Sweden,
Switzerland, UK, US
Meets at the Bank for International Settlements in
Basel
Formulates broad guidelines in the expectation that
individual authorities will implement them
First major result was the 1988 Capital Accord
Strong interest from non-G10 countries wanting to
show the international stature of their banks Copyright Warren Gillian The Model Used by Regulators: X % W orstand the capital
E xpected density function
The loss probability
C ase L oss
L oss
required by a financial institution R equired
C apital L oss over tim e
horizon
0 1 2 3 4 Basel II Approach to Operational Risk • Basel I Accord (1988) – Capital Charge for Credit Risk only • Incorporation of Market Risk ...
View
Full Document
- Three '16
