Classification of Portfolio Risk, 'Silos' of Expertise and Enterprise Wide Risk Management (ERM)

As described earlier, risk can be classified as Market Risk,Credit Risk and Operational risk. The categories defines and organizes the risk management functions and activities of corporation, and demands different set of risk management skills.

Figure 2: Risk Classification

But, classifying the risk can also be dangerous. This is because as soon as we define risk in term of categories, we create the potential for missed risks and gaps in responsibilities. Categorization fosters 'silos' of expertise that are separate from one another in terms of personnel, risk terminology, risk measures, reporting lines, systems and data. If executives and risk managers can't communicate with one another across risk silos, they probably won't be able to work together efficiently to manage the risk that are most important to the institution as a whole.

In recent days the particular 'silos' of risk management has been broken down by some of the advancement in risk management. VaR (Value at Risk) and Economic Capital have evolved to facilitate integrated measurement and management of the various risk and business lines. Additionally the trend toward worst-case scenario analysis is really an attempt to look at the affect of macroeconomic scenarios on a firm across its business lines and, often, across various types of risk.

Furthermore, many industries trend toward what consultants have labelled enterprise wide risk management  (ERM). ERM is a deliberate attempt to break through the tendency of firms to operate in risk management silos and to ignore enterprise wide risk, and an attempt to take risk to consideration in business decisions much more explicitly than has been done in the past.

An ERM function would be responsible for establishing firm-wide policies and standards, co-ordinate risk management activities across business units and functions, provide overall risk monitoring for senior management and the board. ERM is about integrating in three ways:

a) Enterprise risk management requires an integrated risk organization
b) Enterprise risk management requires the integration of risk transfer strategies.
c) Enterprise risk management requires the integration of risk management into the business process of the company.

Risk Management Challenges

Abrupt levels of variability 

It must be understood that Risk management is not the process of controlling and reducing the expected loss. It is process of managing the unexpected levels of variability in financial outcome for a business.

Given confidence in the way a business assesses and measures the unexpected loss levels associated with its various activities, accumulates sufficient capital or deploys risk management techniques, disseminates communications with stakeholders; even conservative business can incur significant risk quite rationally.

 Correlation Risk

Real-estate linked loans are often secured with real estate collateral, the real estate collateral looses the value as and when default rate raises. So the 'recovery rate risk' on any defaulted loan is itself closely correlated with the 'default rate risk'. The two risk factors acting together can sometimes force losses abruptly skyward. In this regard, risk that are lumpy and are driven by risk factors that under certain circumstances can become linked together, we can predict that at certain times high 'unexpected loss' will be realized. We can try to estimate how bad this problem is by looking at the historical severity of these events in relation to any risk factors that we define and then examining the prevalence of these risk factors in the particular portfolio under examination.

Moving away from an over dependence on historical-statistical treatment of risk

Risk managers have realigned their focus on scenario analysis and stress testing, after Global Financial Crisis (207-2008). Risk managers examines the outcome as consequence of adverse scenario or stress on a firm (or portfolio). The scenario may be chosen not on the basis of statistical evidence, but instead simply because it is both plausible and suitably severe.

However it is not fair to remove the statistical portion of the risk management entirely. So in a more robust form of scenario analysis, the firm will need to examine how a change in a given macroeconomic factor leads (e.g labor supply) to a change in a given risk factor (e.g probability of default of a security).

The Risk Management Process

(Figure 1) Risk Management Process

Risk management is identification, assessment and prioritization of risk.

Identification - It identifies the risk so that staffs at the operation are aware of potential problems. It is important to not only identify the risk as early as possible but also to repeate the identification process frequently.

Measure and estimate risk exposure - Risk management process involves measuring risk and estimating risk exposure that developed during risk identification, into a consistent form. These measures and estimates are then used to make decisions around accessing the costs and benefits of risk management. The cost and benefit analysis then enables operations to commit resources (instruments and facilitates) to manage the most important risks.

Form a risk mitigation - Risk management process involves taking information from risk analysis and using it to either formulate strategies, avoid, transfer, mitigate or keep the risk.

Evaluate Performance, controlling and learning - Risk management evaluates and monitors the status of specific risks and the progress in their respective action plans. Evaluating performance includes monitoring the probability, impact, exposure, and other measures of risk for changes that could alter priority or risk plans and ultimately the availability of the service. Risk reporting ensures that the operations staff, service manager, and other stakeholders are aware of the status of top risks and the plans to manage them.

Introduction to Risk

What is Risk ?

Picture source: pm-primer.com

In general terms risk is the variability of adverse outcomes that are unexpected and, in finance it is volatility of unexpected losses. Risk can be divided into Basic risk, Capital risk, Country risk, Default risk, Delivery risk, Economic risk, Exchange rate risk, Interest rate risk, Liquidity risk, Operations risk, Payment system risk, Political risk, Refinancing risk, Reinvestment risk, Settlement risk, Sovereign risk, and Underwriting risk. It is a probability or threat of damage, injury, liability, loss, or any other negative occurrence that is caused by external or internal vulnerabilities. The key point to be noted from above definition is that risk is not expected loss rather it is a potential for unexpected loss. Additionally it is important to note that risk is neither peril or hazard, because peril is the cause of a loss, and hazard is a condition that increases the probability of unexpected loss or adverse outcome.

Risk is not 'the size of a cost or of a loss'

There are some relatively large cost that we expect in our daily life; e.g Auto Loan, House Loan, University fees etc. Although they are large they are not threat to our ambitions or aspirations, this is because they are all predicted and are already accommodated in our plans. However there is a risk that these costs will scale up and rise unexpectedly, or there might be chances that other costs appears from nowhere and restricts our capacity. So it is right to say that the risk lies in how variable our costs and revenues/losses are,  but it is not appropriate to categorize cost and losses as risk.