Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
74 Cards in this Set
- Front
- Back
|
Risk
|
Uncertainty about outcomes that can be either negative or positive
|
|
|
Traditional concept of risk
|
Risk is a hazard that can happen to an individual or organization
|
|
|
ISO
|
International Organization for Standardization
|
|
|
ISO 31000 definition of risk management
|
Coordinated activities to direct and control an organization with regard to risk
|
|
|
COSO definition of risk management
|
The identification, assessment, and response to risk to a specific objective
|
|
|
RIMS definition of risk management
|
Strategic risk management is a business discipline that drives deliberation and action regarding uncertainties and untapped opportunities that affect an organization’s strategy and strategy execution
|
|
|
ARM 54 definition of risk management
|
The process of making and implementing decisions that enable an organization to optimize its level of risk
|
|
|
Hazard risk
|
Risk from accidental loss, including the possibility of loss or no loss
|
|
|
Risk profile
|
A set of characteristics common to all risks in a portfolio
|
|
|
The 4 high-level categories of risk
|
• Hazard (pure) risk
• Operational risks • Financial risks • Strategic risks |
|
|
Why has the evolution of risk management occurred?
|
The evolution of risk management has occurred in part because of high-profile failures of large organizations during the late twentieth and early twenty-first centuries, followed by the global financial crisis.
|
|
|
Systemic risk
|
The potential for a major disruption in the function of an entire market or financial system.
|
|
|
Cost of risk
|
The total cost incurred by an organization because of the possibility of accidental loss.
|
|
|
An organization’s cost of risk is the total of these:
|
• Costs of accidental losses not reimbursed by insurance or other outside sources
• Insurance premiums or expenses incurred for noninsurance indemnity • Costs of risk control techniques to prevent or reduce the size of accidental losses • Costs of administering risk management activities |
|
|
How does risk management reduce the deterrent effects of uncertainty about potential future accidental losses?
|
By making these losses less frequent, less severe, or more foreseeable.
|
|
|
How does reducing uncertainty benefit an organization?
|
• Alleviates or reduces management's fears about potential losses, thereby increasing the feasibility of ventures that once appeared too risky
• Increases profit potential by greater participation in investment or production activities • Makes the organization a safer investment, and, therefore, more attractive to suppliers of investment capital through which the organization can expand |
|
|
Downside risk
|
Losses and failures.
|
|
|
Risk appetite
|
The total exposed amount that an organization wishes to undertake on the basis of risk-return tradeoffs for one or more desired and expected outcomes.
|
|
|
How does risk management benefit the entire economy?
|
• Reducing waste of resources
• Improving allocation of productive resources • Reducing systemic risk |
|
|
These are typical risk management goals:
|
• Tolerable uncertainty
• Legal and regulatory compliance • Survival • Business continuity • Earnings stability • Profitability and growth • Social responsibility • Economy of risk management operations |
|
|
Value at risk
|
A threshold value such that the probability of loss on the portfolio over the given time horizon exceeds this value, assuming normal markets and no trading in the portfolio.
|
|
|
An organization’s legal obligations are typically based on these items:
|
• Standard of care that is owed to others
• Contracts entered into by the organization • Federal, state, provincial, territorial, and local laws and regulations |
|
|
An organization should take these steps to provide business continuity and, therefore, resiliency:
|
• Identify activities whose interruptions cannot be tolerated
• Identify the types of accidents that could interrupt such activities • Determine the standby resources that must be immediately available to counter the effects of those accidents • Ensure the availability of the standby resources at even the most unlikely and difficult times |
|
|
These are the basic measures that apply to risk management:
|
• Exposure
• Volatility • Likelihood • Consequences • Time horizon • Correlation |
|
|
Exposure
|
Any condition that presents a possibility of gain or loss, whether or not an actual loss occurs.
|
|
|
How does risk relate to exposure?
|
Generally, the risk increases as the exposure increases, assuming the risk is nondiversifiable.
|
|
|
What does exposure measure?
|
Exposure provides a measure of the maximum potential damage associated with an occurrence.
|
|
|
Volatility
|
Frequent fluctuations, such as in the price of an asset.
|
|
|
How does risk relate to volatility?
|
Generally, risk increases as volatility increases.
|
|
|
Law of large numbers
|
A mathematical principle stating that as the number of similar but independent exposure units increases, the relative accuracy of predictions about future outcomes (losses) also increases.
|
|
|
Why is the term “likelihood” used instead of “probability”?
|
The term “likelihood” is used rather than “probability” because probability analysis relies on the law of large numbers.
|
|
|
What are consequences?
|
Consequences are the measure of the degree to which an occurrence could positively or negatively affect an organization. The greater the consequences, the greater the risk.
|
|
|
Describe how risk should be managed, depending on likelihood (low to high) and consequences (minor to major).
|
• low likelihood & minor consequences = may not be necessary to actively manage the risk
• high likelihood & minor consequences = should usually be managed through organization’s routine business practices • low likelihood & major consequences = should be managed • high likelihood & major consequences = require significant, continuous risk management |
|
|
Time horizon
|
Estimated duration
|
|
|
How does risk relate to time horizon?
|
Longer time horizons are generally riskier than shorter ones.
|
|
|
How should an organization manage time-horizon-related risk?
|
Although an organization may have little or no control over the time horizon of a risk, the organization should evaluate and manage this risk just as it would manage other risks over which it has no control, such as weather-related risks.
|
|
|
Correlation
|
A relationship between two variables
|
|
|
How does risk relate to correlation?
|
If two or more risks are similar, they are usually highly correlated. The greater the correlation, the greater the risk. Uncorrelated risks can reduce risk to the extent that they provide a balance or hedge.
|
|
|
What risk-management strategy can reduce the risk of correlation?
|
Diversification can reduce the risk of correlation.
|
|
|
What are the most commonly-used classifications of risk?
|
• Pure and speculative risk
• Subjective and objective risk • Diversifiable and nondiversifiable risk • Quadrants of risk (hazard, operations, financial, and strategic) |
|
|
Pure risk
|
A chance of loss or no loss, but no chance of gain
|
|
|
Speculative risk
|
A chance of loss, no loss, or gain
|
|
|
How do pure risk and speculative risk differ in desirability?
|
Because there is no opportunity for financial gain, pure risks are always undesirable. In comparison, speculative risk involves a chance of gain. As a result, it can be desirable, as evidenced by the fact that every business venture involves speculative risks.
|
|
|
Credit risk
|
The risk that customers or other creditors will fail to make promised payments as they come due.
|
|
|
These are the four speculative risks in investments
|
• Market risk
• Inflation risk • Interest rate risk • Liquidity risk |
|
|
Market risk
|
The risk associated with fluctuations in prices of financial securities, such as stocks and bonds
|
|
|
Inflation risk
|
The risk associated with the loss of purchasing power because of an overall increase in the economy’s price level
|
|
|
Interest rate risk
|
The risk associated with a security’s future value because of changes in the interest rates
|
|
|
Liquidity risk
|
The risk associated with being able to liquidate an investment easily and at a reasonable price; the risk that an asset cannot be sold on short notice without incurring a loss
|
|
|
Subjective risk
|
The perceived amount of risk based on an individual’s or organization’s opinion
|
|
|
Objective risk
|
The measurable variation in uncertain outcomes based on facts and data
|
|
|
Why do subjective and objective risk sometimes differ substantially?
|
• Familiarity and control (e.g., thinking driving is safer than air travel)
• Consequences over likelihood (“it can’t happen to me”, overstating likeliness due to heightened/personal awareness) • Risk awareness (if an organization is unaware of its risks, it will perceive them as lower than they are) |
|
|
Diversifiable risk
|
A risk that affects only some individuals, businesses, or small groups
|
|
|
Nondiversifiable risk
|
A risk that affects a large segment of society at the same time
|
|
|
How does diversifiability of risk relate to correlation?
|
Diversifiable risk is not highly correlated and can be managed through diversification, or spread, of risk. Nondiversifiable risks (e.g., inflation, unemployment, natural disasters) are correlated — their gains or losses tend to occur simultaneously rather than randomly.
|
|
|
Hazard risks arise from:
|
Property, liability, or personnel loss exposures. They are generally the subject of insurance.
|
|
|
Operational risks arise from:
|
People or a failure in processes, systems, or controls, including those involving information technology.
|
|
|
Financial risks arise from:
|
The effect of market forces on financial assets or liabilities; they include market risk, credit risk, liquidity risk, and price risk.
|
|
|
Strategic risks arise from:
|
Trends in the economy and society, including changes in the economic, political, and competitive environments, as well as from demographic shifts.
|
|
|
Market risk
|
Uncertainty about an investment’s future value because of potential changes in the market for that type of investment
|
|
|
Which quadrants of risk are pure risks?
|
• Hazard risk
• Operational risk |
|
|
Which quadrants of risk are speculative risks?
|
• Financial risk
• Strategic risk |
|
|
How do the classifications of risk differ from the quadrants of risk?
|
Whereas the classifications of risk focus on some aspect of the risk itself, the four quadrants of risk focus on the risk source and who traditionally manages it.
|
|
|
What concept do the various definitions of ERM share?
|
The various definitions of ERM all include the concept of managing all of an organization’s risks to help an organization meet its objectives.
|
|
|
The three main theoretical concepts (pillars) of ERM
|
• Interdependency
• Correlation • Portfolio theory |
|
|
RIMS definition of ERM
|
A strategic business discipline that supports the achievement of an organization’s objectives by addressing the full spectrum of its risks and managing the combined impact of those risks as an interrelated risk portfolio.
|
|
|
Casualty Actuarial Society (CAS) definition of ERM
|
The discipline by which an organization in any industry assesses, controls, exploits, finances, and monitors risks from all sources for the purpose of increasing the organization’s short- and long-term value to its stakeholders.
|
|
|
COSO definition of ERM
|
A process, effected by an entity’s board of directors, management, and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.
|
|
|
What is portfolio theory in ERM?
|
In an ERM context, a portfolio is a combination of risks. The portfolio theory assumes that risk includes both individual risks and their interactions.
|
|
|
Interdependency in ERM
|
The silo type of management that is typical of traditional risk management ignores any interdependencies and assumes that a financial risk is unrelated to a hazard risk. The traditional assumption of independence may not always be valid. When it isn’t, the assumption may result in an inefficient treatment of an organization’s portfolio of risks.
|
|
|
Statistical independence
|
Events are statistically independent if the probability of one event occurring does not affect the probability of a second event occurring.
|
|
|
What is the role of the Chief Risk Officer in ERM?
|
As facilitator, the CRO engages the organization’s management in a continuous conversation that establishes risk strategic goals in relationship to the organizations strengths, weaknesses, opportunities, and threats (SWOT).
|
|
|
How does the CRO shape an organization’s risk culture under ERM?
|
The CRO’s responsibility includes helping the enterprise to create a risk culture in which managers of the organization’s divisions and units, and eventually individual employees, become risk owners.
|
|
|
Name two major impediments to successfully adopting ERM
|
• Technological deficiency
• Traditional organizational culture with entrenched silos |
