risk treatment introduction
play

Risk treatment: introduction Eric Marsden - PowerPoint PPT Presentation

Risk treatment: introduction Eric Marsden <eric.marsden@risk-engineering.org> 2 / 18 Risk treatment (ISO 73 standard) Tie process of selection and implementation of measures to reduce risk from iso 73 standard What is risk treatment?


  1. Risk treatment: introduction Eric Marsden <eric.marsden@risk-engineering.org>

  2. 2 / 18 Risk treatment (ISO 73 standard) Tie process of selection and implementation of measures to reduce risk from iso 73 standard What is risk treatment? Establishing the context Risk assessment Risk identi � cation Monitoring Communication Risk analysis and and review consultation Risk evaluation Risk treatment

  3. Risk analysis Risk identification Risk treatment 3 / 18 Risk treatment in practice

  4. Risk analysis Risk identification Risk treatment 3 / 18 Risk treatment in practice

  5. Risk analysis Risk identification Risk treatment 3 / 18 Risk treatment in practice

  6. ▷ Methods for risk treatment: • risk avoidance • risk modifjcation • by reduction or containment (prevention, before-event) • by mitigation (protection, post-event) • risk sharing / transfer • diversifjcation, hedging, insurance ▷ Not included in this module: • sector-specifjc risk treatment methods 4 / 18 Flow of this presentation

  7. 5 / 18 hedging and insurance. Increase exposure than its competitors. feels it can control them better to some risks because the fjrm Intentionally increase exposure Hedge Protect against the risk using A fjrm can adopt several strategies to treat the fjnancial component of a risk: Avoid probability of loss to zero. Avoid the risk and reduce Pass on (stockholders, owners). Pass on risks to investors Treating the fjnancial components of risk

  8. ▷ Eliminate the risky activity and reduce probability of loss to zero • cease activity, close facility, change business • example: ban on genetically modified foods in eu ▷ Possible rationales: • utilitarian ethics (“the greatest good for the greatest number”): risk assessment suggests that costs of activity are larger than benefjts • precautionary principle : afuer Hans Jonas’ imperative of responsibility (the promise of modern technology has turned into a threat of disaster: science confers to man previously unknown forces; responsible behaviour is that of long-term prudence) 6 / 18 Risk avoidance � Also eliminates the benefjts of the activity!

  9. ▷ By reduction or containment • prevention, before-event • reduces the probability of the unwanted event • example: safety valve which prevents buildup of pressure in a vessel ▷ By mitigation • protection, post-event • reduces the severity of the event’s consequences • example: sprinklers designed to put out a fire, to reduce damage caused by fire ▷ Tie most common risk treatment option! Image source: Banksy 7 / 18 Risk modifjcation

  10. • obtain insurance against a fire • sell shares of my company on the stock market ▷ contractual transfer of legal liability • exclusion clauses • outsourcing • partnerships & joint ventures ▷ operational hedging • interruptible loads and load shedding in power systems ▷ diversify the risk or absorb it internally • financial hedging 8 / 18 Risk transfer ▷ transfer the fjnancial consequences of the risk to someone else allowed to transfer risk to health and safety of employees Note: employer is not legally

  11. 9 / 18 What is Hedging? Hedging: A risk management tool that is designed to limit exposure to risk as part of everyday business. Hedging explained through a wheat farmer example: $4.50 per bushel Wheat Price 1 A Farmer 2 Farmer Sets 3 Farmer and Baker 4 Farmer and Baker 5 The Hedge Prepares A Target Price Consider Price Use a Hedge to Manages Wheat Crop for Harvest Fluctuations Reduce Risk Risk A farmer purchases fertilizer, Based on all his costs, the The farmer is concerned that The farmer and baker agree in By creating a hedge, the farmer and baker fuel, seed and everything farmer determines a price he’d wheat prices will go down, and he advance to a set price for the managed the risk of fluctuating wheat prices. If else necessary to grow a like to get for the wheat when won’t make enough to cover his wheat, regardless of the market the market price at harvest is higher than the set wheat crop. he sells it to a local bakery at costs. The baker is concerned that price at harvest time. price, the baker benefits from the hedge. If the harvest time. wheat prices will go up, and he’ll price is lower, the farmer benefits. In either case, have to raise prices. the hedge protected both against the potential for serious losses.

  12. 10 / 18 Credit default swap: insurance against bad debt ▷ in return, the buyer makes a periodic payment to the seller • … • downgrade in credit rating • default on a security ▷ credit event: event provide payment to the buyer in the event of a third-party credit ▷ an agreement between two parties where the seller agrees to Example: credit default swaps Protection buyer ... t 1 t 2 t 3 t 4 t 5 t 6 t n ... t 0 t n Protection seller Protection buyer t 4 t 5 t 1 t 2 t 3 t 0 t n Protection seller

  13. 11 / 18 ▷ How do I decide how much risk to transfer? ▷ Depends on the organization’s risk appetite : the amount of risk — on a broad level — an entity is willing to accept in pursuit of value Figure adapted from Improving Organizational Performance and Governance , coso white paper available from coso.org How much should we transfer? existing The current level and distribution of risks across the entity and across various risk categories risk profile risk determination The amout of risk that the entity is able to support in pursuit of its objectives capacity of risk risk Acceptable level of variation an entity is willing appetite to accept regarding the pursuit of its objectives tolerance a  itudes The attitudes towards growth, risk and return towards risk

  14. ▷ Defjne key performance indicators ( kpis ) for all essential risks • will depend on risk type ▷ Determine “severity thresholds” for each risk type • which level of loss from an accident rates as “severe” for operational risk? • what extent of negative media coverage would be “severe” in terms of reputational risk? • which price fmuctuations are “severe” for market risk? ▷ Decide whether the organization is the “natural owner” for each risk • can we achieve competitive advantages from taking on the risk, and generate attractive returns from it? ▷ Decide how to deal with those risks for which you are not a natural owner ▷ Decisions are linked to corporate strategy, should be made by organization’s board 12 / 18 Expressing an organization’s risk appetite

  15. 13 / 18 Source: Enterprise-risk-management practices: Where’s the evidence? , McKinsey Working Papers on Risk, Number 53, 2014 How can risk appetite be expressed? Risk appetite Low Medium High Example risk-appetite matrix Risk types Overall Trading Origination Sales Business Business unit 1 unit 2 Credit risk Market risk Liquidity risk Operational risk Business risk  Matrix to be prefilled by enterprise-risk-management function  Risk appetite to be defined and aligned with board

  16. • “choose the option that most of the time leads to highest level of satisfaction” • refmects risk aversion or a tradeofg between expected outcome and the variance over that outcome ▷ Another popular criterion is the “ value at risk ” (VaR) • “probability of losing more than 10 M€ in the next 3 days should be less than 5%” • estimation of the probability that losses will exceed a specifjed amount 14 / 18 How much should we transfer? ▷ One popular criterion is maximization of expected utility slides on VaR at risk-engineering.org →

  17. 15 / 18 Figure: the COSO ERM integrated framework enterprise, originating in accounting/internal control circles ▷ Developed by coso organization ( coso.org ) in 2004 ▷ A more modern framework for risk management is proposed by the iso 31000 standard Enterprise Risk Management e s g c n c n n i o g i a i e t t r i a l t o p a r e p m r t e ▷ erm is a risk-based approach to managing an p S o O R C Subsidiary business Unit internal Environment Objective Setting Entity-Level Division Event identi fi cation Risk Assessment Risk Response Control Activities information & Communication Monitoring

Recommend


More recommend