LOS A requires us to:
define risk management
1. Risk
a. The risk is the effect of uncertainty in the objectives. It refers to the chances that the actual returns will differ from their expected values.
b. The risk could be a result of an event (P(E)) or a result of a consequence (P(A|E)).
c. We must, therefore, know the expected distribution of returns to estimate the risk. The portfolio risk is measured as the deviation from the expected return, using variance (or the standard deviation).
d. Since the risk is a result of ‘uncertainty’, it could be both positive and negative. Thus eliminating all risks is not always desirable. The elimination of risk may prevent the erosion of value but also results in erosion of value creation.
This could be understood with the help of the following diagram:
In the above figure, the left side of the curve represents the risk and the right side represents the opportunity. If we try and reduce the area of the curve (which represents the total standard deviation), the opportunities for the firm also decrease along with the risks.
2. Risk Exposure
a. Risk exposure is the amount of loss (quantified) that an enterprise is subject to. It is the amount of risk that an enterprise is currently taking.
b. The risk exposure could be of two types, acceptable or planned exposure, and unacceptable or unplanned exposure.
c. For example, if a company has taken a foreign exchange loan, the liquidity needs to finance the payments of principles and interests that are acceptable and planned. However, the excess liquidity requirements due to the weakening of the home currency against the foreign currency are unplanned. Thus, in the process of risk management, the company needs to have a foreign exchange hedge.
d. The risk appetite of a company is the amount of exposure that they are willing to accept and they have planned for.
3. Risk Management
a. Risk management is the process of a company managing its risk at an acceptable level. It is the process by which the ‘level of risk that should be taken’ is compared to the ‘level of risk that is actually being taken’ and brings the two into congruence.
b. The main aim of risk management is not to predict the risk, but to be prepared for the unplanned risk.
c. The objective of risk management is also not about minimizing risk but taking a risk at acceptable levels.
d. The process of risk management, thus, does not prevent losses but accepts those losses that are planned.
e. There are four main components of the risk management process:
i. Identification of risk and level of its exposure.
ii. Assessment of the vulnerability due to such risk exposure.
iii. Mitigation towards target risk exposure levels.
iv. Monitoring the process after implementation.