LOS B requires us to:
describe features of a risk management framework
a. The risk management framework is a formal way to respond to the risk that an enterprise is exposed to. It is the infrastructure, processes, and analytics required to support the risk management function.
b. The risk management framework basically covers the following things:
i. risk governance,
ii. risk identification and measurement,
iii. risk infrastructure,
iv. defined policies and processes,
v. risk monitoring, mitigation, and management,
vi. communications, and
vii. strategic analysis or integration.
ISO 31000 has codified the standards for risk management of an enterprise.
1. Components of Risk Management Framework
The components of the risk management framework are discussed below:
1.1. Risk Governance
a. The Board of Directors of a company set up a risk management committee that generally has a few board members forming a part of it.
b. This committee defines the risk appetite of the enterprise in alignment with its goals.
1.2. Risk Identification and Measurement
a. It is an ongoing process of identifying the risk exposures, calculating the risk metrics, i.e. probabilities of the possible circumstances, and scanning for the potential risk drivers.
b. Risk drivers are any factors that give rise to the risk that is relevant.
1.3. Risk Infrastructure
a. Risk infrastructure includes the people, systems, technology including the databases, and models, which are required to track and tackle the risk exposures.
b. It is the process of capturing the risk based on the historical data.
1.4. Policies and Processes
The policies and processes translate the risk governance into day-to-day operations and procedures.
These policies and procedures should be expressed and defined clearly and explicitly. For example:
i. If A happens, then achieve B by doing Z.
ii. Check X thrice every day.
iii. Do X every Y unit of time.
1.5. Monitoring, Mitigating, and Management
Risk management is an ongoing process. This is mainly because, the risks evolve, and they originate and disappear every now and then. Thus, the process of monitoring, mitigating, and management should be continuous.
1.6. Communication
The following must be communicated, whenever required:
a. the governance parameters should be communicated downwards,
b. the risk metrics should be communicated upwards,
c. the risk issues should regularly be reviewed and discussed, and
d. the feedback should be given to the governance body
so that parameters can evolve.
1.7. Strategic Analysis and Integration
a. The governance body defines the goals of the organization and determines its risk tolerance and this should be integrated into the risk management process.
b. The management executes and provides a risk management framework.
c. The risks are identified and measured, then monitored, and finally mitigated if outside the acceptable parameters.
d. With the passage of time, as the risks evolve, there may be a modification to the risk exposure as well. This may lead to a change in the allocation of capital as well.
2. Benefits of Risk Management Framework
The main benefits of a risk management framework are:
a. With risk management, there is a lower risk of being surprised/ shocked by an event.
b. The companies need to put fewer defenses and there are chances of lesser errors.
c. With a risk management framework, there is more discipline and a better consideration of tradeoffs between risks and returns.
d. There is a faster response to the riskier circumstances and smaller exposure to losses.