OVERVIEW OF

FINANCIAL RISK
MANAGEMENT
NKOMO D.J. (FRM)

1
 Introduction
Managing risk is part of any organisation’s strategic and operational activities, and analysing risks is
an important aspect of a manager’s job.
Risk is pervasive. In fact, we experience it in our everyday lives, as it is a constant of the human
condition. Everything we do in our lives has a degree of risk attached to it.
In living with risk, however, certain potentially high-risk exposures or potential events require us to
take corrective action, for instance avoiding violent situations or insuring one’s life, home and other
possessions.
While it is possible to mitigate or transfer a great many types of risk in this way, the key to the risk
management process is choosing those risks to accept, not seeking to avoid all risks. The latter is
impossible.

2
What is Risk?
The chance (or probability) of a deviation from an anticipated outcome.
The unexpected variability in earnings and or asset prices.
Any phenomenon which could affect our ability to meet our objectives’. In the end, this usually comes down to
money—lost clients, lost reputation, lost freedom to do business as we wish—these all impact our ability to
make money.
We can attach probabilities to risk. Therefore, it can be measured, estimated or calculated in some way. Risk can
therefore be quantified and expressed as a parameter, number or value.
Risk is concerned not just with the extent or probabilities of potential losses but with deviations from the
expected outcome. It is the extent to which the actual result may deviate from the expected result that makes a
situation risky.
Risk is a function of objectives. It is the consequences of the actual result deviating from the expected result that
leads to risk. Without an objective or intended outcome, there is only uncertainty. Risk arises only where the
deviation from the objective matters; that is, if it affects individuals or firms financially, or entails some other
adverse consequence. It can also provide an opportunity.

3
Risk Stratification
Bryan Wynne (1992) proposed a four level stratification:
1. Risk: where probabilities are known
2. Uncertainty: where the main parameters are known, but quantification is suspect
3. Indeterminacy: where the causation or risk interactions are unknown
4. Ignorance: risks have escaped detection or have not manifested themselves

Risk can be quantified; whereas uncertainty cannot.

4
Risk Management Process

5
Risk Management Process

6
Steps in the Risk Management
Process
Determine the corporation’s objectives
Identify the risk exposures
Quantify the exposures
Assess the impact
Examine alternative risk management tools
Select appropriate risk management approach
Implement and monitor program

7
STEP 1: Identification of Risk and Enterprise
Management Objectives
This is primarily a managerial phase. It begins with determining the enterprise’s approach to
risks, including planning for the resources made available for risk management and selecting the
general criteria for treating risks. The enterprise selects a risk strategy compatible with the
degree of risk aversion that prevails. The directors and managers define strategic objectives and
operational goals compatible with the risk aversion of the shareholders who are looking to
maximize enterprise value.

8
Diagnosing Risk Process
Problems: Flaws in Governance
The risk process is not independent of the business units it is attempting to control. This indicates that
no independent group of professionals is overseeing the risk-taking activities of the firm; those who
take risk also monitor it, and do not necessarily impose limits/constraints when needed.
Senior/executive management does not understand the nature and/or magnitude of the risks it is
taking. This is indicative of a management team that is uncomfortable with risk, fails to understand the
impact risk can have on operations, or views risk as unimportant or irrelevant in the larger scheme of
business operations.
Accountability for risk-taking is ill defined. This reflects problems with communication and potential
unwillingness by those in the management chain to accept responsibility for the actions of those
taking, or controlling, risk.
Management’s expression of its risk appetite—in terms of types, amounts, markets, classes—is unclear
and ill defined. This, again, suggests an inability by management to understand the nature and
intricacies of risk-taking; the absence of clear expression suggests key executives are unable to grasp
the essentials of the business.

9
Diagnosing Risk Process
Problems: Flaws in Governance
Risk limits and policies are routinely violated without penalty. This suggests that the risk control function lacks authority
or management support and that management lacks control over those violating the rules. It also indicates that others in
the governance structure, including executive management and the board of directors, are not discharging their fiduciary
duties appropriately.
New products or commitments can be executed without prior approval or scrutiny by control functions. This suggests that
a formal process for vetting new risks does not exist and that entry into new markets, asset classes and instruments can
proceed unchecked. It may also signal management’s belief that new risks are not important enough to review in
advance.
New risks appear on the firm’s books without prior knowledge by those in the risk function or senior management. This
indicates disregard for risk policies/limits governing new types of risks, absence of policies designed to control new
activities, or inability by senior management to control its business leaders.
Risk policies are vague and incomplete, and are routinely misinterpreted and “arbitraged” by businesses. This indicates
that the independent risk management function does not fully understand the nature of the business risks it is meant to
be controlling or is unable to communicate directives clearly. It may also mean that business units have a disregard for
policy and are willing to interpret rules in the broadest possible fashion.
Employees are unaware of general risk processes and regular internal risk education is not undertaken. This suggests that
managers do not feel broad knowledge of risk is a corporate imperative. It may also reflect a general lack of
understanding regarding the importance of risk management.
10
STEP 2: Risk Assessment
The second, largely technical, phase of the ERM process is divided into two sub-phases:
• Risk analysis
• Risk evaluation
The risk analysis consists of risk identification and estimation. In the identification of enterprise
risks we must identify the potential sources of negative events that are capable of compromising
achievement of strategic and operational objectives.
Risk evaluation compares estimated risks against risk criteria identified by the organization upon
completion of risk analysis phase. Evaluation is used to make decisions about the significance of
risks to the organization, whether to accept each risk, or whether to treat.

11
Diagnosing Risk Process Problems: Flaws
in Identification and Measurement
Risks are not identified correctly. This may indicate that the risk function is not given enough
information to evaluate the risk of products and businesses, or that risk analysts are too junior
or inexperienced to discern different types of risks.
The firm experiences losses that are greater than expected, or which are a complete surprise.
This suggests the independent risk function is unable to distinguish between different sources of
risk or risk measurement analytics are too liberal in their underlying assumptions. It may also
mean that risk limit structures are ineffective in controlling exposures.
Risk analytics used to compute exposures routinely underestimate or overestimate the amount
of risk being taken. This suggests the independent risk function is unable to understand the
nature of underlying risk-bearing products or uses imprecise risk quantification methods.

12
STEP 3: Risk Treatment: Principal
Strategies and Methods
All risks that are identified, estimated, and evaluated are subject to a risk treatment decision.
There are four potential outcomes of the decision:
1. Risk avoidance
2. Risk transfer
3. Risk reduction
4. Risk retention
The risks are alternatively avoided or accepted. If accepted, they can be retained by the firm,
reduced through diversification (risk reduction) or transferred to third parties (risk transfer). The
risk treatment decision should be consistent with the guidance criteria of value maximization.

13
The 3 Dimensions of Risk
Management
At the level of the economy, risk management makes use of basically two approaches to
modifying the level of risk, either risk pooling (sharing) or risk transfer.
With risk pooling, or risk sharing, the effects of risks are spread among all market participants
e.g. Insurance
Risk transfer involves reassigning the risk to another party for a fee e.g. derivatives.
Risk can be managed through three generic approaches, namely hedging, diversification and
insurance.

14
Relationship between Risk
Processes and Generic Risk
Management Processes

15
STEP 4: Monitoring Incurred
Risks
The last phase of the integrated risk management process is monitoring. This phase is both
technical and managerial. Senior decision makers, including board members, must identify the
risks to be monitored and middle managers need to ensure that these risks are reported.
Regardless of who is responsible for which tasks, it should be noted that retained risks require
monitoring.

16
 Diagnosing Risk Process Problems:
Flaws in Reporting and Monitoring
Risk reporting cannot be done on a timely basis, or is routinely inaccurate. This indicates that the firm lacks
automated reporting processes, or that its central repository for aggregation and evaluation are incomplete. It
may also indicate that risk analytics used to compute the value of specific risks are erroneous.
Regulatory risk reporting requirements cannot be met. As above, this suggests the firm is unable to collate risk
information in an automated fashion and distill it into the form required by different regulatory authorities.
Sources of profits and losses cannot be decomposed and monitored; the firm is unaware of how it makes or
loses money and cannot attribute earnings to specific activities or risks. This reflects a fundamental lack of
understanding regarding the nature of the firm’s business and how much risk is being taken, and whether
different sources of business risk are profitable or unprofitable. It may also indicate problems with
technological infrastructure.
Positions and trades cannot be reconciled to the firm’s official books and records. This may indicate deficiencies
in the technological platform as well as the use of multiple sources of data to control a single business. It may
also reflect ineffective audit and financial control processes.
Risk limits and decisions are not properly documented and provide no verifiable audit trail . This suggests lack of
discipline and procedure in basic risk policy and governance; it may also indicate an unwillingness by decision-
makers to commit their decisions to writing.
17
Sources of Risk
The are two major sources of risk; Business Risk and Financial Risk

18
Types of Financial Risk

19
The Need for Financial Risk
Management

20
21
Financial Risk Management Tools
One of the major tools for managing financial risk is the Value at Risk

22
Risk Management Tools

23
Risk Management Tools

24
Sensitivity Analysis
Looks at the change in your decision variable when one input
changes.
 Examples:
 what happens to the value of a project if sales are 10% higher than
expected.
 What happens to the cost of capital if the risk free rate increases.
Example 1
Basic time value of money problem.
Assume you believe you need 2,000,000 when you retire and you are now 25
years old.
How much will you need to deposit each year at the end of the year if your
account earns 8% each year?
$27,357.56
Example 1 Change ONLY
Expected return
What if your estimated rate of return is of by 10% of the base (What if
your account earns 8.8% each year? Or 7.2% each year)?

Rate Payment

7.2% $24,322.44

8% $27,357.56

8.8% $30,724.44
Example 2: change ONLY
Amount Needed for Retirement
Now assume that the amount you need for retirement may be off either
way by 10%

Savings Needed Payment

1,800,000 $24,621.80
2,000,000 $27,357.56
2,200,000 $30,093.31
Sensitivity Analysis
•Usually the results are represented in a table where the response of
the decision variable to changes in more than one individual variable
are reported.
•Then you can compare across variables to see which one has the
largest impact on your decision
Example Results
Change in Payment needed for Retirement

Savings Needed Expected Return

+10% $24,621.80 $24322.44

Base $27,357.56 $27,357.56

-10% $30,093.31 $30,724.49

Sensitivity Analysis
•Benefits
a. Easy to Calculate and Understand
b. Measures risk associated with individual inputs
•Weaknesses
a. Ignores probability of event
b. Ignores interaction among the variables
c. Ignores gains from diversification
Scenario Analysis
Differences from Sensitivity Analysis
 Allows you to change more than one variable at a time
 Look at a group of scenarios (best case, base case, and worst case) for
example worst case – what if all variables change against us by 20%….
 Includes probability estimates of each scenario
 Scenario Analysis
Now let both the future cash flows and the cost of capital change.
Worst Case Scenario Best Case Scenario
(Savingsh Returni) (Savingsi Returnh)
Need $2,200,000 Need $1,800,000
Return = 7.2% Return = 8.8%
PMT = 33,796.89 PMT = $21,890.20
 Scenario Analysis
•Given the NPV and Probability you can find the expected NPV and standard deviation
Scenario NPV Prob. NPV(Prob)
Worst $33,796.89 .33 $11,265.63
Base $27357.56 .33 $ 9,119.17
Best $21,890.20 .33 $ 7,296.73
Expected NPV $27,681.55
Standard Deviation $ 5,959.95
Scenario Analysis
•Benefits
1. More than one variable changes at a time
2. Accounts for probability
3. Easy to perform
•Weaknesses
1. Small number of scenarios is unrealistic
2. Probability distributions difficult to estimate
Monte Carlo Simulation
•A more advanced form of scenario analysis
•Utilizes the computer to make random choices for each variable
input then calculate the expected return and standard deviation
Mont Carlo Simulation
1. Construct a model of the firms cash flows and NPV’s
2. Specify a probability distribution for each uncertain variable
(characterized by mean and standard dev) and correlation among
variables.
3. Allow computer to select a random draw form the distribution for
each variable
4. Calculate NPV (this is one scenario).
5. Repeat 3) an 4) (10,000 or 100,000 times) equal chance of each
scenario –Calculate expected NPV and standard deviation.
Monte Carlo Simulation
•Benefits
1. More realistic selection of variables
2. Easy to understand results

•Weaknesses
1. Only as good as probability estimate and correlation of
variables
Risk Management Tools (Trading)

39
Risk Management Tools (Trading)

40
Types of Financial Risk

41
Types of Financial Risk

42
Market Risk

43
Liquidity Risk
Risk that a financial institution may not be able to pay back its liabilities in a timely manner
because of an unexpectedly large amount of claims
More realistically, it may be able to meet those requests only by quickly selling (fire sale) large
amounts of assets, at a price that is below their current market value, thereby suffering a loss

44
 Credit Risk

The potential that a borrower or counterparty will fail to meet its obligations in accordance
with agreed terms.
It can also be defined as the risk of a trading partner not fulfilling heir obligations in full on
due date or at any time thereafter.
The risk emanates from uncertainty in a counterparty’s ability or willingness to meet its
contractual obligations.

45
Credit Risk

46
Operational Risk
The Basel II Committee defines operational risk as: "The risk of loss resulting
from inadequate or failed internal processes, people and systems or from
external events."

47
Operational Risk

48