The expectation from large firms that capital distribution decisions are informed by risk identification and management processes that tie to a firm’s overarching risk appetite.
Risk tolerance establishes minimum and maximum boundaries around the risk appetite that the board is willing to accept.” Absolutely true. These boundaries are what transform high-level information in the risk appetite statement into something actionable. Risk tolerance can be applied to whatever context you are working – strategic goals and objectives, a project, process changes, whatever. They are flexible and adaptable…and it is crucial for risk management processes to be adaptable
The Enterprise Risk Management (ERM) goal of risk management is to provide management (and the entire company) with valuable insights for risk-informed decision-making. But day in and day out, decisions are being made that don’t reflect what is voiced in the risk appetite statement approved by executives. Obviously, it is very challenging connecting an enterprise-level risk appetite statement tangibly to business strategies and risk limits. Risk Appetite Frameworks Insights into evolving global practices, An IACPM/PwC Study, November 2014 facts stated that 65% of respondents in the IACPM / PWC Survey cited integration of risk appetite into decision-making process as the biggest challenge in Risk Appetite Framework implementation.
While many firms may have strong risk management processes in place for specific risk discipline, they struggle to develop a robust firm-wide process that is transparent to a third party. Growth is being stifled, and the company is barely remaining viable. The very much expectation that the risk assessment result would be enough to trigger actions and decision-making that would boast company performance, but no such thing evenly happens, rather extremely risky decisions are made in desperate chances to increase income, gain customers and secure a bigger market share.
Crucial steps exist that could accommodate these challenges according to Risk management experts, Anna Krayn and Ed Young, as follow;
Assessing the problem
It is expected that large firms would develop and maintain a Risk Appetite framework having stated in their risk appetite statement that is integrated, transparent, measurable, and actionable in line with the strategic objectives; however, there have been no clear cut acceptable process to that effect. Some firms have strong risk management in place for individual material risks, but struggle to provide a compelling narrative of how they have an effective firm-wide process.
Firms are to have a supported process of effective firm-wide risk-identification, risk-measurement, and risk-management practices that are thorough and robust in managing their resources. Using a variety of models to view risk would enable management to view specific risks with a reasonable amount of depth and to view risks broadly and assess their inter-dependencies, since no one risk measure or model does an acceptable job of considering all material risks for a firm.
The first step in developing a robust Risk Appetite Framework is to get a
comprehensive understanding of the risks that are faced by the firm, commonly referred to as an organization’s risk identification process. The risk identification (or Risk ID) process should highlight risks and relationships in multiple dimensions and ultimately inform decision-making of the senior leaders of the organization.
To adequately support the Risk ID process, the organization must develop a structure that incorporates a common risk classification, specified roles, responsibilities and ultimate accountability for identifying and assessing the materiality of the first and second order risks that impact the firm. An effective Risk ID framework combines multiple quantitative tools with qualitative processes to enable a firm to see risks that span many traditional risk buckets and can provide the depth of information needed to assess specific risks in detail. This requires a suite of tools used throughout the business lines, from which outputs can be aggregated to provide a robust picture of how risks can impact the firm.
For firms decision-making, developing a process that is transparent, repeatable, and manageable is paramount to ensuring it is adopted across the various business lines of the organization.
Transparency enables individuals throughout the organization to understand how their input is used to inform the “bigger picture” of risk at the organization.
A Risk ID process will only be successful if a repeatable feedback loop is established to ensure the risk inventory is accurate and dynamically updated to include emerging risks and changes in market conditions.
Finally, the process must be manageable to make it a complement that adds value to business decisions, as opposed to being considered a compliance exercise.
Developing a Strategy
Once a Risk ID process is established, the next step is to calibrate business strategies and the associated risk limits to ensure they meet their goals without taking undue risk in the process. While business strategies are not often discussed in the context of risk limits, it is critical for an organization to consider them in tandem when making strategic decisions. This “calibration” of risk limits in the context of business strategies must be somewhat dynamic, and must consider internal factors such as credit underwriting standards, portfolio concentration risk or any emerging risks that may be a result of entering a new product line, while also keeping sight of macro trends related to economy or competition in specific market segments.
To be able to calibrate the risk appetite of an organization, initially the Board must define specific metrics that can be used to anchor the process. This expression of the firm’s risk appetite must include units of measure that include both magnitude and a stated time horizon.
There are a multitude of factors that can influence the financial performance of an organization, including asset quality deterioration, market shocks and liquidity events. Unfortunately, these factors do not usually occur in isolation and require management to consider a few key items when formulating a risk limit framework.
Once this process is established it is important to ensure effective governance is put in place. To ensure that business strategies and risk limits remain in sync with the firm’s risk appetite, a firm should identify key assumptions that could impact the effectiveness of the framework to senior leaders. Finally, this process should be repeated frequently to ensure business strategies and risk limits remain effective and aligned with the stated risk appetite.
Measurement and Management
After the firm’s risk appetite is calibrated to its business strategy and associated risk limits it is critical that an effective risk measurement system is put in place. The risk measurement component is critical to establishing a strong feedback loop to solidify the Risk Appetite Framework. Dynamic risk measurement begins with a robust scenario design process. Stress scenario analysis is typically completed on a relatively small number of future “states of the world,” so developing meaningful scenarios is critical.
Many firms rely on a combination of internal and external sources to develop stress
scenarios. While most have developed an effective process to consider macro factors and their impact on the organization, some fall short of fully incorporating information provided by other risk tools and strategic plans into the scenario design process. For example, firms can leverage information from credit portfolio models (e.g., economic capital models) that use a robust simulation approach to identify additional idiosyncratic and emerging risks to support the scenario design process. This enables senior leaders to strategically assess the impact of current portfolio construction and future business strategies to ensure profits are maximized for the level of risk taken by the firm.
Identifying the risk metrics of an effective risk measurement system is needed to ensure risk managers have the information needed to take prompt action when needed. Risk metrics should include various measures that take into account the timing and accounting impacts of deterministic scenarios over a specified time horizon(s) and the interaction of multiple risks on the consolidated income statement and balance sheet. Additionally, profitability and in-depth portfolio risk metrics using advanced techniques that consider many possible outcomes must be included to ensure exposures that may not be revealed in deterministic stress scenario analysis are linked to the Risk Appetite Framework.
For more posts on interesting topics click here
If you enjoyed this post don’t forget to like, follow, share and comment!
Email me on(guest posts welcome!): email@example.com