Risk management is the process in which the level of risk to be taken is defined, and the levels of risk are measured with the objective of maximizing the company or portfolio value. Risk management is not about minimizing risk; it is about actively understanding and pursuing those risks which maximize the chance of achieving goals and minimizing the chance of failure.
Designing a Framework
Risk management has to be tailored to the enterprise and requires a custom solution. The risk management framework should address the following areas:
Governance is the top-level system of structures and policies. Risk governance ensures risk management activities align and support the overall enterprise. It is often driven by regulatory concerns as well as the fiduciary role of governors.
Risk Identification and Measurement
Risk identification and measurement is the quantitative core of the risk management process. It requires ongoing evaluation, both quantitative and qualitative to analyze the relevant risk drivers, the risk exposures and to calculate risk metrics under various stress scenarios.
The infrastructure refers to people and systems that carry out the risk management process. This may include technology solutions capable of capturing, storing, computing and reporting the necessary data as well as skilled personnel to run this process.
Policies and Processes
Policies and processes are the extensions of risk governance into the daily operations of the organization. These limits, requirements, constraints, and guidelines should be integrated into the business process.
Risk Monitoring, Mitigation, and Management
Actively monitoring risk is a challenging task that requires continuously evaluating all areas of the risk management process. When it is determined that risk exposure is out of alignment with the desired risk tolerance, action needs to be taken to realign the risk exposure.
There must be a communication loop in place to ensure governance parameters can be clearly communicated to managers and the reporting of risk metrics can be reported in a clear and timely manner to the governors to enable them to update and report back to the organization.
Strategic Analysis or Integration
The risk management framework should provide tools to better understand which activities are creating value and which are not. This analysis can improve decision-making and generate better risk-adjusted returns.
Benefits of a Risk Management Framework
When risk management is integrated into all levels of the business, it means there is an effective risk culture. A risk culture generally produces better results than considering risk as an afterthought, or not at all. The benefits include:
- Less frequent surprises and a better understanding of the potential effect of a surprise
- More disciplined decision-making to consider the risk-return relationship
- Better response and risk mitigation
- Better efficiency and fewer operational errors
- A better relationship between the governing body and organization management
- A better corporate reputation
Which of the following is least likely a benefit of a well-implemented risk management framework?
A. Risks are minimized across the organization to allow for better overall company performance
B. A relationship of trust is developed between the governing body and the company management
C. A risk management framework generates feedback loops to allow for more informed and disciplined decision-making
The correct answer is A.
Risk management does not set out to minimize risks; it is about actively understanding and pursuing those risks which maximize the chance of achieving goals and minimizing the chance of failure.
Reading 42 LOS 42b:
Describe features of a risk management framework