CHAPTER 1: INTRODUCTION TO RISK MANAGEMENT

DEFINITION OF RISK

-A situation involving exposure to danger

-In simple terms, risk is the possibility of something bad happening.

- Risk involves uncertainty about the effects/implications of an activity with respect to

Accordingly risk has two components;

i) Uncertainty
ii) Exposure to that uncertainty

DEFINITION OF RISK MANAGEMENT

Risk management is the process of identifying, assessing and controlling threats to an

Risk management is a process of identifying risks, assessing risk and developing strategies to
mitigate these risks. By understanding these potential risks and finding ways to minimize their
impact, the organization will be giving itself the best chance to succeed.

RISK MANAGEMENT PROCESS

Source www.colour box.com

1
It is important to have a clear, formalized risk management plan which will bring in additional
visibility into consideration. Standardising risk management makes identifying systematic
issues that affect the organisation simple. An ideal risk management plan for an organisation
serves as a roadmap for improving its performance.

The risk management process entails:

i) Identification of Risks
ii) Assessment of Risks
iii) Addressing/Treating of Risks
iv) Reviewing and Reporting of Risks

Identifying Risk

In order to manage risk, organisations must create a risk identification process across the
organization in order to develop a meaningful risk management program. It is not enough to
simply identify what happened, the most effective identification techniques focus on the root
cause. The identification of risk can be separated into two distinct phases, namely;

i) Initial risk identification

This is for a new organization or project which has not previously identified its risks in a
structured way

ii) Continuous risk identification

It is important to continuously identify risks which were not previously in existence or risk
which has ceased to be relevant to the organization.

A designated risk review team, either inhouse or contracted by the bank can be established to
consider all operations and activities of the organization in relation to its objectives and to
identify risks. All levels within the bank are encouraged to review its activities and contribute
to the identification of risks it faces, through a documentation approach or the facilitation of
workshops.

2
Assessing Risk

Assessing risk in a uniform way will allow for a healthy risk management system. It is
important to be able to collect and analyse data to determine likelihood of any given risk and
subsequently prioritize remediation efforts

Risk assessment must;

i) Ensure there is a clearly structured process in which both likelihood and impact are
considered for each risk
ii) Record the assessment of risk in a way which facilitates user friendly monitoring
and identification of risk priorities.

It is necessary to consider the company’s risk appetite before risks can be addressed.

Risk Appetite and Risk Tolerance

Risk appetite is the amount and type of risk the bank is willing to take to achieve its strategic
objectives, over a specified time horizon at a given level of confidence.

Risk tolerance is the degree of variability in investment returns that an investor is willing to
withstand.

While risk appetite is about the pursuit of risk, risk tolerance is about what an organization can
actually cope with. Appetite is about the willingness to take risk whereas tolerance is about the
willingness and capacity to take risk- tolerance may be restricted by capacity.

The difference between the two is often explained by reference to an example of theft of assets
in a firm. Although there is no appetite for theft in any firm, many senior managers expect that
some level of theft of assets will inevitably occur. This level is tolerated even though there is
no appetite for allowing theft itself

Addressing Risks

-The purpose here is to reduce risk exposure and minimize the likelihood of an incident. Risks
need to be continually addressed to ensure banks are fully protected.

Actions taken by the bank to address the risks, form what is called internal control.

Four aspects of addressing risk are;

3
  Risk avoidance
 Risk mitigation
 Risk transfer
 Risk retention

-Risk avoidance requires purposeful action and the elimination or modification of process,
procedure or activities associated with the identified risk. You can avoid a specific risk or
exposure by choosing an alternate option or taking steps to remove it. These are risks you can
avoid by changing your operations

-Risk Mitigation is developing preventive and reactive action plans to reduce the likelihood of
risk in the bank. The bank can reduce risk through planning and implementing activities,
programs, procedures or other control methods

-Risk Transfer involves transferring risks to a third-party. To compensate the third-party for
bearing risk, the bank will generally provide the third party with periodic payments. The most
common example is insurance.

-Risk retention within a bank means the bank has accepted responsibility for the risk as is and
, therefore, have budgeted for potential claims and losses. This strategy is most often used for
risks with low probability and low impact of happening or emerging risks that may pose a
threat in the distant future.

 it is important to review and monitor your risk response strategies and make suitable
adjustments. It is common to end up using a combination of risk response strategies,
unless you are avoiding the risk completely.

REVIEWING AND REPORTING OF RISKS

-Reviewing and reporting is necessary to monitor whether or not the risk profile is changing
and to gain assurance that the risk management is effective, this also helps in identifying when
further action is necessary.

-Reviewing risk should be an ongoing process, in order to allow for the addressing of emerging
trends to determine whether or not progress is being made.

- presenting information about how the risk management program is going in a clear and
engaging way demonstrates effectiveness and can rally the support of various stakeholders in

4
the bank. Developing a risk report that centralizes information and gives a dynamic view of the
banks risk profile is necessary.

-it is important to put in place processes to review whether risks still exist, risks that have
arisen, ability to detect whether the likelihood and impact has changed in order to report
significant changes.

Three key rules for risk management

 there is no return without risk. Rewards go to those who take risk

TYPES OF RISKS FACED BY BANKS

The risks faced by banks are; credit risk, market risk, liquidity risk, operational risk and legal
risk

Credit risk- is the possibility of a loss resulting from a borrower’s failure to repay a loan or
meet contractual obligations. Banks often lend out money, the chance that a loan recipient does
not pay back the money can be measured as credit risk.

Market risk- is the possibility of an investor experiencing losses due to factors that affect the
overall performance of the financial markets. It refers to the risk of an investment decreasing
in value as a result of market factors

Liquidity risk- the risk of incurring losses resulting from the inability to meet payment
obligations in a timely manner when they become due. With any financial institution, there is
always the risk that the institution is unable to pay back its liabilities in a timely manner.

Operational risk- is the risk of loss due to errors, interruptions, or damages caused by people,
systems or processes.

Legal risk- is the risk of losses arising from an unintentional or negligent failure to meet a legal
obligation to specific clients.

5
6