Introduction to Managing Risk

Definition and concept

 What is risk?
‘Risk is a condition in which there exists a quantifiable
dispersion in the possible outcomes from any activity. It can be
classified in a number of ways.’ CIMA Official Terminology, 2005

Risk has also been defined as: ‘Uncertain future events which
could influence the achievement of the organization's strategic,
operational and financial objectives.’ International Federation of
Accountants,1999
 Definition…
Risk management is:
‘A process of understanding and managing the risks that the entity
is inevitably subject to in attempting to achieve its corporate
objectives.

For management purposes, risks are usually divided into categories

such as operational, financial, legal compliance, information
and personnel.

One example of an integrated solution to risk management is

enterprise risk management.’ CIMA Official Terminology,2005
Risk is of paramount importance to organizations. Businesses
must identify, evaluate, manage and report many types of
risk for improved decision making.

Risk can be classified in a number of ways. Here it is classified

according to the CIMA Official Terminology.
Business or operational: relating to activities carried out
within an entity, arising from structure, systems, people,
products or processes.

Country: associated with undertaking transactions with, or

holding assets in, a particular country. Risk might be political,
economic or stem from regulatory instability. The latter might
be caused by overseas taxation, repatriation of profits,
nationalisation or currency instability.
Environmental: these risks may occur due to political,
economic, socio-cultural, technological, environmental and
legal changes.
Financial: relating to the financial operations of an entity and
includes:
Credit risk: a loss may occur from the failure of another party to perform
according to the terms of a contract •
Currency risk: the value of a financial instrument could fluctuate due to
changes in foreign exchange rates •
Interest rate risk: interest rate changes could affect the financial well being
of an entity •
liquidity (or funding) risk: an entity may encounter difficulty in realising
assets or otherwise raising funds to meet financial commitments.
Reputational: this is damage to an entity's reputation as a
result of failure to manage other risks.

Strategic risk: these are risks stemming from the entity's

strategy and pose the greatest threat to the achievement of the
strategy.
Perceptions of ‘Risk’
Risk can be perceived in a number of ways. Collier and Agyei-
Ampomah (2006):
Risk as a hazard or threat (downside risk): It
is referred to as a negative event or threat to the organization.
Managing risk in this context means using management
techniques to reduce the probability or impact of the negative
event without undue cost.• Risk as uncertainty: risk is
the distribution of all possible outcomes, both positive and
negative. Managing risk in this context means reducing the
variance between anticipated and actual outcomes.
Risk as opportunity (upside risk): risk can be
seen as a source of opportunity to business.
Managing risk – a generic
approach
Risk assessment This comprises the analysis and evaluation
of risk through processes of identification, description and
estimation.
Identification: this aims to determine an organization's
exposure to uncertainty. It requires a thorough knowledge of the
organization's strategy, its products/services and markets, and
the legal, social, political, economic and technological
environment in which it exists.
Identification requires a methodical approach to ensure all
significant activities within the organisation have been
identified and all risks flowing from those activities are defined.

Methods of identifying risks include:

• risk workshops
• stakeholder consultations
• benchmarking
• scenario or ‘what if’ analysis
• auditing and inspection
• research methods (interviews, surveys, etc.)
• cause and effect diagrams.
Description: identified risks need to be displayed in a structured format, using
a table to facilitate risk description and assessment.
Estimation: risk estimation can be quantitative, semi-quantitative or qualitative
in terms of likelihood of occurrence and possible consequences. Assessing the
impact of each risk can be done using a variety of tools including:
• probability;
• scenario planning;
• decision trees;
• sensitivity analysis;
• risk mapping;
• SWOT or PEST analysis;
• root cause analysis; and
• cost benefit/risk benefit analysis;
Risk mapping is the most frequent example of how risks are assessed.
Mapping involves a matrix of likelihood/probability and
impact/consequences.
Risk register: it is recommended that organisations record their
risks in a risk register. This can include the following
information:
• a unique identifier number,
• risk category,
• description of risk,
• the date the risk is identified and by whom.
• Other possible data includes the likelihood of risk, consequences,
interdependencies with other risks and a monetary estimation.
2. Risk management policy:
Before responses are developed for each of the risks identified,
it is necessary to determine the organization's attitude to risk or
risk appetite.

The risk appetite will be influenced by the size and type of

organization, its culture and its capacity to withstand the
impacts of adverse occurrences.
Risk response (treatment):
This is the process of selecting and implementing measures to
manage the risk.
The challenge for risk managers is to determine a portfolio of
appropriate responses that form a coherent and integrated
strategy such that the net remaining risk falls within the
acceptable level of exposure.

It is important to note that there is no right response to risk. The

choice of response will depend on issues such as the
organization's risk appetite, the impact and probability of the
risk and the costs and benefits of the mitigation plans.
Responses to risk generally fall into the following categories:
Risk avoidance: action is taken to halt the activities giving rise to risk, such as a
product line, a geographical market or a whole business unit.

Risk reduction: action is taken to mitigate the risk of likelihood or impact or

both, generally via internal controls.

Risk sharing or transfer: action is taken to transfer a portion of the risk through
insurance, outsourcing or hedging.

Risk acceptance: no action is taken to affect likelihood or impact.

Implementation of the chosen risk responses involves developing a

risk plan outlining the management processes that will be used to
manage the risk of opportunity to a level defined by the
organisation’s risk appetite and culture.
4. Risk reporting

There are two areas of risk reporting:

1.• Reporting to external audiences. E.g., on internal control,
and a review of risks is included in the annual report;
2.Reporting to internal audiences. The reporting of risks and
risk management information is essential for internal decision
makers to integrate risk evaluations into their operational and
strategic decisions, review of performance decisions.
 Credit risk management
LEARNING OBJECTIVES:
1. Define Credit, Credit risk, and credit risk management
2. Credit risk management process
3. Prudent credit procedures
4. Credit administration, measurement, and monitoring
5. Credit risk controls
6. Causes of problem loans
7. Internal Audit
8. Risk management Structure
 DEFINITIONS
Credit is the provision of funds on agreed terms and conditions to a
debtor who is obliged to repay the amount borrowed (together with
interest thereon). Credit may be extended, on a secured or unsecured
basis,
Credit means a provision of, or commitment to provide, funds or
substitutes for funds, to a borrower, including off-balance sheet
transactions, customers’ lines of credit, overdrafts, etc

Credit risk is the risk of financial loss, despite realization of

collateral, resulting from the failure of a debtor to honor its obligation

Credit risk is the potential that a bank borrower will fail to meet its
obligations in accordance with agreed terms (Basel Committee on
Banking Supervision,2000).
Definitions
Credit risk management is the process of controlling
the impact of credit risk-related events on the bank. This
management involves identification, understanding, and
quantification of the degree of potential loss and the
consequent taking of appropriate measures to minimize the risk
of loss to the bank.
Credit risk arises from the potential that a bank‘s
borrower will fail to meet its obligations in
accordance with agreed terms, resulting in a negative
effect on the profitability and capital of the bank
Generally credits are the largest and most obvious
source of credit risk.
Credit risk could stem from both on-balance sheet
and off-balance sheet activities
 Credit Risk Management Process
Credit risk management process should cover the entire credit cycle starting
from the origination of the credit to the point the credit is extinguished from
the books.

It should provide for sound practices in:

•1. Credit Processing/Appraisal-
A checklist to ensure that all required information , pre-qualification screening
criteria, credits should be for legitimate purposes , credit appraisal to assess
the customer’s ability to meet his obligations- ensure creditworthiness ,
require collateral or guarantees in support of a credit in order to mitigate risk,

•the appraisal criteria will focus on:-amount and purpose of facilities and
sources of repayment, integrity and reputation of the applicant , performance
of the borrower in any credit , the borrower’s capacity to repay based on his
business plan, physical inspection of the borrower’s business premises
borrower’s business expertise; adequacy and enforceability of collateral or
guarantees, current and forecast operating environment of the borrower,
background information on shareholders, management capacity .
2. Credit-approval/Sanction
written guidelines on the credit approval process and the approval authorities
of individuals or committees

3. Credit Documentation
Documentation is an essential part of the credit process and is required for each
phase of the credit cycle, including credit application, credit analysis, credit
approval, credit monitoring, collateral valuation, foreclosure.

The format of credit files must be standardized and files neatly maintained with
an appropriate system of cross-indexing to facilitate review and follow up.
4. Credit Administration
Financial institutions must ensure that their credit portfolio is
properly administered, that is,
•loan agreements,
•credit files.
•Insurance policy
•disbursements based on contractual terms and conditions
•Collateral
•timely repayments on interest, principal and any agreed to fees and
commissions;
•information provided to management is both accurate and timely
•Responsibilities are adequately segregated
•funds disbursed are, in fact, used for the purpose for which they were
granted;
•policies and procedures as well as relevant laws and regulations are
complied with
5. Disbursement

6. Monitoring and Control of Individual Credits

To safeguard financial institutions against potential losses,

problem facilities need to be identified early.

Taking prompt corrective actions when warning signs point to a

deterioration in the financial health of the borrower

More frequent reviews should be carried out on large credits,

problem credits or when the operating environment of the
customer changes
 PRUDENT PROCEDURES FOR APPROVING
CREDIT,
DOCUMENTATION AND COLLECTION

1. Credit Approval Procedures

•There should be a written credit manual

•The credit manual should stipulate sound, well-

defined criteria for granting credit, including a
thorough understanding of the borrower, the
purpose and structure of the credit and its source of
repayment.
Credit decisions should be supported by adequate evaluation of
the borrower’s repayment ability based on reliable information.

All credit should be granted on an arm’s length basis. Credit to

related borrowers should be monitored carefully and steps
should be taken to control or reduce the risks of connected
lending

Lending should not over-rely on collateral or guarantees. the

primary consideration should be the borrower’s debt-servicing
capacity.
 Prudent procedures…

2. Legal Documentation;

Banks should take measures to minimize the possibility of loss through

legal risk.

All documentation for all credit products should be subject to

(independent) legal review and approval for enforceability and
compliance with relevant domestic and international law

Prior to release of funds, all completed documentation and supporting

documents should be received, reviewed and approved by the authorized
parties.
3. Effective credit administration,measurement and
monitoring:

Credit Administration : Banks should

•keeping the credit files current, obtaining up-to-date financial
information on borrowers, and safe custody of important documents
(such as title deeds etc.)

•develop and implement procedures to identify, monitor and control

the characteristics and quality of its credit portfolio.

• Identifying and reporting potential problem credit exposures for

more frequent review, followed up with appropriate corrective action,
classified as below standard where appropriate, and that provisions
are made where necessary.
Categorization of the credit portfolio and internal credit audits are
integral elements of effective and prudent portfolio monitoring
and control system

Regular review of ratings and the rating system can also provide an
effective tool for monitoring the level and trends in the quality of
individual credits and the credit portfolio by highlighting credits or
segments of the portfolio that warrant special attention.
Measuring and Monitoring of Credit Risk:

Banks should maintain adequate information systems for measuring credit risk
(including measuring credit risk inherent in off-balance sheet) and for monitoring the
condition of individual credits to facilitate identification of problem credits and
determination of the adequacy of provisions and reserves.

Analyzing credit portfolio by:

(a)Size of exposure;
(b) Exposure to groups of connected parties;
(c) product lines;
(d) Sectors;
(e) Geography;
(f) Loan status/category;
(g) Internal credit ratings;
(h) Outstanding versus undrawn commitments;
(i) Types and coverage of collateral; and
monitoring the overall quality of their credit risk exposures
under normal and stress conditions.

Reporting system which alerts management to aggregate

exposures approaching various pre-set portfolio limits
Asset Classification and Provisioning:

A. Internal:
develop and use credit risk grading systems in managing credit risk.
Coverage should extend to as much of the portfolio as possible, including off-
balance sheet exposures; both performing and nonperforming assets to
provide for the migration
Connected parties

A regular independent review function to provide assurances about the

integrity of the grading process should be established;

A sufficient number of risk grades

B. External- NBE’s Classification

Provisioning :

NBE’s Requirements
(a) Normal/Pass – 1%
(b) Special mention – 5%
(c) Substandard – 20%
(d) Doubtful – 50%
(e) Loss – 100%
ADEQUATE CONTROLS OVER CREDIT
RISK
Segregation of duties:

keep the functions of credit initiation, approval, review,

administration, payments and work-out as separate as possible.

establish and enforce internal controls and practices so that deviations

from policies, procedures, limits and prudential guidelines are
promptly reported to the appropriate level of management.

A timely, accurate and in-depth management information system

Risk Mitigation:

In controlling credit risk, banks can utilize certain mitigation

techniques. Normally, they include: (a) Accepting collateral, standby
letters of credit and guarantees; (b) Setting strict loan covenants; and (c)
other instruments.

Managing Problem Credits to handle the recovery and work-out of

problem loans

Independent Audits:
Establish a system of regular independent credit and compliance audits.
These audits should be performed by independent parties
 The causes of problem loans
Poor Loan Interview
Inadequate Financial Analysis
Improper Loan Structuring- failure to understand the client‘s business and the cash flow
cycle. Hence, it is difficult to anticipate future financing needs and to choose the appropriate
loan type, amount, and repayment terms.

Improper collateralization- Accepting collateral not properly evaluated for ownership, value,
or marketability can leave the bank unprotected in a default situation.
Inadequate Loan Documentation
Inadequate Loan Monitoring
Adverse Business Owner Decisions -lack of management depth, product deterioration, poor
marketing, and poor financial controls.

Adverse External Developments -Changes in the environment, economy, regulations,

competition, technology
 INTERNAL AUDIT
1. verify the continuing adequacy and applicability of credit
risk management policies and procedures,
2. provide an independent assessment of the
credit portfolios' existence, quality and value, the integrity
of the credit process, and
promotes detection of problems relating thereto.

Assessments should, at a minimum, randomly test all

aspects of credit risk management in order to determine
that:
•
Credit activities are in compliance with the credit and accounting
policies and procedures, and with the laws and regulations to
which these credit activities are subjected to
 • Existing credits are duly authorized, and are accurately recorded
and appropriately valued on the books of the bank
• Credit exposures are appropriately rated,
• Credit files are complete,
• Potential problem loans are being identified on a timely basis and
determine whether the provision for credit losses is adequate,
• Credit risk management information reports are adequate and
accurate,
• Improvement in the quality of credit portfolio,

• Credit audit is conducted on-site,

•Credit auditors may visit borrowers’ factory/ office premises
 RISK MANAGEMENT STRUCTURE

Board of Directors

Risk Management Committee-

Board level Sub committee including CEO and
VPs and RCMD

It will devise the policy and strategy for integrated risk management containing
various risk exposures of the bank