Phyllis Wangui
$10/hr
I am a professional article writer with 2 years’ experience.
- Reply rate:
- 100.0%
- Availability:
- Full-time (40 hrs/wk)
- Location:
- Nairobi, Nairobi, Kenya
- Experience:
- 2 years
Ch.2 Risk Taxonomy
The Key points in this reading is understanding how to define and classify the major categories of risk and how to measure and manage risks.
Introduction
In Risk Taxonomy we categorize and describe all the major risks that may be faced by a firm.We identify events with potentially adverse consequences to an enterprise and categorize into risk classifications.
We consider both external and internal risks that are inherent to an enterprise as illustrated in the table below:
External Risks vs. Internal Risks
External Risks
Internal Risks
Financial market risk
Stock market risk
Interest rate risk
Exchange rate risk
Credit risk
Spread risk
Systemic risk
Liquidity risk
Political and regulatory risk
Macro-economic risk
Business cycles
Inflation risk
Environmental risk
Operational risk
People risk
IT risk
Project risk
Legal risk
Pricing risk
Process risk
Strategic risk
Reputational risk
Note: Many risks are further classified into sub categories and are closely related
External Risks
1. Financial Markets Risk
a) Stock Market Risk
This is the risk arising from general movements in financial markets. It’s a key business risk for financial firms such as banks and hedge funds where the firm’s results are directly linked to performance of their capital market investments. Major risk could arise from price movements or from changes in volatility.
Firms may deal with Stock market risk by:
Hedging their Market risk
Speculating i.e. taking market positions which will generate profits if their predictions of market performances are correct and losses if not.
b) Interest Rate Risk
This is the risk that movements in interest rates change the values of bonds and bond-like investments, creating losses.
Movements in interest rates will affect the firms in the following ways:
Without careful management, the value of the liabilities may move less / more than the value of the supporting assets as rates change, potentially creating losses
Insurance companies and pension plans are particularly vulnerable because annuities and premium payment streams are highly interest-sensitive
How Movements in Interest Rates Affect Investor Behaviors
Increasing rates may create a demand for fixed interest instruments, which could create downward pressure on prices of stocks and other assets, as demand moves away
Higher interest rates reduce the discretionary savings of individuals who need to borrow cash for loans and for mortgages
House prices and markets can become depressed, which has knock on effects on the economy as a whole
On the other hand, low interest rates discourage saving and other investment
c) Exchange Rate Risk
This risk has 3 sub categories as explained below:
Transaction Risk
This is the risk arising when a firm has current contractual obligations specified in different currencies. The firm is exposed to losses from exchange rate movements in the time period between entering a contract and settling it. If a contract calls for a series of payments specified in non-domestic currency, then the transaction risk continues as long as the contracts are in force.
Economic Risk
This refers to a firm’s general economic exposure to exchange rate fluctuations. For example: Firms that import/export goods, invest in foreign markets,whose goods experience demand slumps as exchange rate movements make imported competitive goods relatively cheaper and those whose suppliers and customers are exposed to exchange rate risk.
Transaction Risk
This arises from the requirements of financial reporting for a firm with assets and liabilities designated in different currencies.
d) Credit Risk
This is the risk related to exposure to loss as a result of a change in the credit status of a debtor or counterparty
Market Credit Risk is divided into five sub categories as explained below:
Bond Default Risk
This is the risk that a bond issuer is unable to repay some or all of the principal and interest on an outstanding loan.
Credit Downgrade Risk
.
This refers to possible change in value of bond investments resulting from a change in the credit rating of the issuer. The credit rating of a bond-issuing institution is determined by a credit-rating agency (eg.S&P, Moody’s).Investment grade: AAA to BBB-, sub-investment grade: BB+ to C and default: D.
Two bonds with identical payment schedules will have different values if the issuing institutions have different credit ratings. When a firm’s credit rating changes, the value of the outstanding bonds issued by that firm will fall and this presents a credit risk to the bond holders.
Sovereign Risk
This a risk of full or partial default by a country. A full default occurs when a country refuses to meet any interest or principal payments due on government bonds. The most common reason for full default is revolutionary change where the incoming government rejects the obligations of the outgoing regime.
Partial default occurs where a nation faces such severe economic stresses that it is unable to collect sufficient revenue to make the payments due on its loans.
Sovereign risk also covers situations where a country changes rules specifically for foreign investors.
Credit Default Risk
This is the risk that a debtor is unable to repay some or all of the amount owed.
Counterparty Risk
This is the risk that a counterparty fails to meet its obligations, whether through default or for other reasons. it may be associated with concentration risk, which arises if the enterprise is heavily dependent on a single counterparty, or a small set of mutually dependent counterparties.
e) Spread Risk
The spread between two assets refers to the difference between the returns on those assets. The long-short bond spread is the difference between yields on long bonds and yields on short bonds.
The difference between corporate bond yields and government bond yields is a form of credit spread. Spread risk is the risk arising from changes in spreads.
A Basis Risk
Basis risk is a mismatch between the liabilities and the assets supporting the liabilities. For example, if a firm holds short term bonds, but has liabilities tied to long term yields.
f) Systemic Risk
This is the “risk of disruption to financial services that is caused by an impairment of all or parts of the financial system and that has the potential to cause serious negative consequences for the real economy.”
It became a much more urgent area of research after the 2008 economic crisis, which demonstrated systemic risk within the US market, as the entire market came perilously close to collapse following the collapse of Bear Sterns and the failure of Lehman Brothers, triggered by unpredicted correlated defaults of sub-prime mortgages.
The sub-prime mortgage crisis impacted all sectors of the US economy through the cascade of defaults and liquidity failures. Firms were unable to access capital, stock prices fell, and investors withdrew billions of dollars from falling markets creating deeper collapse and a liquidity crisis
The cascade also impacted markets across the world, showing the interconnectedness of global markets, and in particular, the influence of the US market on all others
g) Liquidity Risk
An institution may have sufficient assets to meet liabilities, in principle, but may still be unable to make payments due if the assets are not sufficiently liquid.
All companies have liquidity risk but the nature and importance differs according to the nature of the firms.
Companies with fast turnover of income and outgo tend to have less liquidity problems.
Firms with longer periods between income and outgo will have more incentive to use financial instruments to park their cash, or to use loans to meet cash payments.
The liquidity risk may arise from general market problems or from poor asset-liability management.
2. Macro-Economic Risks
a) Business Cycles
Business cycles refer to economy-wide fluctuations in the economic environment, as supply and demand curves shift, unemployment rises or falls, and countries move between low and high growth phases. Although termed “cycles”, the incidence, severity, and length of fluctuations in the economy are not regular or predictable
b) Inflation
This refers to the reduction in real returns arising because of falling purchasing power of cash. Long-term fixed dollar amount cash flows are most vulnerable to inflation.
Inflation is a much more immediate issue in the developing world, which impacts organizations operating within the affected countries, and those external firms who do business with the affected countries. It is closely connected to exchange rate risk, through the principle of ‘purchasing power parity’
Purchasing Power Parity
The purchasing power parity states that if there is price inflation in country A, but not in country B, the value of country A’s currency will fall relative to country B, such that the purchasing power of a unit of currency in country is the same.
The “Real” Inflation Risk
Anticipated inflation is not a risk since it can be managed. Even unanticipated inflation need not be a major source of risk, if cash flows move in proportions, maintaining the real returns.
The problem arises when net incoming cash flows are fixed in dollar terms, so that the impact of inflation reduces the value and therefore the real return.
3. Political and Regulatory Risk
a) Political Risk
This arises from adverse political changes, in an organization’s home country or in a foreign country where there is some exposure. There may be political instability resulting in difficulty managing contracts, meeting obligations, or a supplier may not be able to move goods according to the original requirements.
In extreme cases, there may be a virtual shut down of commerce in a country while the political situation is unstable
In less extreme cases, there may be problems with liquidity and capital markets.
One way that political risk is manifested is through changes in legislation, creating new regulatory hurdles and constraints
b) Regulatory Risk
It is the risk that changes in laws or regulations will adversely impact an organization's operations or cash flow.
Changes in laws on transferring funds out of the country may create problems for firms operating in different markets.
There may be changes in the licensing rules, creating new challenges for firms to acquire the necessary permissions to conduct their business.
Firms that operate in more socially controversial areas may be more vulnerable to regulatory risk
De-Regulation
In the financial sector, there was a general trend to de-regulate, under the ‘orthodox’ economic theory that regulation had only negative effects on a healthy market economy.
4. Environmental risk
There are two interpretations of Environmental Risk.
1. Environmental changes could impact the operations of the enterprise.
Severe weather events can cause interruption of business and loss of assets for firms operating in affected areas. Soil degradation, drought and desertification will create problems in the agriculture and the leisure industries.
2. Environmental risk is the risk arising from environmental liability
For example, a firm may find that it has a liability arising from inadequate disposal of hazardous waste.
Here, environmental risk is not an external risk but an internal one, as it is generated by the business of the firm, not exogenous events or forces.
Internal Risks
1. Operational Risks
This is “the risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events. What we are concerned here is the risks that are associated with the specific day-to-day operations of the company or organization.
Note: Reputational risk is excluded from the list of operational risks.
a) People Risk
This arises from failures of individuals. It is the risk that individuals working for the organization, directly or through outsourcing, fail to follow the organization’s rules, processes or procedures.
The failure may be deliberate, in which case the risk is theft, fraud or sabotage perpetrated by an employee. If the failure is not deliberate, it is more likely caused by error, carelessness or lack of training or adequate competency.
Human error emerges as a common components in catastrophic failures in many areas. Even where the original risk event is unavoidable, it is common that human error exacerbates the situation.
People Process Failure
People process failure is the risk that the human resource process fails. For example, an organization may face losses on the resignation of 1 or 2 key people, if a succession plan has not be adopted
b) IT Risks
Information technology risks encompass all risks relating to IT.
The following are Key IT Risks
Accidental loss or corruption of data
Viruses
Unidentified bugs in programs
Theft of data or intellectual property through system security breaches
System failure from inadequate capacity
Outages and interruptions to service
Failure of suppliers
c) Project Risks
Projects often involve substantial investment of money and of resources, and major project failure can be devastating to the organization's finances as well as its reputation.
Below are Key Risks in Projects
Scope Risk
This is the risk that the project goals are changed during the implementation phase, leading to potential over-runs in time or budget, and also potentially failing to meet the original project objectives.
Sources of scope risk are:
Scope Creep
Scope risk can arise from “scope creep” where the scope of the project is redefined gradually over time, perhaps as the project team identifies potential improvements or new ideas.
Gap Risk
This where the original project planning was not sufficiently thorough, and gaps appear that require adjustments to the original scope. Gap risk can also lead to improvisation in the project implementation, which in turn can lead to multiple problems with ensuring the different parts of a project are consistent and coherent.
Defect Risk
This is the risk that hardware or software acquired or developed in order to implement a project does not meet the project needs.
Schedule Risk
This is the risk of loss due to schedule failure. Project scheduling is a key component of project management. It is used to ensure that resources are available when required, but are not sitting idle while different parts of the project are being completed.
If the scheduling is too aggressive, there will be bottlenecks and wasted resources from over-runs in different sub-parts of the project. Overly conservative scheduling may also be wasteful if resources are allocated for longer than they are really required.
Resource Risk.
This is the risk of loss due to resources not being available when required. One key resource risk is losing key persons before the project is completed. The replacement may have different skills, and may not have the knowledge and engagement in the project as their predecessor.
Resource risk also includes the possibility of running out of money to complete the work, especially if the cost exceeds the budgeted amounts.
d) Legal Risk
This is the risk of loss arising from lawsuits against the firm, or from losses arising from pursuing unsuccessful lawsuits.
It’s made of two components.
Risk of Lawsuit
This arises from infringement of laws or negligence leading to civil liability. This is particularly important in financial services, where supervision is complex, and compliance with regulations may be viewed as inhibiting the firm’s operations, and hence not given sufficient priority in resource allocation.
Defective Contracts
These are contracts that are not legally enforceable because of errors or omissions in the contract terms or process.
This covers losses arising from transactions that failed due to legal defects in the contracts.
.
e) Pricing Risk
This is a problem for businesses where there are delays between the price being agreed and the product or service being delivered.
Reasons for Underpricing are:
Exchange Rate Risk
There may be a change in exchange rates in the period between payment and delivery for cross-currency transactions
Model Risk and Parameter Risk
The pricing assumptions could be wrong. Model risk is the risk from making decisions based on models which do not adequately capture the critical features of the problem being analyzed. Parameter risk arises when the underlying model is adequate, but parameters used are not.
Adverse Experience
An insurer might set a premium sufficient to cover a potential loss with 95% probability but there is still a 5% chance of underpricing through adverse experience.
Adverse Selection
Adverse selection is a form of information asymmetry. A purchaser of insurance has full knowledge of their own individual risk profile, but the insurer will have less information on each individual risk. In the insurance context, the buyers of insurance may be more risky than is assumed by the insurer.
f) Process Risk
The process risk does not cover people processes. In each case there is a failure at some stage of a business process, or there is a failure to establish adequate processes.
The following are Categories of process risk:
Health and Safety
This is the risk of defective equipment or resources, flawed processes and human error.
Manufacturing and Engineering
This is the risk of defective components, construction or machinery. The risk of defective technical specification, flawed maintenance and human error in implementation, maintenance or monitoring of processes.
Model Risk
Model risk arises when the technical, quantitative models used to determine technical specifications does not adequately capture the critical features of the problem.
Parameter risk refers to the use of model inputs that are incorrect or inappropriate for the particular model use, even if the model itself is fine.
The problem arises when there is insufficient data to estimate parameters accurately.
Another common source is where parameters come from a data set or are developed for a problem which differs in some fundamental way to the current problem being modeled (this is an example of basis risk, because the basis of the model is different to the basis of the problem).
2. Strategic Risk
Strategic risk refers to losses arising from adverse effects of strategic decisions made at the senior organization level
The risk event is the decision to take some action which, subsequently, adversely impacts the organization.
In all decision-making at the enterprise level, it is inevitable that some choices will turn out well and some badly.
Even knowing a decision turned out badly, after the event, does not mean that the decision was faulty, based on the information and opportunities available at the time the decision was made
Strategic risk is not really an event driven risk
Example of making a decision
A firm might decide to expand into a new country
The strategic risk refers to the possibility that the expansion does not prove to be profitable or successful. Alternatively the reasons why the expansion could fail might fall under different categories (e.g. Political or regulatory risk).
Risk Management
A risk management process should incorporate the continuing assessment of the quality of the decisions made at the Board /executive level, as well as the quality of the analysis available to support the decisions, and the expertise and commitment to process of the individuals on the Board and in senior management roles.
Example of Risk Management:
In the early 2000s, some insurers made the strategic decision not to hedge their exposure to stock market movements arising from their portfolios of variable annuity policies. The strategy paid off for several years but in 2008, the economic crisis left those firms with a risk management crisis as the guarantees began to bite and the income stream diminished.
This strategic decision would have paid off if markets had not experienced the stock market crash, followed by prolonged periods of very low returns.
If the decision not to hedge was based on a full understanding of the risks, and a plan of action if the adverse events occurred, then the risk process could be viewed as appropriate.
If there was a failure of understanding, together with a failure to plan for the adverse event, that would be an example of poor strategic risk management.
3. Reputational Risk
Reputational risk refers to any risk that could damage the enterprise by damaging its reputation with customers or other stakeholders. Often, damage to reputation follows some other risk event.
The purpose of separately identifying reputational risk is that the management of risk needs to take into consideration the potential reputational impact of any risk event.
Examples
a) BP Deepwater Horizon
The Deepwater Horizon was a drilling rig in the Macondo prospect oilfield in the Gulf of Mexico. In April 2010, while drilling an exploratory well, there was an explosion and fire aboard the rig, during which 11 crew members were killed, and a further 16 injured.
The subsequent massive oil spill was an environmental disaster. The failure was initiated when a portion of drill pipe became trapped, and the mechanism to seal the drill pipe could not function
The following Issues Identified in Reports
Project or Engineering risk ( defective components)
The initial triggering event arose because the cement used in construction was defective.
People Process Risk ( insufficient training)
There was insufficient training of personnel on when and how to shut down engines.
Engineering Process Risk ( flawed maintenance)
Poor maintenance of electrical equipment.
Engineering process risk ( human error)
Bypassing of alarms and automatic shutdown systems by operators.
Health and Safety ( flawed process)
Lack of a safety management system.
Strategic Risk ( strategic decision to reduce costs and quality)
Lack of culture that emphasizes safety and selection of cheaper, higher risk materials and methods.
People risk and Model Risk ( Human error)
BP rejected the findings of its own modeling software that indicated more centralizers were required.
The Costs of BP in This Case
1. The share value plunged
2. Boycotts were organized and began to impact BP's retail gas stations through the US
3. Paid the billions of dollars of fines and compensation
4. BP invested in a major advertising campaign to recover their reputation in the US
b) Northern Rock
Around 2006 Northern Rock developed a strategy that involved substantial borrowing in international money markets, to expand its capacity to offer mortgages. The mortgages were then bundled into new securities and sold off in the capital markets.
The proceeds of the sales were used to service the money market loans. The strategy allowed the firm to grow its business dramatically, but the leverage strategy was risky.
In August 2007, financial crisis appeared and the short term loans which Northern Rock relied upon dried up
Northern Rock applied to the UK government for liquidity relief and a "run on the bank" incurred.
The Key Risks in Northern Rock were:
Systemic Risk
The start of the liquidity crisis for the bank was the non-renewal of short-term wholesale loans from institutional investors, probably as the lenders were facing their own issues managing liquidity and risk through the early days of the crisis.
Liquidity Risk
The run on the bank did not necessarily indicate that the bank was insolvent.Also the immediate problem was that the depositors wanted to take cash, but the assets were tied up in mortgages.
Interest Rate Risk/Spread Risk.
Contributing to the bank’s problems was a mismatch between assets and the liabilities, comprising mainly short term loans through the international money market, and the deposits of the retail banking customers.
Strategic Risk
Northern Rock adopted a strategy with associated risks.The fact that it turned out so very badly is an example of strategic risk.
Lack of strategic risk management would be indicated if the risk associated with the strategy of growth through leverage was not adequately understood or assessed.
c) Edinburgh Trams
In March 2006 the Scottish Parliament approved the building of two tram routes in Edinburgh. Construction began in June 2008, with an initial cost estimate of $498 million, with a target completion date in 2011.
The project suffered multiple challenges and setbacks, with the result that the final tram routes will be considerably smaller, and, with a final cost of around $1 billion. It has taken around six years to complete, compared with the initial estimate of three years.
The Key Risks in Edinburgh Trams were:
Scope Risk/Political Risk
Disagreement amongst the political parties as to the scope of the project resulted in changes to the scope being introduced well after the project was underway.
Defect Risk
Late delays were caused by the discovery that part of the concrete bed for the tracks did not meet specifications, and a large section of track and road had to be dug out and re-laid.
Schedule Risk/Environment Risk
The defects and political disagreements created schedule overruns, which were exacerbated by extreme weather conditions.
Resource Risk
As the initial budget proved inadequate, there were problems acquiring the necessary funding as the project progressed, creating funding shortfalls.
Legal Risk
Contractual disputes arose between the project management company and one of the construction companies, relating partly to whether the original contracts were fixed-price or not.
People Risk
The original company may have lacked the necessary competencies to manage such a major project.
Conclusion
Risks do not separate neatly into different buckets. The most obvious common problem is not a risk event or series of events, but it is the failure of the organization involved to understand and plan for the risk events in order to mitigate their impact. The real risk to an organization is the failure to manage risk.
