Risk management, in the world of business, refers to the forecasting and evaluation of financial and business risks, as well as the identification of procedures and measures to avoid or minimize their potential impact. It is the process of bearing the risks we want to bear, and reducing to a minimum our exposure to the risks we do not want.
We can manage risk in a number of ways:
– Not doing whatever it is that carries the undesirable risk.
– Diversification: not putting all our eggs in one basket.
– Hedging: in finance this means strategically using financial instruments in the market to offset the risk of any undesirable price movements. Put simply, the investor hedges one investment by making another.
– Purchasing insurance: transferring the risk to an insurance company.
According to ft.com/lexicon, the Financial Times’ glossary of terms: “Risk management is the process of identifying, quantifying, and managing the risks that an organisation faces. As the outcomes of business activities are uncertain, they are said to have some element of risk. These risks include strategic failures, operational failures, financial failures, market disruptions, environmental disasters, and regulatory violations.”
Throughout our whole lives, we are surrounding by risk constantly. As a society, we have to take risks to develop and grow. From supply chains to airport security, energy to infrastructure, and housing to hospitals, properly-managed risks help societies develop.
In today’s rapidly-paced world, the risks we face and have to manage evolve quickly. Managing those risks so that their threats are minimized while their potentials are maximized is crucial.
According to the Institute of Risk Management:
“Risk management involves understanding, analyzing and addressing risk to make sure organizations achieve their objectives. So it must be proportionate to the complexity and type of organization involved. Enterprise risk management (ERM) is an integrated and joined up approach to managing risk across an organization and its extended networks.”
“Because risk is inherent in everything we do, the type of roles undertaken by risk professionals are incredibly diverse. They include roles in insurance, business continuity, health and safety, corporate governance, engineering, planning and financial services.”
This NASA model shows areas of high risk from impact for the ISS (International Space Station). It is an example of risk management. (Image: Adapted from Wikipedia)
Risk management – types of threats
There are many different types of risks, which can occur in different forms, including:
– uncertainty in financial markets,
– financial meltdowns,
– legal liabilities,
– consequences of project failures; at any project phase, such as production, development, design, or sustainment life-cycles,
– natural causes and events,
– credit risk,
– theft, fraud and other illegal activities,
– deliberate attacks by a rival or adversary,
– events whose root-causes are unpredictable or uncertain
– accidents, and
– terrorist attacks.
Risk management standards
In the world of finance and business, as well as other aspects of our lives, there are two types of events:
– Negative Events: we class these as risks.
– Positive Events: these are classed as opportunities.
Risk management standards vary according to who set them – the National Institute of Standards and Technology, based in Maryland, USA; the Project Management Institute, based in Pennsylvania, USA; the Institute of Risk Management, based in London, UK; actuarial societies, and ISO standards.
Risk management definitions vary significantly according to whether the method used is in the context of security, engineering, project management, financial portfolios, actuarial assessments, public health and safety, or industrial processes.
The ISO 31000 is a family of risk management standards codified by the ISO (International Organization for Standardization). Its latest edition – ISO 31000:2009 – provides risk management principles and generic guidelines.
Risk management – as a profession
In today’s rapidly-changing business environment, organizations and commercial enterprises need competent, effective and responsive risk management professionals and strategies to remain competitive.
More than ever, organizations need the processes and tools to manage operations on a day-to-day basis, business disruptions, and the expectations of clients/customers, shareholders, and other stakeholders.
On its webpage – The Risk Profession – the Institute of Risk Management writes:
“Today’s risks include customer action in public forums, increased reliance on third parties and extended networks, cyber failure and breach, terrorism, the rise of social media, a stronger regulatory environment and the threats posed by natural phenomena from floods to earthquakes.”
A growing number of employers will only consider job applicants who have some kind of risk management certification under their belt.
Risk management careers
Risk management is a profession that covers a wide range of disciplines. If you are interested in a risk management career, there are many paths you can pursue, from risk officer, risk manager, advisor, specialist or consultant.
Risk management within the financial services industry generally involves assessing and quantifying risks, and then taking the necessary measures to reduce or control them.
It is often a part of the compliance function. However, in large companies it may be part of specific business units, such as the loan originations department or securities trading desks.
If you are interested in becoming a risk manager, you will need at least a bachelor’s degree, and in many cases an MBA. You must have strong quantitative skills (math & statistics), so a background in management science and in the use or development of predictive models can be extremely helpful.
Many universities across the world today have risk management courses at undergraduate and graduate levels – some of them offer degrees dedicated entirely to risk management.
Sword Active Risk carried out a survey which revealed what most people thought a typical risk manager was like. Approximately sixty-percent of respondents identified the traits listed in the image above.
“A primary concern for risk managers in securities firms tends to be potential mark to market losses on inventories of securities held by trading desks. As a result, prior experience as a trader or trading desk assistant can be invaluable for a risk manager in a securities firm.”
“For this very reason, when Merrill Lynch led the industry by establishing the first such position on Wall Street in the wake of the 1987 market crash, the firm tapped a senior trader for this role.”
There are a number of formal risk management certifications. A growing number of companies will not consider applicants unless they are certified.
Some employers may accept a non-certified candidate if he or she has experience in compliance, insurance, accounting, law, or other operational areas of financial services.
A risk manager who oversees securities trading is expected to have intimate knowledge of trading procedures and practices, something you can only possess if you have worked as a trader or a trading desk assistant.
Risk management – duties & responsibilities
Risk managers identify and measure the risks that their employers face. The manager may either be a generalist who covers a number of different areas, or a specialist who focuses on just one.
Below is a list of some major risk categories in the financial services industry:
– Counter-party risk – when another financial services company fails in its obligation to your company.
– Defaults on money the company has lent.
– Losses on traders’ securities inventories.
– Investment securities losses held on the firm’s own account.
According to Marquette University’s Risk Unit in Milwaukee, Wisconsin, USA, the role of the risk manager is to:
– Provide a way to identify and analyze the financial impact of loss to the employer, its employees, the environment and the public.
– Gather and analyze data regarding the use of cost-effective and realistic opportunities to balance retention programs with commercial insurers.
– Prepare insurance and risk management budgets and allocate premiums and claim costs to different departments.
– Provide for the setting up and maintenance of records including insurance claims, policies, and loss experience.
– Help colleagues in the review of major contracts, proposed facilities, or new program activities for insurance and loss implications.
– Maintain control over the claims process to make sure that claims are being dealt with consistently, fairly, and with the best interest of the insured entity.
The word ‘risk’ in other languages: risque (French), riesgo (Spanish), risco (Portuguese), rischio (Italian), Risiko (German), risico (Dutch), risk (Swedish), risiko (Danish), Fare (Norwegian), Риск (Russian), ryzyko (Polish),خطر (Arabic), リスク (Japanese), 风险 (Chinese), 위험 (Korea), जोखिम (Hindi), ঝুঁকি (Bengali), رسک (Urdu), risiko (Indonesian & Malay), panganib (Filipino), and hatari (Swahili).
Video – Making risk management more effective
In this video, HSBC Singapore’s Chief Risk Officer, Ingrid Child, talks about risk management and how to make it more effective.