Banking and Finance

Measurement and Management of Risk

Inadequate protection of both Information assets and Information System assets
leaves any organization vulnerable to computer crimes and can have catastrophic
consequences, particularly when confidentiality is involved. This article discusses
various aspects of data security from the professional perspective and also some of
the measures that can reduce the risk of leakage of data.

R
isk Management covers different types of in the case of a human life, the Risk Assessment
risk in a corporate enterprise pertaining is focused on the probability of the event, event
to market, credit, liquidity, event or frequency and its circumstances. We will try to
operations. Five key forces are changing the define the term risk from the point of view of
way the senior managers in major companies engineers and financial managers.
round the world view their future—new Engineering definition of risk:
technologies, globalisation, non-bank
competition, deregulation and opening Probability of Accident Consequences in Lost Money
up of previously protected markets. Risk = ------------------------------ x ----------------------------------------
The true measure of a business’ success Events per Time Period Per Event
is the rate at which it can improve its
range of products/services and the way it Financial definition of risk:
produces and delivers them. Risk Measurement It is “the chance that an investment’s actual
and Management is also one of the important return will be different than expected. This
function of the finance manager. In the changing includes the possibility of losing some or all of
global environment his decisions are affected the original investment. It is usually measured
by risk in a perceptible way. by calculating the standard deviation of the
historical returns or average returns of a specific
Meaning of Risk investment”. Risk in finance, as defined by Ron
There are many definitions of risk depending Dembo, is a general method to assess risk as
on the specific application and situational an expected after-the-fact level of regret. Such
contexts. In general, every risk (indicator) is methods have been successful in limiting
proportional to the expected losses, which can interest rate risk in financial markets. Financial
be caused by a risky event, and to the probability markets are considered to be a proving ground
of this event. James C. Van Horne has defined risk for general methods of risk assessment. A
as “the variability in the expected earnings of a fundamental idea in finance is the relationship
company”. Therefore, the differentiation of risk between risk and return. The greater the
definitions depends on the losses context, their amount of risk that an investor is willing to take,
assessment and measurement, as well as when the greater the potential return. The reason for
the losses are clear and invariable, for example this is that investors need to be compensated
for taking an additional risk.
— Dr. V. Gangadhar* and
Dr. G. Naresh Reddy** Risk Measurement
(*The author is Professor of Commerce and Business
Management, Kakatiya University, Warangal.
In the words of William Shockley measure
**The author is Lecturer, Department of Commerce is a comparison to a standard. The process of
and Business Administration, University Arts & measurement involves estimating the ratio of
Science College Kakatiya University, Warangal. They
can be reached at [email protected] and the magnitude of a quantity to the magnitude of
[email protected]) a unit of the same type (length, time, mass, etc).

1462 The Chartered Accountant March 2007

 Banking and Finance
A measurement is the result of such a process,
expressed as the product of a real number and a
unit, where the real number is the estimated ratio.
It is true that only quantifiable and identifiable
risks are managed in terms of providing hedge
cover or insurance. It is pertinent that enterprises
identify its key risks and the volume of exposure,
before it could decide on the type of hedging and
its timings, to optimize risk-return payoff. Range,
Standard Deviation, Coefficient of Variation
and other Econometric tools are used for the
measurement of risk.
Risk Management
It is the process of identifying, analyzing
and evaluating the risk and selecting the best
possible methods for handling it. There is no
standard approach for Risk Management.
However, there are some common elements of
successful risk management efforts:
(i) Recognition of the risk is the responsibility
of a programme management.
(ii) The Risk Management process includes
planning for risk management, continu-
ously identifying and analyzing programme
events, assessing the likelihood of their oc-
currence and consequences, incorporat-
ing handling actions to control risk events
and monitoring a programme’s progress
towards meeting programme goals. In an
ideal Risk Management, a prioritisation pro-
cess is followed whereby the risks with the
greatest loss and the greatest probability of
occurring are handled first, and risks with
lower probability of occurrence and lower
loss are handled later. In practice, the pro-
cess can be very difficult, and balancing be-
tween risks with a high probability of occur-
rence but lower loss vs. a risk with high loss
but lower probability of occurrence can of-
ten be mishandled. Risk management faces
a difficulty in allocating resources properly.
This is the idea of opportunity cost. Re-
sources spent on Risk Management could
be instead spent on more profitable activi-
ties. Again, ideal Risk Management spends
the least amount of resources in the process
while reducing the negative effects of risks
as much as possible.
Objectives
The main objectives of the study are:
a. To explain the concept of Risk, Risk
Measurement and Risk Management.
b. To discuss the different types of risk
c. To analyse the techniques of risk
measurement
d. To suggest the steps involved in the Risk
Management process.
e. To present the summary of the study
Types of Risk
A number of factors influence the risk.
Depending upon the cause, the risk can be
broadly classified into the following three major
categories:
1. Strategic Risks
2. Operational Risks
3. Investment Risks
Strategic Risks: These risks are the issues,
which require companies to think on a large
scale. These risks have a major impact on the
company’s costs, prices, products and sales.
Some of the solutions, which companies bring
to bear such risks, are shown in Table A.
Operational Risks: These risks can be
categorized according to their occurrence.
Some occur at suppliers, others at the point of
production, in the distribution chain or when
the product is consumed. Operation risk stems
from a variety of sources. Broadly speaking, these
are process risk, people risk, technology risk
and disasters. Each of these categories must be
investigated to identify the risk elements, assign
a probability of occurrence, consequences if the
event did happen and thus arrive at the weightage
assigned to that risk operation hazards classified
by time are presented in Table B.
March 2007 The Chartered Accountant 1463
 Banking and Finance

TABLE - A
Strategic Risks
Strategic Risks Have an Impact Upon Solutions can be found in
the Company’s
Government and Economic Costs Strategic Planning of Markets
Factors and Products Empowerment
Customers Prices Quality Management
Competitors Products Customer Care
New Technology Sales Investment Innovation Cost
Reduction

TABLE-B
Operational Risks
Suppliers Process and Distribution Customers Competitors
Internal Risks
Interruption of Fire Counterfeiting Payment Competitor
Supplies Problems Activity
Poor Quality Pollution, Fraud, Tampering Changing Needs,
Supplies Computers Product Liability
Accidents
Labour Disputes
Terrorism, Kidnap
and Ransom

Some Important Operational Risks are: Likewise, formal process documentation,

(a) Process Risks: These stem from the design
of the process and the extent of manual or
human element in the steps of the process. A
common risk is incorrect data capture. Since
data capture is often the very first step in a
process, an error there has consequences
in all the succeeding steps and rectifying
the error in turn involves many stages
of rollback. Data capture can easily be
classified as a risk with a high probability of
occurrence and with costly consequences,
thus making it a high weightage risk.
(b) People Risk: This risk is rarely considered a
formal risk. At the back of his mind, a manager
is probably aware that there is excessive
dependence on one person, but this also
means that he is too busy to train someone
else. A formal identification of key persons
and a strategy to contain that risk is essential.
recruitment, induction, ongoing training
and motivation policies are very important
to mitigate those HR risks.
(c) Technology Risks: The financial industry is
the leading user of technology worldwide.
Even in India, banks, brokerages, exchanges
and mutual funds are aggressive users of the
latest technology. As technology becomes
a key part of the process, its maintenance
and performance becomes a key risk factor.
The risks associated with the hardware
side of technology are somewhat easier
to contain, because they involve simple
monetary costs in redundancies. Hardware
and networking skills are somewhat at a
premium, but these are generic skills and
can be had at a cost. The risk associated with
the application side is far more insidious and
difficult to manage. Application technology

1464 The Chartered Accountant March 2007

 Banking and Finance
is invariably customized to that particular
business need.
Investment Risks: Every investment involves
uncertainties that make future investment
returns risky. Some of the sources of
uncertainty that contribute to investment risks
are aggregated into (a) Interest Rate Risk (b)
Purchasing Power Risk (c) Bull-Bear Market Risk
(d) Default Risk (e) Liquidity Risk (f ) Callability
Risk (g) Convertibility Risk (h) Political Risk (i)
Industry Risk (j) Currency Risks (k) Portfolio Risk
and (l) Country Risk.
(a) Interest Rate Risk: It is defined as the
potential variability of return caused by
changes in the market interest rates. The
degree of Interest Rate Risk is related to the
length of time to maturity of the security.
If the maturity period is long, the market
value of the security may fluctuate widely.
Further, the market activity and investor
perceptions change with the change in the
interest rates and interest rates also depend
upon the nature of instruments such as
bonds, debentures, loans and maturity
period, credit worthiness of the security
issues, etc.
(b) Purchasing Power Risk: This is the
variability of return an investor suffers
because of inflation. It is closely related
to interest rate risk, since interest rates
generally rise when inflation occurs.
Purchasing Power Risk is more relevant
in case of fixed income securities; shares
are regarded as hedge against inflation.
It is the risk that the real rate of return
on security may be less than the nominal
return. There is always a chance that the
purchasing power of invested money will
decline or that the real return will decline
due to inflation. The return expected by
investor will change due to change in real
value returns. Cost-push inflation is caused
by rise in the costs due to inadequate
supplies and rising demand.
(c) Bull-Bear Market Risk: It arises from the
variability in market returns resulting from
the operators of bull and bear market
forces. When a security index rises fairly
consistently from a low point, called a peak,
for a period of time, this upward trend is
called a bull market. The bull market ends
when the market index reaches a peak and
starts a downward trend. The period during
which the market declines sharply is called
a bear market.
(d) Default Risk: It is that portion of an
investment’s total risk that results from
changes in the financial integrity of the
investment. It is a failure of the borrower
to pay the interest and principal amount
within the stipulated period of time. The
default risk has the capital risk and income
risk as its components; it means not only
failure to pay but also delay in payment.
(e) Liquidity Risk: It is that portion of an
asset’s total variability of return which
results from price discounts given or sales
commissions paid in order to sell the asset
without delay. It is a situation wherein it
may not be possible to sell the asset. Assets
are disposed of at great inconvenience
and cost in terms of money and time. Any
asset that can be bought and sold quickly
is said to be liquid. Failure to realise with
minimum discount to its value of an asset
is called liquidity risk.
(f ) Callability Risk: It is that portion of a secu-
rity’s total variability of returns that derives
from the possibility that the issue may be
called as the Callability Risk. Callability Risk
commands a risk premium that comes in the
form of a slightly higher average rate of re-
turn. This additional return should increase
as the risk that the issue will call increases.
(g) Convertibility Risk: It is that portion of the
total variability of return from a convertible
bond or a convertible preferred stock that
reflects the possibility that the investment
may be converted into the issuer’s common
March 2007 The Chartered Accountant 1465
 Banking and Finance
stock at a time or under terms harmful to
the investor’s best interests.
(h) Political Risk: It arises from the exploitation
of a politically weak group for the benefit
of a politically strong group. An effort of
various groups to improve their relative
position increases the variability of return
from the affected assets. Regardless of
whether the changes that cause political
risk are sought by political or by economic
interests, the resulting variability of returns
is called political risk if it is accomplished
through legislative, judicial or administrative
branches of the government.
(i) Industry Risk: It is that portion of
investment’s total variability of return
caused by events that affect the products
and the firms that make-up the industry. It
involves international tariffs and/or quotas
on the product produced by an industry.
(j) Currency Risk: These are associated
with international investments not
denominated in the home currency of the
portfolio manager’s beneficiaries. These
risks involved the international payment of
cash. Currency risks on a global basis may
be close to unsystematic meaning that they
are uncorrelated across economies and are
not prices.
(k) Portfolio Risk: Portfolio managers attempt
to maximize returns given an acceptable
level of risk. Industry practitioners describe
the five different Portfolio Management
Risks as: interest rate risk, liquidity risk,
credit risk, operating risk and currency risk.
(l) Country Risk: It involves the possibility of
losses due to country specific economic,
political or social events or because of
company specific characteristics, therefore all
political risks are country risks but all country
risks are not political risks. A sovereign risk
involves the possibility of losses on private
claims as well as on direct investment.
Sovereign risk is important to banks whereas
Country Risk is important for MNCs.
1466 The Chartered Accountant March 2007
Risk Measurement
Risk refers to variability. A variety of measures
have been used to capture different facets of
risk. The more important ones among them
are: Range, Standard Deviation, Coefficient of
Variation and Semi-variance. Apart from this,
we also use – Sensitivity Analysis, Breakeven
Analysis, Simulation Analysis, Decision Tree
Analysis, Value at Risk Analysis and Cash Flow at
Risk Analysis.
Sensitivity Analysis: With the help of Sensitiv-
ity Analysis it is possible to show that the prof-
itability of a project alters with different values
assigned to the variables needed for the com-
putation (unit sales prices, unit costs, and sales
volume). This analysis is frequently used if the
simple and discounted methods of evaluation do
not show a satisfactory profitability.
There is always a chance that the
purchasing power of invested
money will decline or that the
real return will decline due to in-
flation. The return expected by in-
vestor will change due to change
in real value returns. Cost-push
inflation is caused by rise in the
costs due to inadequate supplies
and rising demand.
Breakeven Analysis: The financial manager
is interested to know how much should be
produced and sold at a minimum to ensure cost
recovery and this is called breakeven analysis.
The minimum quantity at which loss is avoided
is called the breakeven point.
Simulation Analysis: The decision maker in
an organisation may like to know the likelihood
of risks. The information can be generated by
Simulation Analysis, which may be used for
developing the probability profile of a criterion of
merit by randomly combining values of variables,
which have a bearing on the chosen criterion.
Decision Tree Analysis: It is a useful tool
where sequential decision making in the face
 Banking and Finance
of risk is involved. This analysis involves four
important steps— (i) identifying the problem
and alternatives (ii) delineating the decision
tree (iii) specifying probabilities and monetary
outcomes and (iv) evaluation of various decision
alternatives.
Value at Risk Analysis (VAR): It is one of the
proven and the most used measures of risks by
financial institutions. VAR measures the likely
change in marked to market value of a portfolio, at
specified time periods with certain confidence.
Cash Flow at Risk Analysis (C-far): It has
been specifically developed for non-financial
organisations with cash flow as variable.
The following two features of non-financial
organisation had resulted in the development
of the C-far model. Firstly, certain assets of non-
financial organisations could be accurately
valued at market prices. Secondly, the risk free
and continuous future cash flows represent the
value of any a non-financial organisation. Hence,
cash flows are taken as proxy for measuring risks.
Cash Flow at risk measures the deviation of cash
flows from the expected volume. In other words,
it gives an idea as to how much of cash flow the
portfolio might lose in a given time with given
probability.
Risk Management
Risk Management is the process of identify-
ing assets at risk, assigning appropriate values,
identifying threats to those assets, measuring
or assessing risk and then developing strategies
to manage the risk. In the risk management the
following steps are to be taken to minimize the
risk.
Step 1: Identification of Assets at Risk: The
first step in the Risk Management process is to
identify the assets in support of critical business
operations. The assets could fall under different
groups, which are physically tangible and
conceptual assets.
Step 2: Valuation of Assets: The assets so
identified and grouped in the previous step
are to be valued and categorised into different
classes, such as critical and essential.
Step 3: Identifying the Threats: Threats can
be defined as anything that contributes to
the interruption or destruction of any service/
product. Various threats can be grouped into
environmental, internal and external threats.
Step 4: Risk Assessment: The process of Risk
Assessment includes not only assessment as
to the provability of occurrence but also the
assessment as to the potential severity of loss,
if risk materialises. This will assist in determining
the appropriate risk mitigation strategy, the
residual risk and investment required to mitigate
the risk.
Step 5: Developing Strategies for Risk
Management: Once risks have been identified
and assessed, the strategies to manage the risk
fall into one or more of these four categories:
(i) Risk Avoidance: Not doing an activity
that involves risk and losing out on the
potential gain that accepting the risk
might have provided.
(ii) Risk Mitigation: Implementing controls
to protect infrastructure and to reduce
the severity of the loss.
(iii) Risk Reduction/Acceptance: Formally
acknowledge that the risk exists and
monitoring it. In some cases it may not
be possible to take immediate action to
avoid/mitigate the risk. All risks that are
not avoided or transferred are retained
by default.
(iv) Risk Transfer: Causing another party
to accept the risk i.e. sharing risk with
partners or insurance coverage.
Conclusion
Risk Measurement and Management is
one of the important functions of the finance
manager. The changing global environment
constantly affects his decisions. But effective Risk
Measurement and Management is a must for all
business organisations to survive profitably in
the long run. r
March 2007 The Chartered Accountant 1467