Chapter 1

INTRODUCTION TO RISK

The result of increasingly global markets is that risk may originate with events thousands of miles away
that have nothing to do with the domestic market. Information is available instantaneously
thus change, and subsequent market reactions occur very quickly.

Learning outcomes

After studying this chapter, you shall be able to:

1. Express understanding risk and risk management.
2. Explain the modern portfolio theory and narrate the types of asset classes, broad and specific
types of risks and financial risks.
3. Apply the processes of risk modifications.
4. Explain the importance of risk identification in business.
5. Assess and explain the varied approaches to risk management.

1.1 RISK
Safety in all things we do, personal or business wise begins with an understanding of risk and risk
management. Choices made in life contain risks, which can be minimized, but are not unavoidable. Even
innocent actions have risks because of unforeseen events. 1
Therefore, keep in mind the following three principles:
i. Risk arises in some form in virtually all of life’s activities.
ii. It is important not to ignore risk or be frightened by it.
iii. Systematic methods to assess and handle risk can be developed.
Risk and risk management is an inescapable part of economic activity. People generally manage their
affairs to be as happy and secure as their environment and resources will allow. But regardless of how
carefully these affairs are managed, there is risk because the outcome, whether good or bad, is seldom
predictable with complete certainty. There is risk inherent in nearly everything we do. 2
This chapter will focus on economic and financial risk, particularly as it relates to investment
management.
All businesses and investors manage risk, whether consciously or not, in the choices they make. At its
core, business and investing are about allocating resources and capital to chosen risks. In their decision
process, within an environment of uncertainty, these organizations may take steps to avoid some risks,
pursue the risks that provide the highest rewards, and measure and mitigate their exposure to these risks
as necessary.

1
scitation.org (2021). “An Introduction to Risk and Risk Management”, accessed at https://aip.scitation.org. on June 4, 2023.
2
cfainstitute.org (2023). “Introduction to Risk Management”. Accessed at https://www.cfainstitute.org, June 4, 2023 .

1
What is risk? In simple terms, risk is the possibility of something bad happening. 3 Risk involves
uncertainty about the effects or implications of an activity with respect to something that humans value
(such as health, well-being, wealth, property or the environment), often focusing on negative, undesirable
consequences.4
Various definitions of risk have been offered by different groups. The international standard definition of
risk for common understanding in different applications is "effect of uncertainty on objectives".5
Objectives can have different aspects (such as financial, health and safety, and environmental goals) and
can apply at different levels (such as strategic, organization-wide, project, product and process). Risk is
often expressed in terms of a combination of the consequences of an event (including changes in
circumstances) and the associated likelihood of occurrence. Uncertainty is the state, even partial, of
deficiency of information related to, understanding or knowledge of, an event, its consequence, or
likelihood.6
The understanding of risk, the methods of assessment and management, the descriptions of risk and even
the definitions of risk differ in different practice areas (business, economics, environment, finance,
information technology, health, insurance, safety, security, etc.). Risk is often characterized by reference
to potential events and consequences or a combination of these. It implies future uncertainty about
deviation from expected earnings or expected outcome.
In finance, risk refers to the degree of uncertainty and/or potential financial loss inherent in an investment
decision. Thus, risk is defined in financial terms as the chance that an outcome or investment's actual
gains will differ from an expected outcome or return. Risk includes the possibility of losing some or all of
an original investment.7 These statements are the concepts of financial risk.
The International Organization for Standardization (ISO) Guide 73 provides basic vocabulary to develop
common understanding on risk management concepts and terms across different applications. ISO Guide
73:2009 defines risk as: effect of uncertainty on objectives. This definition was developed by an
international committee representing over 30 countries and is based on the input of several thousand
subject matter experts. It was first adopted in 2002. Its complexity reflects the difficulty of satisfying
fields that use the term risk in different ways. Some restrict the term to negative impacts ("downside
risks"), while others include positive impacts ("upside risks"). ISO 31000:2018 "Risk management -
Guidelines" uses the same definition with a simpler set of notes. 8
Risk is not just a matter of fate. It is something that organizations can actively manage with their
decisions, within a risk management framework. Risk is an integral part of the business or investment
process. Even in the earliest models of modern portfolio theory, such as mean–variance portfolio
optimization and the capital asset pricing model, investment return is linked directly to risk but requires
that risk be managed optimally.
The economic climate and markets can be affected very quickly by changes in exchange rates, interest
rates, and commodity prices. Counterparties can rapidly become problematic. As a result, it is important

3
"Risk". Cambridge Dictionary.
4
Glossary" (PDF). Society for Risk Analysis. Retrieved 13 April 2020.
5
"Guide 73:2009 Risk Management - Vocabulary". ISO
6
"Guide 73:2009 Risk Management - Vocabulary". ISO.
7
What is Risk? https://investor.org
8
"ISO 31000:2018 Risk Management - Guidelines". ISO.

2
to ensure financial risks are identified and managed appropriately. Preparation is a key component of risk
management.
Proper identification and measurement of risk, and keeping risks aligned with the goals of the enterprise
are key factors in managing businesses and investments. Good risk management results in a higher
chance of a preferred outcome, more value for the company or portfolio or more utility for the individual. 9
Every saving and investment product has different risks and returns. The differences include:
a. how readily investors can get their money when they need it,
b. how fast their money will grow, and
c. how safe their money will be.
In general, as investment risks rise, investors seek higher returns to compensate themselves for taking
such risks. Risk measures the uncertainty that an investor is willing to take to realize a gain from an
investment.10 Quantifiably, risk is usually assessed by considering historical behaviors and outcomes.
Portfolio managers need to be familiar with risk management not only to improve the portfolio’s risk–
return outcome, but also because of two other ways in which they use risk management at an enterprise
level.11 First, they help to manage their own companies that have their own enterprise risk issues. Second,
many portfolio assets are claims on companies that have risks. Portfolio managers need to evaluate the
companies’ risks and how those companies are addressing them.

1.2 TYPES OF RISKS

In this section, we are going to talk about a number of risks investors face. Risks are of different types
and originate from different situations. Various risks originate due to the uncertainty arising out of
various factors that influence an investment or a situation.

1.2.1 Broad types of risk

Every saving and investment action involves different risks and returns. In general, financial theory
classifies investment risks affecting asset values into two categories: systematic risk and unsystematic
risk. Broadly speaking, investors are exposed to both systematic and unsystematic risks.
1) Systematic risks, also known as market risks, are risks that can affect an entire economic market
overall or a large percentage of the total market. Market risk is the risk of losing investments due
to factors, such as political risk and macroeconomic risk that affect the performance of the overall
market. Market risk cannot be easily mitigated through portfolio diversification.
Other common types of systematic risk can include interest rate risk, inflation risk, currency risk,
liquidity risk, country risk, and sociopolitical risk.12
2) Unsystematic risk, also known as specific risk or idiosyncratic risk is a category of risk that only
affects an industry or a particular company. Unsystematic risk is the risk of losing an investment
due to company or industry-specific hazard. Examples include a change in management, a
product recall, a regulatory change that could drive down company sales, and a new competitor in

9
cfainstitute.org (2023). “Introduction to Risk Management”. Accessed at https://www.cfainstitute.org, June 4, 2023 .
10
What is Risk? Definition of Risk, Risk Meaning, Indiatimes.com, https://economictimes.indiatimes.com.
11
Ibid.
12
Financial Industry Regulatory Authority. "Investment Risk, Explained, https://www.finra.com

3
 the marketplace with the potential to take away market share from a company. 13 Investors often
use diversification to manage unsystematic risk by investing in a variety of assets.

1.2.2 Specific Types of Risk

In addition to the broad systematic and unsystematic risks, there are several specific type of risks. These
are:
1) Business risk refers to the basic viability of a business—the question of whether a company will
be able to make sufficient sales and generate sufficient revenues to cover its operational expenses
and turn a profit. While financial risk is concerned with the costs of financing, business risk is
concerned with all the other expenses a business must cover to remain operational and
functioning.14 These expenses include salaries, production costs, facility rent, office, and
administrative expenses. The level of a company's business risk is influenced by factors such as
the cost of goods, profit margins, competition, and the overall level of demand for the products or
services that it sells.
2) Operational risk is a type of business risk that arises from the day-to-day operation of a business
and can include risks associated with system failures, human errors, fraud, or other internal
processes that might negatively impact a business's financial performance. Operational risks can
be managed through effective internal controls, processes, and systems.
Businesses and investments can also be exposed to legal risks stemming from changes in laws,
regulations, or legal disputes. Legal and regulatory risks can be managed through compliance
programs, monitoring changes in regulations, and seeking legal advice as needed.
3) Credit or Default Risk: Credit risk is the risk that a borrower will be unable to pay the
contractual interest or principal on its debt obligations. 15 This type of risk is particularly
concerning to investors who hold bonds in their portfolios. Government bonds, especially those
issued by the federal government, have the least amount of default risk and, as such, the lowest
returns. Corporate bonds, on the other hand, tend to have the highest amount of default risk, but
also higher interest rates.
Bonds with a lower chance of default are considered investment grade, while bonds with higher
chances are considered high yield or junk bonds. Investors can use bond rating agencies—such as
Standards and Poor’s, Fitch and Moody's—to determine which bonds are investment-grade and
which are junk.16
4) Country Risk: Country risk refers to the risk that a country won't be able to honor its financial
commitments.17 When a country defaults on its obligations, it can harm the performance of all
other financial instruments in that country—as well as other countries it has relations with.
Country risk applies to stocks, bonds, mutual funds, options, and futures that are issued within a

13
Ibid (same in 3)
14
Ibit (same in 3)
15
Financial Industry Regulatory Authority. "Investment Risk, Explained, https://www.finra.com
16
Federal Reserve Bank of San Francisco. "In Times of Financial Stress, What Typically Happens to the Difference Between Interest
Rates on Corporate Bonds and U.S. Treasury Bonds?”, https://www.frbsf.org.
17
Ibid

4
 particular country. This type of risk is most often seen in emerging markets or countries that have
a severe deficit.
5) Foreign-Exchange Risk: When investing in foreign countries, it’s important to consider the fact
that currency exchange rates can change the price of the asset as well. Foreign exchange risk (or
exchange rate risk) applies to all financial instruments that are in a currency other than your
domestic currency.18 As an example, if you live in the U.S. and invest in a Canadian stock in
Canadian dollars, even if the share value appreciates, you may lose money if the Canadian dollar
depreciates in relation to the U.S. dollar.
6) Interest Rate Risk: Interest rate risk is the risk that an investment's value will change due to a
change in the absolute level of interest rates, the spread between two rates, in the shape of the
yield curve, or in any other interest rate relationship. This type of risk affects the value of bonds
more directly than stocks and is a significant risk to all bondholders. 19 As interest rates rise, bond
prices in the secondary market fall—and vice versa.
Reinvestment risk is related to interest rate risk. It is the possibility that an investor may not be
able to reinvest the cash flows received from an investment (such as interest or dividends) at the
same rate of return as the original investment. Reinvestment risk is particularly relevant for fixed
income investments like bonds, where interest rates may change over time. Investors can manage
reinvestment risk by laddering their investments, diversifying their portfolio, or considering
investments with different maturity dates.
7) Political Risk: Political risk is the risk an investment’s returns could suffer because of political
instability or changes in a country. This type of risk can stem from a change in government,
legislative bodies, other foreign policy makers, or military control. 20 Also known as geopolitical
risk, the risk becomes more of a factor as an investment’s time horizon gets longer.
8) Counterparty Risk: Counterparty risk is the likelihood or probability that one of those involved
in a transaction might default on its contractual obligation. Counterparty risk can exist in credit,
investment, and trading transactions, especially for those occurring in over-the-counter (OTC)
markets. Financial investment products such as stocks, options, bonds, and derivatives carry
counterparty risk.21
9) Liquidity Risk: Liquidity risk is associated with an investor’s ability to transact their investment
for cash.22 Typically, investors will require some premium for illiquid assets which compensates
them for holding securities over time that cannot be easily liquidated.
10) Model Risk: This type of risk arises from the use of financial models to make investment
decisions, evaluate risks, or price financial instruments. Model risk can occur if the model is
based on incorrect assumptions, data, or methodologies, leading to inaccurate predictions and
potentially adverse financial consequences. Model risk can be managed by validating and
periodically reviewing financial models, as well as using multiple models to cross-check
predictions and outcomes.
18
Financial Industry Regulatory Authority. "Investment Risk, Explained, https://www.finra.com
19
Ibid
20
Ibit (same as ref 10)
21
Office of the Comptroller of the Currency. "Counterparty Risk”. https://www.occ.gov
22
Financial Industry Regulatory Authority. "Investment Risk, Explained, https://www.finra.com

5
1.3 RISK MANAGEMENT FRAMEWORK23
Every business must contend with risks, some chosen deliberately and others an inherent part of the
environment in which the business operates. Founding a business, launching products onto the market,
employing people, collecting data, building systems—these are all essential to growing a successful
business. They are also all sources of risk. But a business doesn’t thrive for long if it fails to balance risk-
taking with risk mitigation. That’s the role of risk management.

1.3.1 Risk Management

Risk management is the process of mitigating risks to limit their impact on the health of a business.
Business risk is any action or inaction that increases a business’s exposure to factors that might reduce its
revenue, cause it to fail, or damage its reputation. The goal of risk management is to ensure that the
business and its employees act to reduce exposure to those factors. 24
Every decision-maker in a business performs some type of risk management. In fact, you might define
decision-making as the process of weighing up risks and benefits to discover the most beneficial and least
risky course of action. However, ad-hoc risk management is unlikely to contribute consistently to the
business’s objectives. While many individuals manage risk in a limited domain, a coherent framework
helps them to do so systematically in a way that accord with the business’s risk management policies and
the regulatory environment in which it operates.

1.3.2 Risk management framework (RMF)25

Risk management is not about eliminating risks, but about making informed decisions about how to
anticipate uncertain events (i.e. what risks to avoid, how to reduce risk exposure, how to limit potential
negative consequences, how to knowingly accept some risks, etc.). The risk management framework
(RMF) provides a shared understanding of what risk management is about and introduces common
language and minimum standards and processes.
A risk management framework (RMF) is a strategy for responding to, mitigating and preventing risks in
business or investments. For example, if a company produces cleaning chemicals, they may analyse the
core risks associated with producing potentially toxic chemicals, including hazards to employees,
consumers and the environment. An investor may analyse the risks of a particular investment, including
the state of the company or its market and any historical trends.
In fact, many regulatory frameworks and auditing standards require businesses to implement systematic
risk assessment and management processes. For risk management to be effective, it must be systematic,
structured, collaborative, and cross-organizational. There are several ways to categorize an effective risk
management process’s constituent elements, but at the very least it should incorporate components, which
are the foundations of risk management framework.
The components or elements of risk management framework are:
1) Risk Identification: Risk identification is the process of documenting potential risks and then
categorizing the actual risks the business faces. The totality of potential and actual risks is
23
KirkpatrickPrice (2021). “The 5 Components of Risk Management”. Accessed at https://kirkpatrickprice.com, on June 6, 2023.
24
Ibid.
25
Aon (------). “Creating a More Sophisticated Risk Management Culture”. Accessed at https://insights-north-
america.aon.com., on June 20, 2023.

6
 sometimes referred to as the risk universe. It’s important to systematically identify all possible
risks because it reduces the likelihood that potential sources of risk are missed. When identifying
risk, it’s also important to not just think about the risks that the business currently faces, but those
that might emerge in the future, as well. As technology evolves and businesses reconfigure, the
risk universe changes too.
2) Risk Analysis: Once risks have been identified, the next step is to analyze their likelihood and
potential impact. How exposed is the business to a particular risk? What is the potential cost of a
risk becoming a reality? An organization might divide risks into “serious, moderate, or minor” or
“high, medium, or low” depending on their potential for disruption.
The exact categorization method is less important than the recognition that some risks present a
more pressing threat than others. Risk analysis helps businesses to prioritize mitigation. For
example, a risk might have a potentially serious impact, but a very low likelihood. The business
might choose to deprioritize mitigation compared to a risk with a high cost and a high probability
of occurring.
3) Response Planning: Response planning answers the question: What are we going to do about it?
For example, if during identification and analysis, you realized that the business is at risk of
phishing attacks because its employees are unaware of email security best practices, your
response plan might include security awareness training.
4) Risk Mitigation: Risk mitigation is the implementation of your response plan. It is the action
your business and its employees take to reduce exposure. Following our previous example, the
implementation might involve security awareness training, the creation of on boarding material to
educate employees, and so on. The organization must design controls that reduce the risk down to
appropriate levels. These controls must be tested to ensure they are suitably designed and
operating effectively.
5) Risk Monitoring: Risks are not static; they change over time. The potential impact and
probability of occurrence change, and what was once considered a minor risk can grow into one
that presents a significant threat to the business and its revenue. Risk monitoring is the process of
“keeping an eye” on the situation through regular risk assessments.
6) Risk governance: Risk governance is the process of ensuring all of a company's assets, including
employees, perform appropriately to help minimise risks. This can include assigning specific
duties or authority to employees, requiring multiple levels of approval for certain tasks and
regularly providing workshops to educate employees on risk management and internal policies.
Risk governance also helps ensure that there's a hierarchy for handling and reporting risks. For
example, company executives may hire a risk management professional to handle the risks of a
business, providing them with executive control of the process and budget.
It’s important to understand that risk management is not a one-off event. It is a process that recurs through
the life of an organization as it endeavors to anticipate threats and proactively handle them before they
have an adverse impact.

1.3.3 Importance of risk management framework (RMF) to businesses

Risk management can be crucial for a business because it helps the company avoid potential expenses. By

7
identifying, analysing and mitigating key risks, companies can make more informed decisions and
minimise negative financial impacts while increasing their gains. For example, if a company wants to
enter a new market, understanding all the risks associated with that decision can help the company's
leaders determine if it's the appropriate time to do so. An RMF provides a written plan for risk
management, which can help standardise processes across a company.
A business taking on too much risk without a reliable risk management strategy can affect its reputation
and credit rating. This may then lead to fewer investors, increased layoffs and the sale of assets. It's also
important to consider the effects of decisions on a community or environment, to ensure compliance with
relevant regulations.

1.3.4 Common risk management strategies

There are common risk management strategies that companies can adopt to minimise and control inherent
or external risks more efficiently. Here are some examples of risk management strategies:
1) Avoidance - The simplest way for organisations to manage risks is to avoid them. Although some
risks can be unavoidable, some risks only occur if an organisation chooses to do certain actions.
Avoiding risks can prevent the consequences of these specific risks, but may not eliminate the
chances of similar risks occurring. For example, a company may choose to not produce a certain
item because of its environmental implications, but can encounter similar risks with other items.
2) Reduction - Also called risk mitigation, risk reduction involves reducing the impact of risks,
particularly when those risks are unavoidable. Organisations and individuals can reduce their
risks by first prioritising the known risks they face and preparing responses. Companies can
determine whether inaction can lead to more losses than if they proactively assigned specific
resources to manage any resulting consequences. Risk reduction typically requires a thorough
understanding of the nature and severity of risks and implementing a plan to reduce any negative
effects when they occur.
3) Retention - Also called risk acceptance, risk retention occurs when organisations determine they
can accept a certain level of risk. Often, businesses may invest in certain projects if the expected
profits are far greater than the assumed level of risk. For example, a company might incur certain
risks to operate in a more profitable product line or market.
Risk-retention is often part of the company's core financial plan and it's crucial for stakeholders
and leaders to understand these risks and their effects. Retaining risks can often help a company
grow faster, as riskier projects often have higher returns. There's also no guarantee that a risk may
actually occur.
4) Sharing - When companies share risks, they distribute that risk among multiple entities
connected to a project or interest. In a business, each involved participant, such as shareholders,
internal departments and suppliers, partially takes on risks related to the business. This usually
means that all of the different parties share in the losses or gains.
For example, if a company is performing well, it may provide bonuses to employees and order
more supplies from vendors, whereas if a company is underperforming, it may reduce its
workforce and source cheaper vendors. In a partnership, the owners share the specific financial
risks for a company, which can help reduce their impacts on each individual owner.

8
 5) Transfer - Risk transfer is the process of transferring incurred risks to another entity to pay for or
mitigate those risks. For example, insurance companies act as a conduit for risk transfer, in which
a business pays a premium, so insurance companies pay for any damages and liabilities in
specific scenarios. The insurance company earns a monthly or annual premium for taking on a
company's risk. This is a common strategy for risks that a company can't avoid and have large
financial consequences. These risks often result in expenses that may be larger than years' worth
of premium payments.

Example of an RMF: Helder Metals, Ltd. produces heavy metals for construction materials and other
products. The company creates an RMF to identify and mitigate the core risks of producing and selling
these materials. They identify an inherent risk in producing heavy metals for manufacturing employees,
so the company purchases employee injury insurance and implements rigorous safety policies to protect
from potential lawsuits. The company adopts a risk governance hierarchy, assigning the production
manager to lead a risk management team on the production floor that inspects equipment for defects and
ensures employees are following proper procedures. 26

1.4 LEVEL OF SOPHISTICATION27

The level of sophistication is an important factor in the determination of the risk of a threat actor. Highly
sophisticated threat actors are more likely to be successful if an attack is launched. Less sophisticated
attackers have a lower probability of an attack being successful should it be launched. 28

Vadali (2023) in his article on Internal Audit, Risk Controls and Compliance cited that the following
levels of risk management sophistication:29
Level 1: Compliance-driven culture - the organization's primary focus is on meeting legal regulatory
requirements for risk management.
Level 2: Risk-averse culture - the organization is risk-averse and takes a cautious approach to risk
management, focusing on avoiding risks rather than taking them.
Level 3: Risk-neutral culture - the organization takes a neutral approach to risk, focusing on
identifying and managing risks in a systematic way without taking unnecessary risks.
Level 4: Risk-seeking culture - the organization is willing to take risks in pursuit of opportunities and
growth.
Level 5: Risk-intelligent culture - the organization embeds risk management into its decision- making
processes, encouraging an open and transparent dialogue about risk throughout the
organization. It also encourages an adaptive approach to managing risk, learning from past
experiences, and continuously improving risk management processes.

26
KirkpatrickPrice (2021). “The 5 Components of Risk Management”. Accessed at https://kirkpatrickprice.com, on June 6, 2023.
27
Aon (------). “Creating a More Sophisticated Risk Management Culture”. Accessed at https://insights-north-america.aon.com on June 20,
2023.
28

29
Ramesh Chandran Vadali (2023). Levels Of Risk Sophistication. LinkedIn. https://mg.linkedin.com.

9
Organizations that follow a formal process of risk management are generally more resilient than those
that do not, and they are better able to navigate crises because the process is embedded within their
corporate culture to make sure that they're proactively trying to identify emerging risks regularly.
Companies with a more mature and governed risk program are likely to fare better in volatile times and
more quickly gain consensus on steps their organization should take to address and mitigate problems as
well as to unite stakeholders from across the risk, finance, legal and operations suite on strategies for the
future.
While developing a sophisticated risk management culture won't happen overnight, these three steps can
get you started down the path of a more strategic approach.

1) Assess Your Current Risk Maturity

Getting better starts with knowing where your risk management practices stand now, compared with your
peers, as well as across different parts of your organization.
Organizations need tools to assess their risk maturity. That is why, in 2011, Aon developed the Aon Risk
Maturity Index along with thought leaders at the Wharton School of the University of Pennsylvania. The
index helps senior finance, risk and legal professionals understand their current position and how they can
grow in their risk management practices.
The Risk Maturity Index is a framework to divide risk management knowledge into five essential levels:
i. In the initial level of risk maturity, the organization and executives identify and address risks
within silos only. The components and activities of the risk management process are limited in
scope and implemented in an ad-hoc manner.
ii. A basic level of risk maturity means risk management activities occur at the functional level
rather than at the enterprise level. Organizations and people emphasize compliance and risk data
is considered informally or implicitly in decision making.
iii. With a defined level of risk maturity, organizations and managers understand and address their
primary risks. They have the capabilities to measure, manage and monitor risks, but apply those
metrics inconsistently across the organization.
iv. An operational level of risk maturity among organizations and professionals means they have a
clear understanding of the organization's main risks and a consistent execution of activities to
address these risks.
v. With an advanced level of risk maturity, organizations and executives have a core strength to
identify, measure, manage and monitor risks. Risk management processes are dynamic, adapt to
changing business cycles and provide a competitive advantage.
Figuring out where you and your organization fit into the risk maturity spectrum can help your senior
executives navigate uncertain environments and improve financial performance. Risk management and
strategy are deeply intertwined. Organizations that excel at strategic risk management involve the board
in conversations about long-term risks at least quarterly. A board-level understanding of, and commitment
to, risk management is critical for decision-making and driving value.

10
 2) Prioritize Board Involvement
Board involvement requires strong leadership across the organization. A senior-level executive should
facilitate the risk management processes and development with the board. That leader should
transparently communicate the risks faced by the organization routinely to the board and involve all key
stakeholders in developing risk management policies and strategies.
The volatile world demands more board involvement in risk management. Increasingly, boards of
directors are obligated, in the case of regulated entities, or challenged to know the significant risks their
organizations face and how these risks are managed.
Risk maturity at the board level affects financial performance. For example, insurers providing directors
and officers (D&O) insurance, a type of management liability insurance covering directors and officers
for claims made against them while serving on a board, consider the board's approach to risk management
as part of their underwriting process. Aon has found a correlation between higher risk maturity and lower
D&O insurance premium rates over time.

3) Embed Risk Strategy throughout the Organization

A sophisticated risk management culture flows from big-picture strategy down into every aspect of the
organization. Executives and managers have processes and tools in place to identify risks early. People
are empowered to work together to address emerging threats. The culture naturally promotes an advanced
level of risk maturity.
A risk management culture requires data and analytics to thrive. These tools help employees identify risks
early and incorporate operational and financial risk information into decision making and governance
processes.
Better data and analytics often lead to an increased understanding of risk appetite and the total cost of
risk. The goal should be to use sophisticated quantification methods to identify risk and demonstrate
added financial value through risk management. It takes expanding the perspective from risk avoidance
and mitigation to risk financing as a core part of how an organization drives financial performance.
A best-in-class risk management culture encourages full engagement and accountability at all levels of
the organization. As uncertainty and volatility increase, risk managers are tasked with fostering this
culture to preserve and grow their businesses.

1.5 FINANCIAL RISKS30

Financial Risk is one of the major concerns of every business across fields and geographies. Before
understanding the techniques to control risk and perform risk management, it is very important to realize
what risk is and what the types of risks are.
Financial risk refers to the likelihood of losing money on a business or investment decision. Risks
associated with finances can result in capital losses for individuals and businesses. There are several
financial risks, such as credit, liquidity, and operational risks. In other words, financial risk is a danger
that can translate into the loss of capital. It relates to the odds of money loss.
In case of a financial risk, there is a possibility that a company’s cash flow might prove insufficient to
30
Simplilearn (2023). “What Is Financial Risks and Its Types? Everything You Need”. Accessed at
https://www.simplilearn.com › Project Management, on June 6, 2023.

11
satisfy its obligations. Some common financial risks are credit, operational, foreign investment, legal,
equity, and liquidity risks.
In government sectors, financial risk implies the inability to control monetary policy and or other debt
issues. Learn more about how financial risk is associated with different sectors, be it business,
government, market, or individuals.

1.5.1 Types of Financial Risks

Risks are classified into some categories, including market risk, credit risk, operational risk, strategic risk,
liquidity risk, and event risk. These different types of risks are further categorized in several different
ways. Financial risk is one of the high-priority risk types for every business. Financial risk is caused due
to market movements and market movements can include a host of factors.

Figure 1: Financial Risk

(Adapted from Simplilearn, 2023)

As shown in Figure 1, financial risk can be classified into various types such as market risk, credit risk,
liquidity risk, operational risk, and legal risk.
1) Market Risk: This type of risk arises due to the movement in prices of financial instrument.
Market risk can be classified as Directional Risk and Non-Directional Risk. Directional risk is
caused due to movement in stock price, interest rates and more. Non-Directional risk, on the other
hand, can be volatility risks.
2) Credit Risk: This type of risk arises when one fails to fulfill their obligations towards their
counterparties. Credit risk can be classified into Sovereign Risk and Settlement Risk. Sovereign
risk usually arises due to difficult foreign exchange policies. Settlement risk, on the other hand,
arises when one party makes the payment while the other party fails to fulfill the obligations.
3) Liquidity Risk: This type of risk arises out of an inability to execute transactions. Liquidity risk
can be classified into Asset Liquidity Risk and Funding Liquidity Risk. Asset Liquidity risk arises

12
 either due to insufficient buyers or insufficient sellers against sell orders and buys orders
respectively.
4) Operational Risk: This type of risk arises out of operational failures such as mismanagement or
technical failures. Operational risk can be classified into Fraud Risk and Model Risk. Fraud risk
arises due to the lack of controls and Model risk arises due to incorrect model application.
5) Legal Risk: This type of financial risk arises out of legal constraints such as lawsuits. Whenever
a company needs to face financial losses out of legal proceedings, it is a legal risk.

1.5.3 Financial risks for businesses31

Why do businesses face financial risks? Financial risk may be due to several macroeconomic forces,
fluctuating market interest rates, and the possibility of default by large organizations or sectors. When
individuals run businesses, they face financial risk in making decisions that jeopardize their ability to pay
debts or income. Building a business from the ground up is expensive. Often companies need to seek
capital from outside sources for their steady growth. This funding requirement creates a financial risk for
the company/ business seeking an amount and the investor/ stakeholder investing in the company’s
business.
The danger associated with borrowing money is called credit risk or default risk. If the borrower cannot
repay the loan (it becomes default), the investors suffer from reduced income from loan repayments,
interests, and principal. Creditors often experience an increment in costs for debt collection.
Another term - specific risk, is used when only one or some companies struggle with financial situations.
This type of danger relates to a company or group of companies concerns capital structure, exposure to
default, and financial transactions. Thus, specific risk reflects investors’ uncertainty about collecting
returns and potential monetary loss.
Furthermore, businesses also experience operational risk. This type of risk is posed when businesses have
flawed financial reasoning or poor management, i.e., they fail to succeed in their undertakings based on
internal factors.
Financial risks affect businesses in different shapes and sizes. Financial risk awareness is a must.
However, knowing the dangers and strategies to protect oneself does not eliminate the risk; it mitigates
the harm and reduces the chances of negative outcomes.

1.5.4 Financial risks for the market32

Often, financial markets are a hub of financial risks as several circumstances can impact them. When a
critical market sector struggles with a financial crisis, it affects the monetary status of the entire
marketplace. The 2007 -2008 global financial crisis bears testimony to marketplace risk. As the
businesses closed, the investors lost fortunes, and the government was forced to reconsider its monetary
policy.
Additionally, other events impact the market, too, such as volatility. It brings uncertainty regarding the
fair value of market assets. Volatility is measured as implied volatility. This statistical value is
represented as a percentage that reflects the stakeholders’ confidence that market returns match the
31
Ibid (Simplilearn (2023).
32
Ibid.

13
marketplace’s valuation as a whole. It gives insights into the market on the rise vs. the market in decline.
So, volatility risk can lead to steep price swings in stock market shares.
Market interest rate changes and defaults can pose financial risks. Defaults occur mainly in the debt or
bond market when issuers or companies fail to pay their debt obligations. Defaults harm investors
severely. At the same time, changes in the market interest rate tend to push individual securities into
unprofitability for investors. They are forced into lower-paying debt securities or negative returns.
Asset-backed risks arise when asset-backed securities become volatile when the value of the underlying
securities also changes. A common category of asset-backed can be understood by the following example.
A borrower who took money for a certain period pays off the debt early. This early payment ends the
income stream from repayments. It also gets rid of the possible income from significant changes in
interest rates.

1.5.5 Financial risks for governments33

Financial risk for a government arises in the following situations:
 government losing control of its monetary policy
 its inability or unwillingness to control inflation
 government defaulting on its bonds
 other debt issues
A government issues debt in the following form:
 Bonds
 Funding wars
 Building bridges
 Building infrastructure
 Paying for general day-to-day operations
For instance, the US government issues debts that are called treasury bonds. Several governments have
defaulted on debt, including Venezuela, Russia, Argentina, and Greece. Some governments only delay
debt payments, while some pay less than the agreed-upon amount. In both cases, it leads to financial risk
for investors/stakeholders.

1.5.6 Financial risks for individuals34

You, too, can fall prey to financial risks if you make poor decisions. A common cause of financial risk
can be taking an unnecessary day off from work. Other causes include highly speculative investments.
Individuals must understand that every undertaking has a potential risk attached. There are dangers
beyond one’s control. Therefore, it is vital to fully realize the consequences.
Liquidity risk has the following two situations for investors:
 Market liquidity risk: Involves assets and securities that cannot be sold or purchased at a rate that
compensates for the losses in a volatile market. It arises when there are many sellers but few
33
Ibid (Simplilearn, 2023).
34
Ibid.

14
 buyers.
 Funding/ Cash flow liquidity risk: The possibility that a company might not have the necessary
capital to pay its debt. Thereby it gets forced to default and harms stakeholders.
Individuals are also exposed to speculative risks wherein a profit or gain has uncertain success. An
investor’s improper research before investing leads to chances of speculative risks. It happens when they
reach too far for gains or invest a significantly large portion of their net worth into a particular
investment.
Do you have an inflow of foreign currencies? You can also be exposed to currency financial risks as the
following factors affect your calculated finances:
 Interest rate changes
 Monetary policy changes
 Changes in prices due to market differences
 Political changes
 Natural calamities
 Diplomatic changes
 Economic conflicts

1.5.7 Pros and cons of Financial Risk35

Risk is the other side of the reward. Financial risk is a situation of uncertainty. It exists to different
degrees. The term “risk” has a negative connotation, and financial risk has the ability to spread from one
business to another or to an entire sector/ market/ world, making it all the more a serious issue. Therefore,
understanding and assessing the degree of financial risk associated with an asset can lead to better and
more informed business decisions.
The pros and cons of knowledge of financial risks are as follows:

Pros of Financial Risks Cons of Financial Risks

 Facilitates more informed decisions  Often arises from unpredictable
outside forces
 Assists in assessing value, i.e., the  It can be uncontrollable or difficult to
risk-reward ratio overcome
 It can be recognized via analysis tools  Can spread to different sectors or
markets

1.5.8 Tools to Monitor Financial Risk36

Several tools help individuals, governments, and businesses calculate the degree of financial risks they
might encounter. Some commonly used methods to analyze financial risks associated with long-term
investments are as follows:
 Fundamental analysis: Measures a security’s intrinsic value. It evaluates all aspects of the

35
Ibid.
36
Ibid (Simplilearn, 2023).

15
 underlying business, such as the firm’s earnings and assets.
 Technical analysis: Evaluates securities via statistics. It considers historical returns, share prices,
trade volumes, and other performance data.
 Quantitative analysis: Evaluates a company’s historical performance using specific financial ratio
calculations.
 Statistical and numerical analysis: Identifies potential risks using statistical methods.
If you monitor financial risk via any of the analysis techniques mentioned above, ensure that you analyze
trends over a long time. This way, you will better grasp the trends of fluctuations and progress towards a
better financial goal. It is important to understand that a risk history does not always imply a future risk
too.

The following practices help identify financial risks:

 Considering the risk factors a company might face is a prerequisite for identifying financial risks.
 Reviewing corporate balance sheets
 Studying statements of financial positions
 Exploring weaknesses within the company’s operating plan
 Comparing metrics to other companies of the same industry.
 Employing statistical analysis techniques to identify the company’s risk areas.

Completely eliminating financial risks can be difficult and expensive but mitigating the risks is easier and
inexpensive. An individual or a company can neutralize financial risks by diversifying investments,
holding the right amount of insurance or sufficient funds for emergencies. Different income streams are
also a good option for tackling financial risks.

Why Is Financial Risk Important? Understanding, evaluating, and mitigating financial risk is crucial for
an organization’s long-term success. Financial risk often comes as a major hurdle in the path of
accomplishing finance-related objectives such as paying loans timely, carrying a healthy debt amount,
and delivering products on time. So, completely comprehending the causes of financial risks and adopting
the right measures to prevent it can help a company yield better returns.
Is Financial Risk Systematic or Unsystematic? Financial risk is an unsystematic risk because it does not
impact every company. It is specific to each company as it depends on an organization’s operations and
capital structure.

1.5.9 Real-World Example of Financial Risk37

Several companies have experienced some huge financial blows. An unfortunate popular history points to
the June 2018 closure of Toys “R” Us. In September 2017, the company announced its bankruptcy. The
company’s CEO also released a statement that the company was working with creditors to restructure the
$5 billion of long-term debt. As per reports, much of the company’s financial risk originated from a 2005
US $6.6 billion leveraged buyout by investment firms— KKR & Co., Bain Capital, and Vornado Realty
Trust.
In March 2018, Toys “R” Us announced that it would liquidate its 735 US locations to pull off from the

37
Ibid (Simplilearn, 2023).

16
dwindling revenue strain amid looming financial obligations after a disappointing holiday season. It also
faced difficulty selling its properties. This situation is an example of the liquidity risk associated with real
estate.
In November 2018, the debt holders Angelo Gordon and Solus Alternative Asset Management took
control of the bankrupt company and created plans to revive the chain. In February 2019, a new company
staffed with ex-Toys “R” Us execs, Tru Kids Brands, reported that it would relaunch the brand and
opened two new stores that year. Recently, Macy’s has partnered with WHP Global, and together they are
working on bringing back the Toys “R” Us brand.

17