RISK MANAGEMENT

PREPARATION GUIDELINES

AND

MAPPING SHEET
 WHAT TO CARRY IN THE RISK MANAGEMENT EXAM ?

1 Mapping sheet
2 ICAI Study Mat
3 May 2018 Paper and Solution
4 November 2018 Paper and Solution
5 Case Study 1,2 & 3 from ICAI BOS
6 MTP
7 Class Notes
8 SSEI Study Mat

HOW TO PREPARE ?
Step 1: Class Notes
Step 2: Solve all Case studies
 PAPER 6A - RISK MANAGEMENT – CONTENTS
Serial Study Class
Particulars
No. MAT Notes
1.INTRODUCTION TO RISK
1 Introduction & Definitions
1.1 ICAI Guide on RBIA (meaning of risk, business risk, frog in the well syndrome) 1.2
ICAI Standard on Internal Audit, SA 315 – table of definitions of risk 1.5
Financial Risks 1.7
1.2 Occupational Health & Safety Advisory Services (OHSAS) 1.8
1.3 Classification of Business Risk (Internal & External / Controllable & Uncontrollable) 1.10
1.4 Risk Categories by COSO (Operations, Financial Reporting, Compliance) 1.11
1.5 Inherent Risk and Residual Risk 1.11
1.6 ICAI’s Standard of Internal Audit (Risk Classification as per ERM)(Open Group–effect, frequency) 1.12
1.7 ICAI Guide on Risk Based Internal Audit (RBIA) (Likelihood, Consequence, Risk score) 1.13
2 Risk & Uncertainty (Distinction, define risk attitude, appetite and tolerance and VUCA) 1.15
3 Classification of Risks
3.1 Nature of Risks (can be opportunities or threats)
3.2 Categorization of Risks (as per Paul Hopkins- hazard(pure), control, opportunity), 1.16
(Pure, fundamental, particular, dynamic, speculative risk) 1.17
4 Types of Risks
(Internal & External / Controllable & Uncontrollable) table given 1.20
Risks – Financial, Credit, Liquidity, Market, Operational, Strategic, Compliance, Regulatory, 1.21
Reputation, Legal, Interest Rate, Foreign exchange, Management, Staffing, Technology, Business 1.21
Continuity, Information (data security), Country, Fraud, Price, Process, Security, Governance, 1.22
 Safety, Significant Risk, Entity Risk Assessment, Indirect Risks to Business 1.22

2. SOURCE AND EVALUATION OF RISKS

1 Identification and Sources of Risks 2.2
2 Quantification of Risk & Various Methodologies (Risk Assessment, measurement, quantification) 2.5
2.1 Qualitative Risk Assessment (9 grade matrix table) 2.5
2.2 Quantitative Risk Assessment (decision tree example) 2.6
2.3 Tools & Techniques for Risk Quantification (expert judgment, delphi approach, scoring, Simulation etc) 2.9
2.4 Other Business Risk Measurements 2.10
2.5 Outputs from Risk Quantification 2.10
3 Risk Identification and Assessment Approaches (16 techniques given like WIFT, FTA, Bow Tie) 2.11
ICAI guide on Risk Assessment – questions and purpose for risk evaluation 2.14
3.1 Sources for Identification of Risks (internal/external – brief list set out), SWOT Analysis Table 2.15
3.2 High Value Threats & Risk Analyzed (for Mumbai City case study) 2.18
3.3 Global Risk Outlook (World Economic Forum) 2.19
3.4 Risk Identification and Root Cause Analysis 2.20
3.5 Use of specific tools to identify risk (PESTLE Analysis) 2.20
3.6 Risk Treatment Options (table given – avoid/reduce/transfer/accept), (insurance, outsource, SLAs) 2.21
4 Impact of Business Risk (3 imp tables given – likelihood, consequence, risk rating) 2.23
5 Identify & Assess the impact upon the Stakeholders involved in Business Risk(internal/external) 2.27
6 Role of Risk Manager & Risk Committee in Identifying Risk
6.1 Role of Risk Manager (CRO) (15 tasks) 2.30
6.2 Role & Responsibility of Risk Management Committee (10 roles, 19 responsibilities) 2.30
6.3 IBM Case Study – Role of Risk Management Function 2.32
6.4 Principles for Effective Implementation of RM recommended by OECD 2.33

3. RISK MANAGEMENT
1 Concept of Risk Management (famous views on risk and risk management) 3.2
1.1 Determining Risk Appetite 3.3
1.2 Risks appetite – Principles &Approach(5 key principles underpinning risk appetite) 3.4
2 Objectives and Process of Risk Management
2.1 Objective of risk management (common objectives, risk management cycle) 3.5
2.2 Step by Step process of Risk Management (5 steps table) 3.6
(ISO 31000 Risk Management Checklist- Risk architecture, strategy, protocols) 3.8
3 Importance & Benefits of Risk Management 3.9
4 Risk Management Techniques (Tolerate, Transfer, Terminate, Treat) 3.11
5 Risk Management Case Studies (4 case studies given) 3.13

4. QUANTITATIVE ANALYSIS
Out of Syllabus
 5. RISK MODEL
1 Value at Risk (VAR)
1.1 Calculating VAR (Conversions, Parameters - guidance) 5.2
1.2 VAR Methods (Delta Normal, Full Revaluation – Historical/Bootstrap/Monte Carlo) 5.4
1.3 Coherent Risk Measures (Subadditivity/Homogeneity/Monotonicity/Risk-free) 5.6
1.4 Expected Shortfall 5.6
1.5 Limitations of VAR (4) 5.7
2 Stress Testing
2.1 Role of Enterprise wide Stress Testing 5.8
2.2 Applications of Stress Testing (Risk Reporting/Strategic Planning/RiskAppetite/Limits) 5.9
2.3 Stress Test Process 5.11
3 Scenario Analysis
3.1 Categories of Stress Scenarios (Normal/Severe/Near-Default/Reverse or Stress to Default) 5.12
3.2 Scenario Selection 5.13
3.3 Drawbacks of Scenario Analysis 5.13
3.4 Basel Committee on Banking Supervision (BCBS) (21) Principles for Stress Testing 5.13
4 Country Risk
4.1 Types of Country Risk (Political, Financial and Economic) 5.15
4.2 Country Risk Management Process 5.16
4.3 Country Risk Assessment Tools (Qualitative & Quantitative – table of 6 tools) 5.17

6. CREDIT RISK MEASUREMENT AND MANAGEMENT

1 Understanding Credit Risk
1.1 Two Way Risk 6.2
1.2 Risk-Return Trade Off (4 decisions in context of credit risk calls) 6.2
1.3 Credit Risk in Capital Market 6.2
2 Components of Credit Risk - (Default, Exposure, Recovery Risks – Collateral & Third party) 6.3
3 Measurement of Credit Risk in Banking Transactions and Factors affecting the credit risk
3.1 Measurement of Credit Risk in Banking Transactions 6.4
3.2 Factors affecting the Credit Risk (Internal and External factors) 6.4
4 Types of Credit Facilities
4.1 Fund Based Facilities (Personal/Mortgage/Working Capital/MPBF Tandon Committee etc.) 6.5
4.2 Non-Fund Facilities (Bank Guarantee/Letter of Credit) 6.7
5 Classification of Assets (Standard/Sub-Standard/Doubtful/Loss Assets) 6.8
6 Evaluating Credit Risk (6 ground rules to assess credit risk of customers) 6.8
 7 Mitigating Credit Risk
7.1 Identification of Credit Risks 6.9
7.2 How credit risk is mitigated (Basel II – Funded/Non-funded), 6.10
(3 approaches – Standardized, Internal Rating, Credit Risk Mitigation), (Other techniques) 6.12
8 Qualitative Techniques of Credit Risk Management
8.1 Borrower/Transaction Specific Risk Management (5 C’s of Credit) (DD for Retail, wholesale) 6.13
8.2 Credit Rating Scales(agencies, scales) 6.15
8.3 Portfolio Risk Management(mechanism for Retail/wholesale) (SMA account sub-categories) 6.17
8.4 Credit Risk Rating Process
8.5 Credit Loss Estimation(Expected Loss, Unexpected loss) (PD,LGD,EAD) 6.19
8.5.1 Estimation of Probability of Default(Pooling method, Statistical method, Structural method) 6.20
8.5.2 Estimation of Loss Given Default (Cyclical LGD, Long-run LGD, Downturn LGD) 6.21
8.6 Credit Default Swaps (including RBI guidelines) 6.21
8.7 Credit Insurance 6.24
8.8 Difference between Credit Insurance and CDS 6.24
8.9 Other Qualitative Techniques (covenants, collateral, structure, sell-down syndication, etc.)
9 Quantitative Techniques of Credit Risk Management
9.1 Altman Z Score 6.26
9.2 Alpha, Beta, Sharpe Ratio, R squared, RORAC, VaR, Economic Capital, RAROC 6.28
9.3 Ratios & Financial Assessment (Financial Statement, Cash Flow, Working Capital Analysis) 6.30
10 Credit Scoring Models
10.1 What is a credit scoring model? 6.33
10.2 Types of Credit Scoring Model (FICO, Vantage, PLUS, Experian Equivalency, Equifax) 6.34
 7. RISK ASSOCIATED WITH CORPORATE GOVERNANCE
1 Evaluation of Risk Associated with Governance (Governance Risk) 7.2
(Sound Governance Practices by FSB – BOD, Risk Committee, Audit Committee CRO) 7.3
2 Risk Management Function (CRO, Risk Appetite Framework (RAF), (RAS), risk limits) 7.5
3 Independent Assessment of the Risk Governance Framework (RM Framework policy statement) 7.6
3.1 Entity’s Risk Assessment Process with respect to Financial Reporting (ICAI GN on IFC) 7.7
3.2 Role of Risk Assessment with respect to Financial Reporting 7.8
3.3 Risk Based Internal Auditing 7.8
3.4 Audit Risk & Sampling 7.9
4 Risk Management Disclosures in India
4.1 Indian Scenario (Indian Companies Act, SEBI LODR) 7.10
4.2 Global Scenario (SEC via MD&A, COSO, IRF, IFAC) 7.11
4.3 Global retail company Annual report Scenarios disclosure case study 7.13
4.4 Indian steel manufacturing company Annual report ROR disclosure case study 7.14
5 Description & Evaluation of Framework for Board Level Consideration of Risk 7.16
5.1 Corporate Risk Management 7.17
5.2 Risk Management Frameworks, Approaches & Techniques (questions to be raised by the Board) 7.17
5.3 Striking the right balance in action and reaction 7.20
6 OECD Guidelines (Principles) for Corporate Governance 7.20
6.1 Ensuring the basis for an effective corporate governance framework 7.21
6.2 The rights and equitable treatment of shareholders and key ownership functions 7.21
6.3 Institutional investors, stock markets and other intermediaries 7.21
6.4 Role of stakeholders in corporate governance 7.21
6.5 Disclosures and Transparency 7.21
6.6 The responsibilities of the board 7.22

8. ENTERPRISE RISK MANAGEMENT

1 Definition and Scope of Enterprise Risk Management 8.2
2 Implementing ERM (COSO definition of ERM, ERM policy, Risk Register) 8.3
3 ISO 31000 – 7 keys to implement ERM 8.5
4 Risk Maturity of an Organization (levels table – naïve, aware, defined, managed, enabled) 8.7
5 Process of an Enterprise Risk Management and Internal Audit (Lifecycle of RM) 8.8
6 Stakeholder Value Creation by Enterprise Risk Management 8.8

9. OPERATIONAL RISK MANAGEMENT

1 Introduction
1.1 What is Operational Risk? 9.2
1.2 Why does operational risk originate? 9.2
2 Relevance of Operational Risk (Companies Act, SA 315, Clause 49, ICAI GN, SOX, ISO) 9.3
3 Operational Risk Management Governance
3.1 Operational Risk Management Policy 9.6
3.2 Operational Risk Management Committee (ORMC) 9.6
3.3 Lines of Defence (3 lines of defence) 9.7
3.4 Effective Policy Framework (Entity Level Policies, Departmental Policies) 9.9
3.5 Process Notes/Standard Operating Procedures (SOP) 9.9
4 Risk Identification and Risk-Types
4.1 Definition of RCM and RCSA 9.10
4.2 Description of the Inherent Risk 9.10
 Op Risk Types - Regulatory, Financial, Financial Reporting, Legal, Reputation, Fraud, External 9.11
4.3 Risk Grading/Rating (table of 7 parameters) (impact/probability – HIHP,HILP,LIHP,LILP) 9.12
4.4 Residual Risk and Rating/Grading 9.14
5 Understanding of Controls (11 categories) 9.15
6 Risk Control Self-Assessment (RCSA) (indicative table) 9.17
7 Technology Risk (8 issues) 9.17
8 Key Risk Indicators (KRI) and Scenario Analysis 9.20
9 Business Continuity Plan 9.21
9.1 Business Impact Analysis (BIA) 9.22
9.2 Functional Recovery Plan (FRP) 9.23
10 Outsourcing Risk 9.24
11 Cyber Risk and Information Security Controls (malevolent attack, ransomware, phising, etc) 9.25
12 Operational Loss Data Management (table event category wise given) 9.27
12.1 Identification 9.30
12.2 Quantification 9.31
12.3 Reporting(indicative table given) 9.31
12.4 Corrective Action 9.32
13 Insurance 9.32