复制成功
  • 图案背景
  • 纯色背景
  •   |  注册
  • /
  • 网上书库

    上传于:2014-06-28

    粉丝量:671

    上传资料均来自于互联网,若有侵权,立刻通知删除。

    

    Business Risk Management Models and Analysis

    下载积分:1500

    内容提示: Business Risk Management Business Risk ManagementModels and AnalysisEdward J. AndersonThe University ofSydney Business School, Australia This edition first published 2014© 2014 John Wiley & Sons, LtdRegistered officeJohn Wiley & Sons Ltd, The Atrium, Southern Gate, Chichester, West Sussex, PO19 8SQ, United KingdomFor details of our global editorial offices, for customer services and for information about how to apply forpermission to reuse the copyright material in this book please see our website...

    威廉希尔app下载格式:PDF| 浏览次数:34| 上传日期:2014-06-28 23:25:40| 威廉希尔app下载星级:
    Business Risk Management Business Risk ManagementModels and AnalysisEdward J. AndersonThe University ofSydney Business School, Australia This edition first published 2014© 2014 John Wiley & Sons, LtdRegistered officeJohn Wiley & Sons Ltd, The Atrium, Southern Gate, Chichester, West Sussex, PO19 8SQ, United KingdomFor details of our global editorial offices, for customer services and for information about how to apply forpermission to reuse the copyright material in this book please see our website at www.wiley.com.The right of the author to be identified as the author of this work has been asserted in accordance with theCopyright, Designs and Patents Act 1988.All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted,in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, except as permittedby the UK Copyright, Designs and Patents Act 1988, without the prior permission of the publisher.Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may notbe available in electronic books.Designations used by companies to distinguish their products are often claimed as trademarks. All brand namesand product names used in this book are trade names, service marks, trademarks or registered trademarks oftheir respective owners. The publisher is not associated with any product or vendor mentioned in this book.Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts inpreparing this book, they make no representations or warranties with respect to the accuracy or completenessof the contents of this book and specifically disclaim any implied warranties of merchantability or fitness fora particular purpose. It is sold on the understanding that the publisher is not engaged in rendering professionalservices and neither the publisher nor the author shall be liable for damages arising herefrom. If professionaladvice or other expert assistance is required, the services of a competent professional should be sought.Library ofCongress Cataloging-in-Publication DataAnderson, E. J. (Edward J.), 1954-Business risk management : models and analysis / Edward Anderson, PhD.pages cmIncludes bibliographical references and index.ISBN 978-1-118-34946-5 (hardback)1. Risk management. I. Title.HD61.A529 2014658.155 – dc232013028911A catalogue record for this book is available from the British Library.ISBN: 978-1-118-34946-5Set in 10/12pt Times by Laserwords Private Limited, Chennai, India12014 To my wife, Margery, and my children:Christian, Toby, Felicity, Marcus, Imogen, Verity and Clemency. ContentsPrefacexiii1What is risk management?1.1Introduction1.2Identifying and documenting risk1.3Fallacies and traps in risk management1.4Why safety is different1.5The Basel framework1.6Hold or hedge?1.7Learning from a disaster1.7.1What went wrong?NotesReferencesExercises12579111213151718192The structure of risk2.1Introduction to probability and risk2.2The structure of risk2.2.1Intersection and union risk2.2.2Maximum of random variables2.3Portfolios and diversification2.3.1Adding random variables2.3.2Portfolios with minimum variance2.3.3Optimal portfolio theory2.3.4When risk follows a normal distribution2.4The impact of correlation2.4.1Using covariance in combining random variables2.4.2Minimum variance portfolio with covariance2.4.3The maximum of variables that are positively correlated2.4.4Multivariate normal222325252830303337384041434446*Sections marked by an asterisk may be skipped by readers requiring a less detailed discussionof the subject. viiiCONTENTS2.5Using copulas to model multivariate distributions2.5.1*Details on copula modelingNotesReferencesExercises49525859603Measuring risk3.1How can we measure risk?3.2Value at risk3.3Combining and comparing risks3.4VaR in practice3.5Criticisms of VaR3.6Beyond value at risk3.6.1*More details on expected shortfallNotesReferencesExercises63646773767982868888894Understanding the tails4.1Heavy-tailed distributions4.1.1Defining the tail index4.1.2Estimating the tail index4.1.3*More details on the tail index4.2Limiting distributions for the maximum4.2.1*More details on maximum distributionsand Fisher–Tippett4.3Excess distributions4.3.1*More details on threshold exceedances4.4Estimation using extreme value theory4.4.1Step 1. Choose a threshold u4.4.2Step 2. Estimate the parameters ξ and β4.4.3Step 3. Estimate the risk measures of interestNotesReferencesExercises92939395981001061091141151161181191211221235Making decisions under uncertainty5.1Decisions, states and outcomes5.1.1Decisions5.1.2States5.1.3Outcomes5.1.4Probabilities5.1.5Values125126126127127128129 CONTENTSix5.2Expected Utility Theory5.2.1Maximizing expected profit5.2.2Expected utility5.2.3No alternative to Expected Utility Theory5.2.4*A sketch proof of the theorem5.2.5What shape is the utility function?5.2.6*Expected utility when probabilities are subjectiveStochastic dominance and risk profiles5.3.1*More details on stochastic dominanceRisk decisions for managers5.4.1Managers and shareholders5.4.2A single company-wide view of risk5.4.3Risk of insolvencyNotesReferencesExercises1301301321351391421451481521561561581581601611625.35.46Understanding risk behavior6.1Why decision theory fails6.1.1The meaning of utility6.1.2Bounded rationality6.1.3Inconsistent choices under uncertainty6.1.4Problems from scaling utility functions6.2Prospect Theory6.2.1Foundations for behavioral decision theory6.2.2Decision weights and subjective values6.3Cumulative Prospect Theory6.3.1*More details on Prospect Theory6.3.2Applying Prospect Theory6.3.3Why Prospect Theory does not always predict well6.4Decisions with ambiguity6.5How managers treat riskNotesReferencesExercises1641651651671681711721731751801831851871891911941941957Stochastic optimization7.1Introduction to stochastic optimization7.1.1A review of optimization7.1.2Two-stage recourse problems7.1.3Ordering with stochastic demand7.2Choosing scenarios7.2.1How to carry out Monte Carlo simulation7.2.2Alternatives to Monte Carlo198199199203208212213217 xCONTENTS7.3Multistage stochastic optimization7.3.1Non-anticipatory constraintsValue at risk constraintsNotesReferencesExercises2182202242282282297.48Robust optimization8.1True uncertainty: Beyond probabilities8.2Avoiding disaster when there is uncertainty8.2.1*More details on constraint reformulation8.2.2Budget of uncertainty8.2.3*More details on budgets of uncertainty8.3Robust optimization and the minimax approach8.3.1*Distributionally robust optimizationNotesReferencesExercises2322332342402432472502542612622639Real options9.1Introduction to real options9.2Calculating values with real options9.2.1*Deriving the formula for the surpluswith a normal distribution9.3Combining real options and net present value9.4The connection with financial options9.5Using Monte Carlo simulation to value real options9.6Some potential problems with the use of real optionsNotesReferencesExercises26526626727227327828228528728728810 Credit risk10.1 Introduction to credit risk10.2 Using credit scores for credit risk10.2.1 A Markov chain analysis of defaults10.3 Consumer credit10.3.1 Probability, odds and log odds10.4 Logistic regression10.4.1 *More details on logistic regression10.4.2 Building a scorecard10.4.3 Other scoring applicationsNotesReferencesExercises291292294296301302308313315317317318319 CONTENTSxiAppendix AA.1A.2 Bayes’ rule and independenceA.3 Random variablesA.4 Means and variancesA.5 Combinations of random variablesA.6 The normal distribution and the Central Limit TheoremTutorial on probability theoryRandom events323323326327329332336Appendix BAnswers to even-numbered exercises340Index361 PrefaceWhat does this book try to do?Managers operate in a world full of risk and uncertainty and all managers needto manage the risks that they face. In this book I introduce a number of differ-ent areas that I think are important in understanding risk and in making gooddecisions when the future is uncertain. This is a book aimed at all students whowant to learn about risk management in a business environment.The best way to achieve a clear understanding of risk is to use quantitativetools and probability models, and this book is unashamedly quantitative in itsemphasis. However, that does not mean the use of advanced mathematics: thematerial is carefully chosen to be accessible to those without a strong mathemat-ical background.The book is aimed at either postgraduate or senior undergraduate students. Itwould be suitable for MBA students taking an elective course on Business RiskManagement. This text is for a course aimed at all business students rather thanthose specializing in finance. The book could also be used for self-study by amanager who wishes to improve their understanding of this important area.Risk management is an area where a manager’s instinct may run counterto the results of a careful analysis. This book explores the critical issues formanagers who need to understand both how to make wise decisions in riskyenvironments and how people respond to risk.There are many different types of risk and there are existing textbooks thatlook at specific kinds of risk: for example, environmental risk, engineering risk,political risk (particularly for companies operating in an international environ-ment), or health and safety risks. These books give advice on evaluating specifictypes of risk, whether that be pollution issues or food safety, and they are aimedat students who will work in specific industries. Their focus is on understandingparticular aspects of the business environment and how these generate risk; onthe other hand, my focus is on the decisions that managers must take.This textbook is unusual in providing a comprehensive treatment of risk man-agement from a quantitative perspective, while being aimed at general businessstudents rather than finance specialists. In fact, many of the topics that I discusscan only be found in more advanced monographs or research papers. xivPREFACEIn writing this book I wanted to bring together a great range of material, andto include some modern advanced approaches alongside the fundamentals. SoI discuss the basic probability ideas needed to understand the principle of diversi-fication, but at the same time I include an introduction to the treatment of heavytails through extreme value theory. I discuss the fundamental ideas of utility the-ory, but I also give an extensive discussion of Prospect Theory which describeshow people actually make decisions on risk. I introduce Monte Carlo methods formaking good decisions in a risky environment, but I also discuss modern ideas ofrobust optimization. To bring all these topics together is an ambitious aim, but Ihope that this bookwill demonstrate that it is natural to teach this material together.It is my belief that some important topics that have traditionally been seenas the realm of finance specialists need to be made accessible to those with amore general business focus. Thus, we will cover some of the classic financialrisk areas, such as the Basel framework of market, credit and operational risk;the use of value at risk in practice; credit scoring; and real options. We do allthis without requiring any advanced financial mathematics.The book has been developed from teaching material used in courses at bothadvanced undergraduate and master’s level at the University of Sydney BusinessSchool. These are full semester courses (13 weeks) but the design of the bookwould enable a selection of chapters to be taught in a shorter course.What is the structure of this book?The first chapter is introductory: it sets out my understanding of the essence ofrisk management and covers the framework for the rest of the book.The next three chapters deal with the analysis ofrisk. Chapter 2 works throughsome fundamental ideas about risks that depend on events and risks that dependon values. It introduces the important idea of diversification of risk and looks indetail at how this can fail when diversification takes place over a portfolio wheredifferent elements tend to move in tandem. This leads up to a brief discussionof copulas as a way to model dependence. Chapter 3 moves from the theory ofChapter 2 to the more practical topic ofvalue at risk. Anyone working in this areaneeds to know what this is and how it is calculated; as well as understandingboth the strengths and the weaknesses of value at risk as a measure of risk.This chapter also discusses expected shortfall as an alternative to value at risk.Chapter 4 takes us deeper into the essential problems of risk management thatinvolve the tails of a probability distribution. The chapter introduces heavy-taileddistributions and shows how extreme value theory can be used to help us estimaterisk from data that inevitably do not contain many extreme values.The next four chapters are concerned with making decisions in a risky envi-ronment. The fundamental insight here is that we need to think not only of howmuch profit or loss is made, but also how those different outcomes affect us,either as individuals or as a firm. This leads to the idea of a utility function that PREFACExvwe want to maximize. Chapter 5 gives a thorough treatment of Expected Util-ity Theory, which is a powerful normative description of how we should takedecisions. It turns out, however, that individual decision makers do not keep tothe ‘rules’ of Expected Utility Theory. Chapter 6 describes the way that choicesare made in risky environments by real people. Prospect Theory can be a help-ful predictor of these decisions and I describe this in detail. Chapter 7 looks atthe difficulties of making the right decision in complex problems, particularlywhere the situation evolves over time. We show how such problems can be for-mulated and solved and explain how to use Monte Carlo simulation in findingsolutions. One of the problems with these methods is that they require a completedescription of the probability distributions involved. In practice, this can involvemore guesswork than actual knowledge. Chapter 8 discusses a modern approach,termed ‘robust optimization’, to overcome this problem by specifying a range ofpossible values rather than a complete distribution.The last two chapters of the book have a different emphasis. Chapter 9describes the important topic of real options. This switches the focus from thenegative events to the positive ones. It is enormously valuable for managers tounderstand the concept of an option value: and how this implies that more vari-ability will lead to a higher value for the project. In a sense, this is an example ofhow risk can be good. The final chapter returns to the Basel distinction betweenthree different kinds of risk: market risk, credit risk and operational risk. AfterChapter 1 our emphasis has been mainly on market risk, but in Chapter 10we discuss credit risk. We look at credit scoring approaches both at the firmlevel, where agencies like Standard & Poor’s dominate, and also at the consumerlevel, where credit scoring can determine the terms of a loan.How can this book be used?An important question in teaching quantitative risk management is how muchmathematical maturity one should assume. This book is aimed at students whohave taken an introductory statistics course or quantitative methods course, but donot otherwise have much mathematical background. I have included an appendixthat gives a reminder of the probability theory that will be used. The idea offinding the area under the tail of a distribution function to calculate a probabilityis quite fundamental for risk management and so some knowledge of elementarycalculus will be helpful, but I have limited the material in which calculus isused. There is no need for knowledge of matrix algebra. However, it shouldnot be thought that this implies a superficial treatment of the material. This textrequires students to come to grips with advanced concepts and students taughtfrom this material in Sydney have found it challenging. To make it easier to usethis textbook for a more elementary course, I have starred certain subsectionsthat can be omitted by those who want to understand the important ideas withouttoo much of the theoretical detail. xviPREFACEExcel spreadsheets are used throughout to illustrate the material and for someexercises. There is no requirement for any other special purpose software. Theexcel spreadsheets mentioned can be found in the companion website to the book:http://www.wiley.com/go/business_risk_managementThroughout the text I will discuss small examples set in fictitious companies.The exercises too are often based around decision problems faced by imaginarycompanies. I believe that the best way to come to grips with this sort of materialis to spend time working through the problems (while resisting the temptation tolook too quickly at the answer provided). I have provided a substantial number ofend-of-chapter exercises. The answers to the even-numbered exercises are givenin Appendix B and full worked solutions are available for instructors (see theinstructions in the companion website).Early versions of this manuscript were used in my classes on Business RiskManagement at the University of Sydney in both 2011 and 2012. I would like tothank everyone who took those classes for their comments and questions whichhave helped me in improving the presentation, and I would particularly like tothank Heying Shi who managed to uncover the greatest number of mistakes.Eddie AndersonSydney 1What is risk management?The biggest fraud ofall timeA number of banks have succeeded in losing huge sums of money in theirtrading operations, but Soci´ et´ e G´ en´ erale (‘SocGen’) has the distinction of losingthe largest amount of money as the result of a fraud. This took place in 2007, butwas uncovered in January 2008. SocGen is one of the largest banks in Europe andthe size of the fraud itself is staggering; SocGen estimated that it lost 4.9 billionEuros as a result of unwinding the positions that had been entered into. Witha smaller firm this could well have caused the bank’s collapse, as happened toBarings in 1995, but SocGen is large enough to weather the storm. The employeeresponsible was J´ erˆ ome Kerviel, who did not profit personally (or at least onlythrough his bonus payments being increased). In effect, he was taking enormousunauthorized gambles with his employer’s money. For a while these gamblescame off, but in the end they went very badly wrong.In America the news broke on January 24, 2008, when the New York Timesreported as follows:‘Soci´ et´ e G´ en´ erale, one of the largest banks in Europe, was throwninto turmoil Thursday after it revealed that a rogue employee hadexecuted a series of “elaborate, fictitious transactions” that cost thecompany more than $7 billion US, the biggest loss ever recorded inthe financial industry by a single trader.Before the discovery ofthe fraud, Soci´ et´ e G´ en´ erale had been preparingto announce pretax profit for 2007 of¤5.5 billion, a figure that Bouton(the Soci´ et´ e G´ en´ erale chairman) saidwouldhave shown the company’s“capacity to absorb a very grave crisis.” Instead, Bouton – who is for-going his salary through June as a sign of taking responsibility – saidthe “unprecedented” magnitude of the loss had prompted it to seekBusiness Risk Management: Models and Analysis, First Edition. Edward J. Anderson.© 2014 John Wiley & Sons, Ltd. Published 2014 by John Wiley & Sons, Ltd.Companion website: www.wiley.com/go/business_risk_management 2BUSINESS RISK MANAGEMENTabout ¤5.5 billion in new capital to shore up its finances, a move thatsecures the bank against collapse.Soci´ et´ e G´ en´ erale said it had no indication whatsoever that the trader –who joined the company in 2000 and worked for several years in thebank’s French risk-management office before being moved to its DeltaOne trading desk in Paris – “had taken massive fraudulent directionalpositions in 2007 and 2008 far beyond his limited authority.” The bankadded: “Aided by his in-depth knowledge of the control proceduresresulting from his former employment in the middle-office, he man-aged to conceal these positions through a scheme ofelaborate fictitioustransactions.”When the fraud was unveiled, Bouton said, it was “imperative thatthe enormous position that he had built, and hidden, be closed outas rapidly as possible.” The timing could hardly have been worse.Soci´ et´ e G´ en´ erale was forced to begin unwinding the trades on Mon-day “under conditions of extreme market volatility,” Bouton said, asglobal stock markets plunged amid mounting fears of an economicrecession in the United States.’A story like this inevitably prompts the question: How could this have hap-pened? Later in this chapter we will give more details about what went wrong.SocGen was a victim of an enormous fraud but the defense lawyers at Kerviel’strial argued that the company itself was primarily responsible. Whatever degreeof blame is assigned to SocGen, it clearly paid a heavy price. It is easy to bewise after the event, but good business risk management calls on us to be wisebeforehand. Later in this chapter we will discuss the things that can be learntfrom this episode (and that need to be applied in a much wider sphere than justthe world of banks and traders.)1.1IntroductionIn essence, risk management is about managing effectively in a risky and uncer-tain world. Banks and financial services companies have developed some of thekey ideas in the area of risk management, but it is clearly vital for any manager.All of us, every day, operate in a world where the future is uncertain.When we look out into the future there is a myriad of possibilities: there canbe no comprehension of this in its totality. So our first step is to simplify in a waythat enables us to make choices amidst all the uncertainty. The task of findinga way to simplify and comprehend what the future might hold is conceptuallychallenging and different individuals will do this in different ways. One approachis to set out to build, or imagine, a set of different possible futures, each of whichis a description of what might happen. In this way we will end up with a rangeof possible future scenarios that are all believable, but have different likelihoods. WHAT IS RISK MANAGEMENT?3Though it is obviously impossible to describe every possibility in the future, atleast having a set of possibilities will help us in planning.One way to construct a scenario is to think of chains of linked events: if onething happens then another may follow. For example, if there is a typhoon inHong Kong, then the shipment of raw materials is likely to be late, and if thishappens then we will need to buy enough to deal with our immediate needs froma local supplier, and so on. This creates a causal chain.A causal chain may, in reality, be a more complicated network oflinked events.But in any case it is often helpful to identify a particular risk event within the chainthat may or may not occur. Then we can consider both the probability of the riskevent occurring and also the consequences and costs if it does. In the example ofthe typhoon in Hong Kong, we need to bear in mind both the probability of thetyphoon and the costs involved in finding an alternative temporary source.Risk management is about seeking better outcomes, and so it is critical toidentify different riskevents and to understand both theircauses and consequences.Usually risk in this context refers to something that has a negative effect, so thatour interest in the causes of negative risk events is to reduce their probability or,better still, eliminate them altogether. We are concerned about the consequencesof risk events so that we can act beforehand in a way that reduces the costs if anegative risk event does occur. The open-ended nature of this exercise makes itimportant to concentrate on the most important causal pathways – we can think ofthis as identifying risk drivers.At the same time as looking at actions specifically designed to reduce risk, wemay need to think about the risk consequences of management decisions that wemake. For example, we may be considering moving to an overseas supplier whois able to deliver goods at a lower price but with a longer lead time, so that orderswill need to be placed earlier: then we need to ask what extra risks are involvedin making this change. In later chapters we will give much more attention to theproblems of making good decisions in a risky environment.Risk management involves planning and acting before the risk event. Thisis proactive rather than reactive management. We don’t just wait and see whathappens, with the hope that we can manage our way through the consequences;instead we work out in advance what might happen and what the consequencesare likely to be. Then we plan what we should do to reduce the probability ofthe risk event and to deal with the consequences if it occurs.Sometimes the risk event is not in our control; for example, we might bedealing with changes in exchange rates or government regulation – usually this iscalled an external risk. On other occasions we can exercise some control over therisk events, such as employee availability, supply and operations issues. These arecalled internal risks. The same distinction between what we can and cannot controloccurs with consequences too. Sometimes we can take actions to limit negativeconsequences (like installing sprinklers for a fire), but at other times there arelimits to what we can do and we might choose to insure against the event directly(e.g. purchasing fire insurance). 4BUSINESS RISK MANAGEMENTWe will use the term risk management to refer to the entire process:• Understanding risk: both its drivers and its consequences.• Risk mitigation: reducing or eliminating the probability of risk events aswell as reducing the severity of their impact.• Risk sharing: the use of insurance or similar arrangement so that some ofthe risk is transferred to another party, or shared between two parties insome contractual arrangement.The risk framework we are discussing makes it sound as though all risk is bad,but this is misleading in two ways. First we can use the same approach to considergood outcomes as well as bad ones. This would lead us to try to understand themost important causal chains, with the aim of maximizing the probability of apositive chance event, and of optimizing the benefits if this event does occur.Second we need to recognize that sometimes the more risky course of action isultimately the wiser one. Managers are schizophrenic about risk. Most see risktaking as part of a manager’s role, but there is a tendency to judge whether adecision about risk was good or bad simply by looking at the results. Thoughit is rarely put in these terms, the idea seems to be that it is fine to take risksprovided that nothing actually goes badly wrong! Occasionally managers mighttalk of ‘controlled risk’ by which they mean a course of action in which theremay be negative consequences but these are of small probability and the size ofthe cost is tolerable.In their discussion of the agile enterprise, Rice and Franks (2010) say, ‘Whileuncertainty impacts risk, it does not necessarily make business perilous. In fact,risk is critical to any business – for nothing can improve without change – andchange requires risk.’ Much the same point was made by Prussian MarshallHelmuth von Moltke in the mid-1800s: ‘First weigh the considerations, then takethe risks.’Our discussion so far may have implied an ability to list all the risks and dis-cuss the probability that an individual risk event occurs. But often there is no wayto identify all the possible outcomes, let alone enter into a calculation of the prob-ability oftheir occurrence. Some people use the term uncertainty (rather than risk)to refer to this idea. Frank Knight was an economist who was amongst the firstto distinguish clearly between these two concepts and he used ‘risk’ to refer tosituations where the probabilities involved are computable. In many real environ-ments there may be a total absence of information about, or awareness of, somepotentially significant event. In a much-parodied speech made at a press briefingon February 12, 2002, former US Defense Secretary Donald Rumsfeld said:‘There are known knowns. These are things we know that we know.There are known unknowns. That is to say, there are things that wenow know we don’t know. But there are also unknown unknowns.These are things we do not know we don’t know.’ WHAT IS RISK MANAGEMENT?5InChapter8 we willreturntothequestionofhowweshouldbehaveinsituationswith uncertainty, when we need to make decisions without being able to assignprobabilities to different events.1.2Identifying and documenting riskMany companies set up a formal risk registerto document risks. This enables themto have a single point at which information is gathered together and it encouragesa careful assessment of risk probabilities and likely responses to risk events.A carefully documented risk management plan has a number of advantages.There is first of all a benefit in making it more likely that risk will be man-aged appropriately, with major risks identified and appropriate measures taken.Secondly there is an advantage in defining the responsibility for managing andresponding to particular categories of risk. It is all too easy to find yourself in acompany in which something goes wrong and no person or department admitsto being the responsible party.Moreover, a risk management plan allows stakeholders to approve the riskmanagement approach and helps to demonstrate that the company has exercisedan appropriate level of diligence in the event that things do go wrong.There are really three steps in setting up a risk register:1. Identify the important risk events. The first step is to make some kind oflist of different risks that may occur, and in doing this a systematic processfor identifying risk can be helpful. A good starting point is to think aboutthe context for the activity: the objectives; the external influences; thestages that are gone through. The next step is to go through each elementof the activity asking what might happen that could cause external factorsto change, or that could affect the achievement of any objective.2. Understand the causes ofthe risk events. Risk does not occur in a vacuum.Having identified a set of risk events, the next step is to come to gripswith the factors that are involved in causing the risk events. In orderto understand what can be done to avoid these risks, we should ask thefollowing questions, for each risk:• How are these events likely to occur?• How probable are these events?• What controls currently exist to make this risk less likely?• What might stop the controls from working?3. Assess the consequences ofthe risk events. The final step is to understandwhat may happen as a result of these risk events. The aim is to find waysto reduce the bad effects. For each risk we will want to know:• Which stakeholders might be involved or affected? For example, doesit affect the return on share capital for shareholders? Does it affect the 6BUSINESS RISK MANAGEMENTassurance of payment for suppliers? Does it affect the security that isoffered to our creditors? Does it affect the assurance of future employ-ment for our employees?• How damaging is this risk?• What controls currently exist to make this risk less damaging?• What might stop the controls from working?At the end of this process we will be in a better position to build the riskregister. This will indicate, for each risk identified:• its causes and impacts;• the likelihood of this risk event;• the controls that exist to deal with this risk;• an assessment of the consequences.Because the risk register will contain a great many different risks, it is impor-tant to focus on the most important ones. We want to construct some sort ofpriority rating – giving the overall level of risk. This then provides a tool so thatmanagement can focus on the most important risk events and then determine arisk treatment plan to reduce the level of risk. The most important risks are thosewith serious consequences that are relatively likely to occur. We need to combinethe likelihood and the impact and Figure 1.1 shows the type of diagram that isoften used to do this, with risk levels labeled L = Low; M = Medium; H =High; and E = Extreme.This type of diagram of risk levels is sometimes called a heat map, and oftenred is used for the extreme risk box...

    关注我们

  • 新浪微博
  • 关注微信公众号

  • 打印威廉希尔app下载
  • 复制文本
  • 免费下载Business Risk Management Models and Analysis.XDF