CHAPTER-1

BACKGROUND

1.1 BACKGROUND
The following table provides an overview of the major risks that can be managed by financial
instruments with corresponding classes of instruments as per different project types.
Risk

Nature of Risk

FRM Instruments

Risks associated with Large Scale Projects

Project Development/ Pre-construction Phase
Feasibility analysis indicates project
not
Concept
to
feasible/viable
Grants, Contingent
implementation Regulatory clearances delayed/denied
Grants (GEF)
Financial closure not achieved
Construction Phase
Time overrun
Insurance
Cost overrun

Construction/
Project does not meet technical specifications
Construction
All
Risks (CAR/EAR)
Completion Risk Changes to project assumptions make the project
unviable
Surety bonds
Counterparty
Risk that the Construction Contractor does not
Performance
Risk
perform as per contract
guarantees
Liquidation damages
Operating Phase
Performance
Risk
Counterparty
Risk
Fuel

Technical performance
Managing the facility
Physical damage to the facility

Insurance

Surety bonds
Risk that the O & M Contractor does not perform
Performance
as per contract
guarantees

Liquidation damages
Weather
Insurance/

Supply Intermittent/Irregular fuel supply

Derivatives

Risk

Credit Risk

Related to default by off taker i.e. inability of the Guarantees

off-taker/ utility running to meet their payment
Credit derivatives
obligations.

Generic All Phases

Fluctuationsin interest rate, currency
Financial Risk
rate, etc
Political Risk

Force

exchange Standard

Currency inconvertibility
Expropriation
Political violence
Breach of contract

Majeure Natural Catastrophe

Man-made interruptions war, strike, etc

Risk
Risks associated with small scale projects

derivative

products
Political
Risk
Insurance
MFI Guarantees
Export
Credit
guarantees
Insurance
Catastrophe bonds

Project Developer
Development
(Credit) Risk

Lack of start- up capital

Project sponsors with limited track records, poor

Guarantee Funds

credit history
End User

Risks of
physical
damage
including theft

Theft/damage to the facility

Micro-insurance

Credit Risk

Poor financial credibility of end users

Guarantees
Credit lines

Risks associated with Carbon Financed projects

Demand Risk uncertainty on evolution of CER
markets post 2012
Market Risk
Price risk linked to demand risk
CER
Risk

Standard derivative
products to
hedge
against price
Insurance carbon
delivery Project fails to generate projected CERs. This is
delivery
guarantee,
linked to the intermittent nature of resource supply
permit
delivery
guarantee

1.2 AVAILABILITY SURVEY

Secure contracts (such as PPA, EPC contract, O&M agreement and Fuel supply agreement),
equipment warranties, insurance products and various national government guarantees are the
most utilized risk management instruments to facilitate the construction and operation of
renewable energy projects in the focus countries. Naturally, the underlying business case for
generating renewable energy (tariff structures, and privatization etc) will determine RE
investments in the first case.
Non-insurance financial instruments (with the exception of weather and credit derivatives) are
generally used only to hedge the financial market risk (currency and interest rate) component of
large-scale RE project finance deals once terms are in place. However, most of the difficulties in
RE finance arrive at the front end of a deal when there is the greatest amount of uncertainty.
The risk management products available from the multilaterals (such as Partial Credit
Guarantees) are better understood by market participants. However, there appears to be little
enthusiasm amongst project financiers interviewed for working alongside multilaterals unless
there is a guiding strategic motive or large profit incentive.
Local developing country insurers have generally limited expertise to write renewable energy
business. However, where foreign insurers have access to developing country markets most
traditional products relevant to RE projects Property, Construction/Erection all risks; Business
interruption, Machinery Breakdown etc- are available for mature RET projects. However, foreign
insurers access to local insurance market is restricted by local insurance regulations.
With over USD2 billion of combined capacity of about 20 insurance companies participating in
this survey, in theory sufficient capacity is available to meet the insurance requirements of the
renewable energy industry. However in reality there are still a number of technical underwriting

concerns and barriers associated with for example technology performance risks and the harsh
offshore locations, which can restrict / limit participation.
The ability to deploy insurance capacity in developing countries is also hampered by local
insurance regulations which restrict foreign market access. Insurance availability in developing
countries is restricted by a lack of adequate financial, legal and service infrastructure as well as
lack of credit worthy local insurers, restrictive local insurance regulations and limited
distribution channels.
As most renewable technologies (with the exception of onshore wind) are perceived to be
prototypical in nature the limited data on commercial operating history presents a huge challenge
to the insurance industry who are unable to accurately model future loss projections and price
risk in an economic and sustainable manner. Further practical evaluation of the scope for
improving actuarial data and technical risk information flow and studies into new risk based
pricing methodologies would serve as useful interventions in catalyzing new thinking for RE
projects in insurance market.

CHAPTER-2
OVERVIEW OF RISKS

2.1 INTRODUCTION

Risk: The meaning of Risk as per Websters comprehensive dictionary is a chance of

encountering harm or loss, hazard, danger or to expose to a chance of injury or loss. Thus,
something that has potential to cause harm or loss to one or more planned objectives is called
Risk. The word risk is derived from an Italian word Risicare which means To Dare. It is an
expression of danger of an adverse deviation in the actual result from any expected result. Banks
for International Settlement (BIS) has defined it as- Risk is the threat that an event or action will
adversely affect an organizations ability to achieve its objectives and successfully execute its
strategies.
Risk can also be termed as peril or hazard. Peril is a cause of loss or a situation of serious and
immediate danger. e.g. - fire, windstorm, theft, flood, collusion, etc. Hazard is a chance of suffering
from danger or peril which may increase profitability of loss.
There are four types of hazard:

Physical hazard This is a danger likely to happen due to the physical characteristics of an
object, which increases the chance of loss. For example defective wiring in a building which
enhances the chance of fire.
Moral hazard It is an increase in the probability of loss due to dishonesty or character
defects of an insured person. For example, Burning of unsold goods that are insured in order to
increase the amount of claim is a moral hazard.
Morale hazard It is an attitude of carelessness or indifference to losses, because the losses
were insured. For example, careless acts like leaving a door unlocked which makes it easy for a
burglar to enter, or leaving car keys in an unlocked car increase the chance of loss.
Legal hazard It is the severity of loss which is increased because of the regulatory
framework or the legal system. For example actions by government departments restricting the
ability of insurers to withdraw due to poor underwriting results or a new environment law that
alters the risk liability of an organization.
2.2 RISK AS REALITY
Risk is inherent in all activities. It is a normal condition of existence. Risk is the potential for a
negative future reality that may or may not happen. Risk is defined by two characteristics of a
possible negative future event: probability of occurrence (whether something will happen), and
consequences of occurrence (how catastrophic if it happens). If the probability of occurrence is
not known then one has uncertainty, and the risk is undefined.
Risk is not a problem. It is an understanding of the level of threat due to potential problems. A
problem is a consequence that has already occurred.

In fact, knowledge of a risk is an opportunity to avoid a problem. Risk occurs whether there is an
attempt to manage it or not. Risk exists whether you acknowledge it, whether you believe it,
whether if it is written down, or whether you understand it. Risk does not change because you

hope it will, you ignore it, or your bosss expectations do not reflect it. Nor will it change just
because it is contrary to policy, procedure, or regulation. Risk is neither good nor bad. It is just
how things are. Progress and opportunity are companions of risk. In order to make progress, risks
must be understood, managed, and reduced to acceptable levels.
2.3. DEGREE OF RISK

Degree of risk refers to the intensity of objective risk, which is the amount of uncertainty in a
given situation. It can be assessed by finding the difference between expected loss and actual
loss. The formula used is
Degree of risk = loss Expected loss actual and expected the between Difference
Degree of risk is measured by the probability of adverse deviation. If the probability of the
occurrence of an event is high, then greater is the likelihood of deviation from the outcome that
is hoped for and greater the risk, as long as the probability of loss is less than one. In the case of
exposures in large numbers, estimates are made based on the likelihood of the number of losses
that will occur. With regard to aggregate exposures the degree of risk is not the probability of a
single occurrence but it is the probability of an outcome which is different from that expected or
predicted. Therefore insurance companies make predictions about the losses that are expected to
occur and formulate a premium based on that.
2.4 CERTAINTY, RISK AND UNCERTAINTY
Certainty is when there is no doubt of the outcome of an event. But uncertainty is when there is
doubt in the achievement of the desired outcome and the potential deviation in the outcome is
called risk. The uncertainty in an event arises because of the knowledge which is not sufficient to
predict the outcome with certainty. Uncertainty implies that the person does not have thorough
knowledge and hence can only make a vague assessment about an objective risk situation.
Uncertainty is a perceptual phenomenon that exists in different degrees to different people. It can
be represented on a straight line called continuum. This continuum can be divided into different
levels of uncertainty.

Certainty

Uncertainty

Uncertainty is zero

Uncertainty is
very high at this
level

At level zero, the exposure to uncertainty is zero and at the right extremity the exposure to
uncertainty is 100%.
Level 0 (certainty) There is no uncertainty at this level. The outcome of an event is known in
certain. Events that come under the law of nature such as laws of physics and chemistry fall in
this category.
Level 1 (objective probability) Lowest level of uncertainty, events occurring in this level are
categorized by the likelihood of their occurrence. For example tossing of a coin, has an
established fact that there are two outcomes either heads or tails, each with a probability 0.5.
Level 2 (subjective probability) In this level, the degree of uncertainty increases. The outcomes
of the events in this level are known but assigning probabilistic values to these outcomes is
difficult. Probability is assigned with respect to a person, scenario or circumstances. Therefore it
is referred to as subjective probability.
Level 3 (complete uncertainty) The degree of uncertainty is the highest here. The outcomes of
the events in this level are difficult to predict and hence the probability of occurrence is not
known.
2.5 CLASSIFICATION OF RISK .
Risks are classified or grouped into a similar category in the insurance industry to quantify risk
and define the insurance premium to be charged. Classification of risks also helps in placing
individual risks with similar expectations of loss in a group or class of risks. By classifying we
can also estimate risks from probabilities associated with occurrence, timing and magnitude of
events.
2.5.1 Pure and speculative risk
Pure risks are defined as situation in which there are only two outcomes that is the possibility of
loss or no loss to an organization but no gain the event either happens or does not happen.
When this risk happens, the chance of making any profit is very badly low. Few examples of
pure risk are earthquake, theft, accident, fire etc. A car may or may not meet with an accident. If
an insurance policy is bought for the car, then if accident occurs the insurance company incurs
loss but on the contrary if accident does not occur there is no gain to the insured.
Speculative risks describe situations in which there is a possibility of gain as well as loss. The
element of gain is inherent or structured based on the situation. Few examples are gambling on
horses, investing in a stock market, merging with an organisation. Thus most of the speculative
risks are business related and some speculative risks are optional and can be avoided if desired.

The distinguishing characteristics of pure and speculative risks which is of importance to

insurers are the following:
The contract of insurance is usually applicable only to pure risks but not to speculative risks.
Insurance is meant to assure us against losses that arise as pure risk, but not to outcomes that lead
to both loss and gain. Moreover a particular type of risk may appear speculative for the insurance
company but a pure risk for the organisation.
The law of large numbers is easily applicable to pure risks than to speculative risks. The law
is important to insurers since it predicts future loss experience. An exception is the example of
gambling, where the casino operators apply the law of large numbers in a most efficient way.
Speculative risk may profit the society even if a loss occurs. It carries some inherent
advantages to the economy. For example speculative activity in the stock market may lead to
more efficient allocation of capital. The same does not apply to pure risk. A fire, flood,
earthquake cannot benefit the society.
Since pure risk is usually insurable, the discussion on risk is skewed towards pure risks only.
Pure risk is broadly classified into the following four categories:
Property risk.
Personal risk.
Liability risk.
Loss of income risk.
Property risk
This is a risk to a person in possession of the property which faces loss because of some
unforeseen events. Property includes both movable and immovable possessions. Movable assets
are personal assets like personal computer, any appliance. Immovable assets are land, building
which suffers loss due to natural calamities. Property risk is further divided into direct and
indirect loss.
Direct loss A direct loss is defined as a physical damage due to a given calamity or peril in a
direct way. For example, if an office building is damaged by fire, the damage incurred in the
direct way is the direct loss.
Indirect loss The additional expense incurred due to the destruction of the property is the
indirect loss. Thus in addition to the physical damage after a fire, the office would lose profits for
several months because of reconstruction. The loss of profits is a consequential loss as a
consequence of the damage incurred.
Personal risk
Personal risks are risks that directly affect the individuals income. This may either be loss of
earned income or extra expenditure or depletion of financial assets. There are four major types of
personal risks:
Risk of premature death.
Risk of insufficient income during old age.

 Risk of poor health.

Risk of unemployment.
Risk of premature death Premature death occurs when the bread earner of a family dies with
unfulfilled financial obligations. Therefore this can cause financial problems only if the deceased
has dependents to support. There are four costs which results from this. First, the present value of
the familys share of the deceased breadwinners future earnings is lost. Secondly, additional
expenses like funeral expenses, uninsured medical bills, inheritance taxes can result. Thirdly, due
to insufficient income, the family of the deceased has trouble in making ends meet. Finally,
intangible costs due to loss of role model, guidance, and counseling result.
Risk of insufficient income during old age The risk arises when retired people do not have
sufficient income after their retirement and it leads to social insecurity. Retired people need to
have financial assets from which they can draw income or have access to other sources like
private pension.
Risk of poor health The sudden disability of a person to earn income for living happens to be a
disadvantage or sudden risk to that person. The risk of poor health includes payment of medical
bills and the loss of earned income. The loss of earned income is a financial insecurity if the
disability is severe. Employee benefits may be lost or reduced, savings are depleted and extra
care must be taken for the disabled person.
Risk of unemployment This risk is due to socio-economic factors resulting in financial
insecurity. Unemployment results due to business cycle down swings, technology and structure
changes in the economy and imperfections in the labor market.
Liability risk
This risk arises to a person when there is a possibility of an unintentional damage caused by him
to another person because of negligence. Therefore this risk arises when ones activity causes
adversity to another person. For example, construction of factories or dams which results in
dislocating number of villagers. This risk arises due to government regulations and acts. It is
quite different from the other risks as there is no maximum upper limit to the amount of the loss.
A lien can be placed on ones income and financial assets to satisfy legal judgment and the cost
of legal defense could be huge.
Loss of income risk
This risk is due to an indirect loss from a certain given risk. For example if a firm is not able to
operate due to legal issues or destruction by peril, it takes time to resume its normal operations.
Therefore in this period, production stoppage will lead to loss of income.

2.5.2 Fundamental and particular risk

This classification is based on the people who are affected by the event. Those risks which affect
an entire economy or a large group within the economy are termed as fundamental risks. For
example, cyclic unemployment, epidemics, drought, political and economic changes, and
terrorist attacks of recent times affect a large group of people and hence these are fundamental
risks. On the other hand, losses that arise out of individual events and are felt by particular
individuals and not by a community or a group is termed as particular risks. Examples are
burning of a house or an automobile accident.
The distinction between a fundamental and a particular risk is that an individual or a concern can
have control over particular risk but fundamental risks can hardly be controlled. Social insurance
and government insurance compensates for the loss incurred by a fundamental risk but in case of
particular risk an individual or a particular enterprise bears the burden of loss.
2.5.3 Static and dynamic risk
Based on the nature of the environment, risks are classified as static and dynamic. Static risks are
those which happen within a stable environment and are constant over an observed period of
time. They have a regular pattern of occurrence and can be reasonably predicted. Dynamic risks
arise from changes in the environment like economic, social, technological and political changes.
They are generally less predictable because they do not occur in any degree of regularity.
Static risks are immune to the changes in the environment. Dynamic risk resembles speculative
risk and static risk resembles pure risk.
2.5.4 Enterprise risk
This is a risk which includes all major risks faced by a business firm. It encompasses risks such
as pure risk, speculative risk, strategic risk, operational risk and financial risk. We already
studied about pure and speculative risks. Strategic risk is when an organization is uncertain about
its goals and objectives. Operational risks may result due to a firms business operations.
Financial risk is when there is uncertainty of loss because of changes in interest rates, foreign
exchange rates and value of money.
Enterprise risk plays a vital role in commercial risk management, which is a process in an
organization to treat all minor and major risks. Major risks can be addressed by bringing them all
together and treating them as one single program. By doing so, the firm can offset one risk
against another and also if some risks are negatively correlated overall risk can significantly be
reduced.

CHAPTER-3
INTRODUCTION OF RISK
MANAGEMENT

3.1 RISK MANAGEMENT

RISK MANAGEMENT DEFINITION : IDENTIFICATION, ANALYSIS & ECONOMIC CONTROL

OF THOSE RISKS WHICH CAN THREATEN THE ASSETS OR THE EARNING CAPACITY OF AN
ENTERPRISE

Risk management underscores the fact that the

survival of an organization depends heavily on
its capabilities to anticipate and prepare for the
change rather than just waiting for the change
and react to it. The objective of risk management
is not to prohibit or prevent risk taking activity,
but to ensure that the risks are consciously taken with full knowledge, purpose and clear
understanding so that it can be measured and mitigated. It also prevents an institution from
suffering unacceptable loss causing an institution to suffer or materially damage its competitive
position. Functions of risk management should actually be bank specific dictated by the size and
quality of balance sheet, complexity of functions, technical/ professional manpower and the
status of MIS in place in that bank.
Risk management: It is the identification, assessment, and prioritization of risks (defined in ISO
31000 as the effect of uncertainty on objectives, whether positive or negative) followed by
coordinated and economical application of resources to minimize, monitor, and control the
probability and/or impact of unfortunate events or to maximize the realization of opportunities.
Risks can come from uncertainty in financial markets, project failures (at any phase in design,
development, production, or sustainment life-cycles), legal liabilities, credit risk,
accidents, natural causes and disasters as well as deliberate attack from an adversary, or events of
uncertain or unpredictable root-cause. Several risk management standards have been developed
including the Project Management Institute, the National Institute of Standards and Technology,
actuarial societies, and ISO standards. Methods, definitions and goals vary widely according to
whether the risk management method is in the context of project management,
security, engineering, industrial processes, financial portfolios, actuarial assessments, or public
health and safety.
Risk management process ensures that risk management is regularly monitored and that there are
mechanisms that alert the management of the entity about arising risks or changes in already
managed risks and that the appropriate control devices in order to minimize them are identified.
The role of the internal audit is to conduct assessments on all components and financial and
accounting activities or activities with financial implications and to track how public funds are
used, namely if they are used efficiently and effectively and weather the financial information
given to the management is appropriate and can contribute to achieving the planned results.

The strategies to manage risk typically include transferring the risk to another party, avoiding the
risk, reducing the negative effect or probability of the risk, or even accepting some or all of the
potential or actual consequences of a particular risk.
In ideal risk management, a prioritization process is followed whereby the risks with the greatest
loss (or impact) and the greatest probability of occurring are handled first, and risks with lower
probability of occurrence and lower loss are handled in descending order. In practice the process
of assessing overall risk can be difficult, and balancing resources used to mitigate between risks
with a high probability of occurrence but lower loss versus a risk with high loss but lower
probability of occurrence can often be mishandled.

3.2 PRINCIPLES OF RISK MANAGEMENT

The International Organization for Standardization (ISO) identifies the following principles of
risk management:
Risk management should:
create value resources expended to mitigate risk should be less than the consequence of
inaction, or (as in value engineering), the gain should exceed the pain
be an integral part of organizational processes
be part of decision making process
explicitly address uncertainty and assumptions
be systematic and structured
be based on the best available information
be tailor able

 take human factors into account

be transparent and inclusive
be dynamic, iterative and responsive to change
be capable of continual improvement and enhancement

be continually or periodically re-assessed

3.3 FACTORS OF RISKS

The risks are measured by the factors hampering business growth. If the profitability potential
outweighs risk, then the organisation proceeds with the business operations else it is halted.
The risks arise due to innumerable factors. They are broadly classified into two types. They are:
Internal risks It refers to the risks arising from the events within the business
organisations. These risks can be forecasted and their probability of occurrence can be
determined. Hence it can be controlled to an appreciable extent. The various factors determining
internal risks are:
o Human factors The employees form an important cause for internal risks. Sometime they
result in strikes and lock outs by unions, negligence and dishonesty towards work, accidents or
deaths, incompetence of the manager. The suppliers most of the time fails to supply materials on
time and default payments by debtors may adversely affect the business organisation.
o Technological factors It refers to the unpredicted changes in production or distribution
techniques. The technological advancements results in higher quality products which insists the
organisations to adopt new technology. Hence the organisations practicing traditional techniques
might face risk of losing the market for its inferior quality products.
o Physical factors It refers to the failure of business machinery and equipment, fire or theft in
the industry, damages in goods transit. This factor results in loss or damage to the organisations
property.
External risks It refers to the risks arising due to the events occurring outside the
organisation. These events are generally uncontrolled and hence the resulting risks and their
probability of occurrences cannot be forecasted and determined accurately. The various factors
determining external risks are:
o Economic factors It forms the major cause for external risks. The changes in the prevailing
market conditions results economic factors. It includes changes in demand for product, price
fluctuations, changes in consumers preferences and output of trade cycles. The various
conditions like increased product competition, inflationary tendency in economy, unemployment,
and fluctuations in world economy may adversely affect the business organisation. Such risks
caused due to economy changes are known as dynamic risks.

These risks are less predictable and may not result in losses because it contains an element of
gain to the organisation.
o Natural factors It refers to the natural calamities over which the organisation has little or no
control. It results from events like earthquake, flood, cyclone, famine. Such events may cause
loss of life or property to the organisation.
o Political factors It plays an important role in functioning of long and short term business. It
occurs due to the political changes in government, communal violence, civil wars. The changes
in government policies and regulations may affect the position and profits of an organisation.
The risks are inevitable and hence it cannot be eliminated completely but can be controlled
through proper preventive and corrective measures of risk management.
3.4 RISK CATEGORIES
3.4.1 Credit risk
Credit risk comprises counterparty risk, settlement risk and concentration risk. These risk types
are defined as follows:
Counterparty risk is the risk of credit loss to the group as a result of failure by a counterparty
to meet its financial and/or contractual obligations to the group. This risk type has three
components:
primary credit risk, which is the exposure at default (EAD) arising from lending and related
banking product activities including their underwriting;
pre-settlement credit risk, which is the EAD arising from unsettled forward and derivative
transactions. This risk arises from the default of the counterparty to the transaction and is
measured as the cost of replacing the transaction at current market rates; and
issuer risk, which is the EAD arising from traded credit and equity products including their
primary market underwriting.
Settlement risk is the risk of loss to the group from settling a transaction where value is
exchanged, but where it fails to receive all or part of the counter value.
Credit concentration risk is the risk of loss to the group as a result of excessive build-up of
exposure to, among others, a single counterparty or counterparty segment, an industry, a market,
a product, a financial instrument or type of security, a country or geography, or a maturity. This
concentration typically exists where a number of counterparties are engaged in similar activities
and have similar characteristics, which could result in their ability to meet contractual obligations
being similarly affected by changes in economic or other conditions.
3.4.1.1 Tools of Credit Risk Management.

The instruments and tools, through which credit risk management is carried out, are detailed
below:
a) Exposure Ceilings: Prudential Limit is linked to Capital Funds say 15% for individual
borrower entity, 40% for a group with additional 10% for infrastructure projects undertaken by
the group, Threshold limit is fixed at a level lower than Prudential Exposure; Substantial
Exposure, which is the sum total of the exposures beyond threshold limit should not exceed
600% to 800% of the Capital Funds of the bank (i.e. six to eight times).
b) Review/Renewal: Multi-tier Credit Approving Authority, constitution wise delegation of
powers, Higher delegated powers for better-rated customers; discriminatory time schedule for
review/renewal, Hurdle rates and Bench marks for fresh exposures and periodicity for renewal
based on risk rating, etc are formulated.
c) Risk Rating Model: Set up comprehensive risk scoring system on a six to nine point scale.
Clearly define rating thresholds and review the ratings periodically preferably at half yearly
intervals. Rating migration is to be mapped to estimate the expected loss.
d) Risk based scientific pricing: Link loan pricing to expected loss. High-risk category
borrowers are to be priced high. Build historical data on default losses. Allocate capital to absorb
the unexpected loss. Adopt the RAROC framework.
e) Portfolio Management : The need for credit portfolio management emanates from the
necessity to optimize the benefits associated with diversification and to reduce the potential
adverse impact of concentration of exposures to a particular borrower, sector or industry.
Stipulate quantitative ceiling on aggregate exposure on specific rating categories, distribution of
borrowers in various industry, business group and conduct rapid portfolio reviews. The existing
framework of tracking the non-performing loans around the balance sheet date does not signal
the quality of the entire loan book. There should be a proper & regular on-going system for
identification of credit weaknesses well in advance. Initiate steps to preserve the desired portfolio
quality and integrate portfolio reviews with credit decision-making process.
f) Loan Review Mechanism : This should be done independent of credit operations. It is also
referred as Credit Audit covering review of sanction process, compliance status, review of risk
rating, pick up of warning signals and recommendation of corrective action with the objective of
improving credit quality. It should target all loans above certain cut-off limit ensuring that at least
30% to 40% of the portfolio is subjected to LRM in a year so as to ensure that all major credit
risks embedded in the balance sheet have been tracked. This is done to bring about qualitative
improvement in credit administration. Identify loans with credit weakness. Determine adequacy
of loan loss provisions. Ensure adherence to lending policies and procedures. The focus of the
credit audit needs to be broadened from account level to overall portfolio level. Regular, proper
& prompt reporting to Top Management should be ensured.

Credit Audit is conducted on site, i.e. at the branch that has appraised the advance and where the
main operative limits are made available. However, it is not required to visit borrowers
factory/office premises.
3.4.2 Country risk
Cross-border transfer risk, herein referred to as country risk, is the uncertainty that a client or
counterparty, including the relevant sovereign, will be able to fulfil its obligations to the group
outside the host country due to political or economic conditions in the host country.
The management of country risk is delegated by the GCC to the group country risk management
committee (GCRC), a subcommittee of GROC. The GCRC recommends country risk appetite
for individual countries and ensures, through compliance with the country risk standard, that
country risk is effectively governed, identified, measured, managed, controlled and reported in
the group.
An internal rating model is used to determine the rating of each country in which the group has
an exposure. The model inputs are continually updated to reflect economic and political changes
in countries. The country risk model output provides an internal risk grade which is calibrated to
a 1 to 25 rating scale. Reviews of all countries to which the group is exposed are conducted
annually. In determining ratings, the groups network of operations, country visits and external
sources of information are used extensively.
3.4.3 Liquidity risk
Liquidity risk arises when the group, despite being solvent, cannot maintain or generate
sufficient cash resources to meet its payment obligations as they fall due, or can only do so at
materially disadvantageous terms.
This type of event may arise where counterparties who provide the bank with funding withdraw
or do not roll over that funding, or as a result of a generalised disruption in asset markets which
results in normally liquid assets becoming illiquid.
Group unencumbered surplus liquidity

3.4.3.1 Liquidity Gap Report

A liquidity gap is the difference between the due balances of assets and liabilities over time.
At any point of time, a positive gap between assets and liabilities is equivalent to shortage of
cash. The marginal gap refers to the difference between the changes of assets and liabilities over
time. A positive marginal gap means that the change in the values of assets exceeds that of
liabilities. The gap profile changes as and when new assets and liabilities are added. The gap
profile is represented either in the form of tables or charts. All the assets and liabilities are
accounted in liquidity gap report and it is dependent on the dates of maturity and the actual date.
3.4.3.2 Alternative scenarios
Alternative scenario method is used to calculate the adequate liquidity in banks. Depending on
the behaviour of cash flow the alternative scenario calculates a banks liquidity in different
conditions.
There are three scenarios for a bank that provides useful benchmarks. They are:
Going concern
Bank specific crisis

 General market crisis

A bank should try to account for any major liquidity changes (positive or negative) that could
occur in these scenarios.
Going concern/general market conditions
The going concern/general market conditions scenario is helpful for banks in establishing a
standard for the normal business behaviour. Banks use general market conditions to handle the
deposit and other debts. With the help of general market conditions the banks avoid the impact of
temporary constraints and manage their NFRs. Due to this concern, the banks never face a very
large need of cash to be paid on any given day.
Bank specific crisis
The bank specific crises are liquidity crises for individual banks. The crises remain restricted to
the banks and provide a sort of worst-case benchmark. The main idea in bank specific crisis is
that, the banks liabilities cannot be replaced or rolled over. The banks must pay the liabilities at
the time of maturity. If a bank can survive these types of worst-cases, then the bank can survive
any kind of small problems.
General market crisis
The general market crises are the ones under which liquidity affects every bank in more than one
market. Some banks might think that the nations Central bank would ensure that the key
markets would continue to function in some form. For bank management, the scenario represents
a second type of "worst-case". While surveying the liquidity profile of entire banking sector, the
Central bank might find this scenario to be of particular interest. The combined results will
suggest the size of the total liquidity buffer in the banking system. The result also suggests the
likely distribution of liquidity problems among large institutions.
A bank needs to assign the time for cash flow for each category of asset. The decision about the
exact time and size of cash flows is an essential part of the construction of the maturity ladder
under every situation.
3.4.3.3 Assumptions in preparation of gap report in terms of assets, liabilities and off
balance sheet items
Since the future liquidity position of a firm cannot always be predicted based on the factors,
assumptions play an important role in determining the continuing due to the rapidly changing
banking markets. But the number of assumptions to be made should be limited. The assumptions
can be made based on three aspects. They are assets, liabilities, and off-balance sheet assets.
Assets

Assets are nothing but any item of economic value owned by an individual or corporation.
Assumptions regarding a banks future stock of assets include their possible marketability and
use an asset as a guarantee of existing assets which could increase flow of cash and others.
To determine the marketability of an asset, the method segregates the assets into three categories
according to their degree of relative liquidity:
The highly liquid group of assets consists of components such as interbank loans, cash and
securities. Some of the assets might instantaneously be converted into cash at existing market
values under almost any situation whereas others, such as interbank loans might lose liquidity in
a common crisis.
A less liquid group of assets consists of bank's saleable loan portfolio. The assignment here is
to develop assumptions about a reasonable plan for the clearance of a bank's assets. Some assets,
while marketable, might be viewed as unsaleable within the time frame of the liquidity analysis.
The least liquid group of assets consist of basically unmarketable assets such as loans that are
not capable of being readily sold, bank premises and investments in subsidiaries.
Because of the difference in the banks internal asset-liability management, different banks can
allot the same assets to different groups on maturity ladder.
While categorising the assets, banks should take care of the effects on the assets liquidity under
the various conditions. Under normal conditions, there may be assets which are much liquid then
during a time of crisis. Therefore a bank may classify the assets according to the type of scenario
it is forecasting.
Liabilities
To check the cash flows occurring due to a bank's liabilities, a bank should first examine the
behaviour of its liabilities under normal business situations. This would include forming:
The level of roll-overs of deposits and other liabilities remain normal.
The actual maturity of deposits with non-contractual maturities, such as demand deposits and
others; the normal growth in new deposit accounts.
While examining the cash flow arising from a bank's liabilities during the two crisis scenario, a
bank would look at four basic questions. The first two questions represent the proceedings in the
flow of cash that tend to reduce the cash outflows planned directly from contractual maturities.
The four questions are as follows:
What are the different sources of funding that are likely to stay with a bank under any
situation, and can the count of these sources be increased?

Other than the liabilities identified from this step, a bank's capital and term liabilities that are not
maturing within the prospect of the liquidity analysis provide a liquidity buffer.
The total liabilities identified in the first category may be assumed to stay with the bank even
when its a worst scenario. Some core deposits generally remain with a bank because retail and
small scale industry depositors may rely on the public-sector security net to shield them from
occurring loss, or because the cost of changing banks, especially for some business services that
include transactions accounts, is unaffordable in the very short term.
What are the sources of funding that can be estimated to run off gradually if problems occur,
and at what rate? Is deposit pricing a way for controlling the rate of runoff?
The second category consists of liabilities that have chances of staying back with the bank during
the period of slight difficulties and can be used during crisis. Liabilities, includes core deposits
that are not already included in the first category. In some countries, other than core deposits,
some of the interbank deposits and government funding remains with the bank even though they
are considered volatile .for these kinds of cash flows a bank's very own past experience related to
liabilities and the experiences of other such firms with similar problems may come handy. And
help in creating a time table.
Which maturing liabilities can be estimated to run off instantly at the first warning of trouble?
The third category consists of the maturing liabilities that remained, including some without
contractual maturities, such as wholesale deposits. Under each case, this approach adopts a
conservative stand and assumes that these remaining liabilities will be paid back at as early as
possible before the maturity date, especially when there is high crisis, as such money may flow
to government securities and other safe refuges.
Factors such as diversification and relationship building are considered important during the
evaluation of the degree of the outflow of funds and a bank's capacity to replace funds.
Nevertheless, in a general market crisis, sometimes high scale firms may find that they receive
larger than the usually got wholesale deposit inflows, even though there are no cash inflows
existing for other firms in the market.
Does the bank have a reliable back-up facility?
For example, small banks in local areas may also have credit lines that they can bring down to
offset cash discharges. These facilities are rarely found in larger banks but however it depends on
the assumptions made on the banks liabilities. Such facilities usually need to undergo many
changes but only to a limit, especially in a bank specific crisis.

Off balance sheet item

A bank should also examine the availability of sufficient cash flows from its off balance sheet
activities (other than the loan commitments already considered), even if they are not a portion of
the banks recent liquidity analysis.
In addition, the Contingent liabilities, such as letters of credit and financial guarantees, represent
potentially significant cash outflow for a bank, but are usually not dependent on a bank's
condition. A bank may be able to create a "normal" level of out flow of cash on a regulatory
basis, and then estimate the possibility a raise in these flows during periods of stress. However, a
general market crisis may generate a considerable increase in the total invocation of letters of
credit because of an increase in defaults and liquidations in the market.
Other possible sources of cash outflows are swaps, written Over-The-Counter (OTC) options,
and forward foreign exchange rate contracts. For instance, consider that a bank has a large swap
book; it would then want to study the circumstances under which it could become a net payer,
and whether or not the total net pay-out is significant.
Consider another situation wherein a bank acts as a swap market-maker, with a possibility that in
a bank-specific or general market crisis, customers with in-the-money swaps (or a net in-themoney swap position) would try to reduce their credit exposure to the bank by requesting the
bank to buy the swaps back. Similarly, a bank would like to review its written OTC options book
and any warrants that are due, along with hedges if any against these positions, since certain
types of crises sometimes arouse an increase in early exercises or requests that the banks should
buy the offer back. These activities could result in an unexpected cash loss, if hedges can neither
be quickly liquidated to generate cash nor provide insufficient cash.

Other assumptions
Until now the discussion was centered on the assumption about the behaviour of the specific
instrument under different scenarios. At the time of looking the components exclusively, there
might be some of the factors that might have a major impact on the cash flows.
The need for liquidity arises from business activities. The banks too need excess funds to support
extra operations.
For example, the majority of the banks provide clearing services to financial institutions and
correspondent banks. These institutions generate a major sum of cash inflow and cash outflows
and unpredicted variations in these services can reduce a banks funds to a large extent.
The other expenses such as rent and salary however are not given much importance in the
analysis of the banks liquidity. But they can be sources of cash outflows in some cases.
3.4.4 Market risk

This is the risk of a change in the actual or effective market value or earnings of a portfolio of
financial instruments caused by adverse movements in market variables such as equity, bond and
commodity prices; currency exchange and interest rates; credit spreads; recovery rates and
correlations; as well as implied volatilities in all of the above.
3.4.5 Operational risk
Operational risk is the risk of loss resulting from inadequate or failed internal processes, people
and systems or from external events. This includes information and legal risk but excludes
reputational and strategic risk.
3.4.5.1 Responsibility and approach to operational risk management
Operational risk is recognized as a distinct risk category which the group manages within
acceptable levels through sound operational risk management practices. The groups approach to
managing operational risk is to adopt practices that are fit for purpose to suit the organizational
maturity and particular business environments.
Executive management defines the operational risk appetite at a business unit and group level.
This operational risk appetite supports effective decision making and is central to embedding risk
management in business decisions and reporting.
3.4.6 Business risk
Business risk relates to the potential revenue shortfall compared to the cost base due to strategic
and/or reputational reasons. From an economic capital perspective, business risk capital
requirements are calculated as the potential loss arising over a one-year timeframe, within a
certain level of confidence, as implied by the groups chosen target rating. The groups ability to
generate revenue is impacted by, among others, the external macroeconomic environment, its
chosen strategy and its reputation in the markets in which it operates.
Economic capital by risk type

Credit risk
Equity risk
Market risk
Operational risk
Business risk

June
2010
Rm
28 597
1 865
1 768
6 814
1 817

December
2009
Rm
31 336
1 293
1 747
6 965
1 504

Interest rate risk in the

banking book
Banking
activities

economic capital
Available
financial
resources
Capital coverage ratio

1 620

1 917

42 481

44 762

86 830

81 503

2,04

1,82

3.4.7 Reputational risk

Reputational risk results from damage to the groups image among stakeholders, which may
impair its ability to retain and generate business. Such damage may result from a breakdown of
trust, confidence or business relationships.
3.4.8 Insurance risk
This is the risk that future claims and related expenses will exceed the allowance for expected
claims and expenses, as determined through measuring policyholder liabilities and in reference
to product pricing principles. Insurance risk arises due to uncertainty regarding the timing and
amount of future cash flows from insurance contracts, whether due to variations in mortality,
morbidity or withdrawal rate, or due to deviations from investment performance assumptions in
the case of life products, and claims incidence and severity assumptions in the case of short-term
insurance products.

3.4.9 Legal risk

Legal risk arises where:
the groups businesses or functions may not be conducted in accordance with applicable laws
in the countries in which it operates;
incorrect application of regulatory requirements takes place;
the group may be liable for damages to third parties; and
contractual obligations may be enforced against the group in an adverse way, resulting from
legal proceedings being instituted against it.
Although the group has processes and controls in place to manage its legal risk, failure to
manage risks effectively could result in legal proceedings impacting the group adversely, both
financially and reputational.
3.4.10 Foreign- Exchange Risk

Foreign exchange risk occurs during the change of investments value occurring due to the
changes in currency exchange rates. It refers to the probability of loss occurring due to an
adverse movement in foreign exchange rates. For example Consider an investor residing in
United States purchases a bond denominated in Japanese Yen. By this the investor experiences
decline in rate of return at which the Yen exchanges for dollars.

The three types of foreign exchange risk or exposure are:

Transaction risk It is the possibility of affecting future transactions of the organisation due
to the changes in currency exchange rates.
Economic risk It measures the impact of changes in exchange rate risk on the organisations
cash flows and earnings.

 Translation risk It measures the impact of changes in exchange rate of organisations

financial statements. It is also known as accounting exposure.
Foreign exchange risk management policies
Well defined policies, set forth the objectives of the banks foreign exchange risk management
strategy and its parameters. The foreign exchange risk management policies include the
following:
A statement of forex risk principles and objectives - Before setting up the foreign exchange
risk limits and management controls it is necessary for banks to decide the goals of foreign
exchange risk management plan and in particular, readiness of the bank to assume risk.
Therefore, the objective of foreign exchange risk management is to manage the influence of
exchange rate changes within self-imposed limits after considering a wide range of possible
foreign exchange rate scenarios.
Limits of forex risks - Risk limits are established according to the relationship between the
foreign exchange position and the capital, or according to the foreign exchange volume which
includes total cash and the number of transactions. The foreign exchange risk limits cover the
following:
- The currencies in which the institution is permitted to experience risk exposure.
- The level of foreign currency exposure that the bank is willing to assume.
Delegation of authority - Clearly defined levels of delegated authority helps in ensuring that a
banks foreign exchange positions does not surpass the limits established under the foreign
exchange risk management policies. The delegation of authority needs to be clearly recognized,
and must include the following:
- The absolute and/or incremental authority to be delegated.
- The units, entities, positions or committees to whom authority is being delegated.
- The ability of receivers to further delegate authority.
- The restrictions placed on the use of delegated authority
The various methods to reduce foreign exchange risks are:
Hedging with futures and forwards contract The best way to manage foreign exchange risk
is by balancing foreign currency holdings or expected revenue with futures or forwards.

 Trade options The foreign currencies contain options which allow the buyers to buy or sell
financial assets at a specified price and time. The process to hedge foreign currency with options
is similar to hedging futures and forwards, which minimizes the risk of loss in currency trade.
Purchasing swaps It refers to the exchange of future income streams in different currencies.
The organizations use swaps sparingly for portions of their foreign holdings.
Open a foreign bank account The method of depositing foreign currency in foreign banks
creates gain in interest rate. When the exchange rate increases, the value of foreign currency also
increases.
3.4.11 Environmental risk
The organisations must be able to monitor certain risks with respect to their daily operations. The
organisations must identify the specific risk that is concerned with local and global
environments. The various factors causing environmental risks include accidents, assaults, and
natural events like earthquake, volcano, tornado, floods, and famine. Hence the organizations
must induce environmental risk management which helps in implementing a system of metrics to
prevent the environmental problems.
The organizations must emphasize the process of environmental risk management which
includes certain protocols to manage the uncertainties within the organizational operations. The
procedures must be applied in daily activities and overall infrastructure assessments to eliminate
the damages caused in the organisation. The first step is to ensure whether the environmental risk
management is effective within the organisation to identify the most critical assets. It is also
important for the organizations to determine whether the assets are hampering the long term
stability of the environment and their impact on the business. For example if a company uses
large amount of paper then the threat of decline in tree growth arises. Hence the organisation
must devise recycle paper program method to solve the problem.
The organisation must assess the environment of the specific region in which it desires to make
investments. The environmental forecasts are necessary as far as there are no physical hindrances
to the organisation. Environmental issues can have significant impact on a companys stock
price.
Raising awareness and training will be an ongoing element of managing environmental risk and
identifying opportunities and business solutions to global environmental and social concerns.
3.4.12 Interest rate risk
Interest rate risk occurs due to the change in absolute level of interest rates causing variations in
the value of investments. Such changes usually affect the securities like shares, bonds, mutual
funds or money market instruments and can be reduced by diversifying or hedging techniques.
The evaluation of interest rate risk should consider illiquid hedging products or strategies, and

potential impact on fee income which are sensitive to changes in interest rates. They are
classified into the following:
Term structure risk (yield curve risk) It arises from the variations in the movement of
interest rates across maturity spectrum. It consists of changes in relationship between interest
rates of various maturities of similar market. The changes in relationships occur when the shape
of yield curve for a market flattens, steepens, or becomes inverted during interest rate cycle. The
yield curve variations can emphasize a banks risk position by increasing the effect of maturity
mismatches.
Basis risk It occurs due to the changes in relationship between interest rates for different
market sectors.
Options risk It arises when bank or bank customer gains privileges to alter the level and
timing of cash flows of asset, liability or off balance sheet instruments. The option holder has the
rights to buy or sell the financial instruments over a specified period of time. But the option
holder faces limited downside risks (amount paid for option) and unlimited upside reward. The
option seller faces unlimited downside risk (option exercised during the time of disadvantage)
and limited upside reward (retaining premium).
3.4.12.1 Factors Affecting Interest Rate
Interest rate is the amount claimed by a lender from a borrower for the use of the borrowed
money. Interest is an opportunity cost in terms of a lenders perspective and is the cost of capital
according to a borrowers perception.
Interest rate is a vital component in market assessments and so it is an important economic
indicator. Interest rate is important to companies as well as governments because it is an
important constituent of the capital cost.
The following are the factor that influences the level of market interest rate:
Intensity of inflation Inflation is defined as an increase in the typical price level of goods
and services in an economy over a period of time. Inflation reduces the procuring power of a
currency. So people with excess funds claim higher interest rates, as they want to protect their
investment returns against the unfavorable conditions of higher inflation.
Fluctuation of monetary policy The central bank of a country controls the money supply in
the economy through its monetary policy. In India, the monetary policy of RBI focuses at the
price stability and economic growth. If RBI loosens its monetary policy then the interest rate gets
reduced which leads to higher inflation. Whereas, if RBI strengthens its monetary policy then
interest rate increases, this thereby limits the inflation. Repo rate is used by RBI to inject or
remove liquidity from the monetary system.

 General economic conditions If the economic growth of an economy improves then the
demand for money goes up. It ultimately compels the interest rates to move forward.
Global liquidity If global liquidity is high then the domestic liquidity of a country will also
be high which ultimately reduces the pressure on interest rates.
Foreign exchange market activity Foreign investor demand for debt securities influences the
interest rate. Higher inflows of foreign capital lead to increase in domestic money supply which
in turn leads to higher liquidity and lower interest rates.
Credit and payment history Making timely mortgage or rent payment is very important.
Late payments on credit cards, car payments and other bills affect the interest rate.
Debt to income ratio The higher the debt to income ratio, the higher will be the interest
rate.
Property type The interest rate depends upon the type of property owned by an individual.
The less risky is the property, the better the interest rate proposed.
Loan amount The amount of money the borrower borrows makes a difference in the interest
rate.
Reduced paperwork activities Many lenders offer reduced paperwork alternatives. These
alternatives increase the suitability of getting a loan for the consumer. It also increases the risks
for the lender.
Property state Varying property states have different regulations and requirements that
results in fluctuating business costs. These costs are often passed to the consumer in the form of
an interest rate for the lenders.
Budgetary deficit Budgetary deficit and increased borrowing programme of the Government
will lead to increase in interest rates as the demand for funds increases. With increase in interest
rates, costs go up and this will result in inflation
3.4.12.2 Methods To Reduce Interest Rate Risks :
Diversifying maturities The rate of return is usually not fixed across all maturity dates.
Usually long term securities pay higher return than short term dated securities. Hence these
factors can be hedged by spreading fixed income investments across entire yield curve from
short term dated maturities to long term bonds. Doing this effectively will provide expectations
about future interest rate movements.

 Buy fixed or floating swaps The swaps is an agreement to exchange capital streams from
assets to qualities within a period of time. The fixed or floating swaps allow the fixed rate debtor
to exchange capital stream debt of identical maturity by paying floating interest rate. Hence, if
the interest rate rises, then the debtors receive difference in interest revenues through swaps.
Use real interest rate strategy It is important to analyse the presence of risk. One way to
determine is by using real interest rate, the nominal interest rate (interest earned on a high yield
savings account) minus rate of inflation.
Real interest rate = Nominal interest rate Rate of inflation
The yield curve shows high interest rate risk when it is steep or flat. Hence using such
indicator can provide investor with information to diversify across various maturities

Figure : Yield Curve Indicating High Interest Rate Risk

The rising line indicates the steeper curve and the falling line indicates flatter curve
3.5 ELEMENTS OF RISK MANAGEMENT
Risk management is an organized method for identifying and measuring risk and for selecting,
developing, and implementing options for the handling of risk. It is a process, not a series of

events. Risk management depends on risk management planning, early identification and
analysis of risks, continuous risk tracking and reassessment, early implementation of corrective
actions, communication, documentation, and coordination.
As depicted in Figure all of the parts are interlocked to demonstrate that after initial planning the
parts begin to be dependent on each other.

Risk planning
Risk Planning is the continuing process of developing an organized, comprehensive approach to
risk management. The initial planning includes establishing a strategy; establishing goals and
objectives; planning assessment, handling, and monitoring activities; identifying resources, tasks,
and responsibilities; organizing and training risk management IPT members; establishing a
method to track risk items; and establishing a method to document and disseminate information
on a continuous basis.
Risk Assessment
Risk assessment consists of identifying and analyzing the risks associated with the life cycle of
the system.
Risk identification activities establish what risks are of concern. These activities include:
Identifying risk/uncertainty sources and drivers,
Transforming uncertainty into risk,
Quantifying risk,
Establishing probability, and
Establishing the priority of risk items.
After identifying the risk items, the risk level should be established. One common method is
through the use of a matrix such as shown in Figure 15-5. Each item is associated with a block in

the matrix to establish relative risk among them.

On such a graph risk increases on the diagonal and provides a method for assessing relative risk.
Once the relative risk is known, a priority list can be established and risk analysis can begin.

Fig: Risk Matrix

Risk identification efforts can also include activities that help define the probability or
consequences of a risk item, such as:
Testing and analyzing uncertainty away,
Testing to understand probability and consequences, and
Activities that quantify risk where the qualitative nature of high, moderate, low estimates are
insufficient for adequate understanding

Analysis Activities
Risk analysis activities continue the assessment process by refining the description of identified
risk event through isolation of the cause of risk, determination of the full impact of risk, and the
determination and choose of alternative courses of action. They are used to determine what risk
should be tracked, what data is used to track risk, and what methods are used to handle the risk.
Risk analysis explores the options, opportunities, and alternatives associated with the risk. It
addresses the questions of how many legitimate ways the risk could be dealt with and the best
way to do so. It examines sensitivity, and risk interrelationships by analyzing impacts and
sensitivity of related risks and performance variation. It further analyzes the impact of potential
and accomplished, external and internal changes.

Risk analysis activities that help define the scope and sensitivity of the risk item include finding
answers to the following questions:
If something changes, will risk change faster, slower, or at the same pace?
If a given risk item occurs, what collateral effects happen?
How does it affect other risks?
How does it affect the overall situation?
Development of a watch list (prioritized list of risk items that demand constant attention by
management) and a set of metrics to determine if risks are steady, increasing, or decreasing.
Development of a feedback system to track metrics and other risk management data.
Development of quantified risk assessment.
Risk Handling
Once the risks have been categorized and analyzed, the process of handling those risks is
initiated. The prime purpose of risk handling activities is to mitigate risk. Methods for doing this
are numerous, but all fall into four basic categories:
Risk Avoidance,
Risk Control,
Risk Assumption, and
Risk Transfer.
Monitoring and Reporting
Risk monitoring is the continuous process of tracking and evaluating the risk management
process by metric reporting, enterprise feedback on watch list items, and regular enterprise input
on potential developing risks. (The metrics, watch lists, and feedback system are developed and
maintained as an assessment activity.) The output of this process is then distributed throughout
the enterprise, so that all those involved with the program are aware of the risks that affect their
efforts and the system development as a whole.

CHAPTER-4
PROCESS OF RISK
MANAGEMENT

4.1 PROCESS OF RISK MANAGEMENT

Risk management is a process designed and established by management and implemented by the
entire staff within the finance and accounting department. This process consists of: defining the
risk strategy; identifying and evaluating risks; cost control; monitoring; reviewing and reporting
situation of the risks.
The process should not be linear, risk management may have impact on other risks as well and
measures identified as being effective in limiting a risk and keeping it within acceptable limits
may prove beneficial in controlling other risks.

According to the standard ISO 31000 , the process of risk management consists of several
steps as follows:

4.1.1. Risk identification :

How can the assets be or earning capacity of an organization can be threatened?
Risks are about events that, when triggered, cause problems or benefits. Hence, risk
identification can start with the source of our problems and those of our competitors
(benefit), or with the problem itself.

 Source analysis - Risk sources may be internal or external to the system that is the target
of risk management (use mitigation instead of management since by its own definition
risk deals with factors of decision-making that cannot be managed).
Examples of risk sources are: stakeholders of a project, employees of a company or the
weather over an airport.
Problem analysis - Risks are related to identified threats. For example: the threat of losing
money, the threat of abuse of confidential information or the threat of human errors,
accidents and casualties. The threats may exist with various entities, most important with
shareholders, customers and legislative bodies such as the government.
When either source or problem is known, the events that a source may trigger or the events
that can lead to a problem can be investigated. For example: stakeholders withdrawing
during a project may endanger funding of the project; confidential information may be stolen
by employees even within a closed network; lightning striking an aircraft during takeoff may
make all people on board immediate casualties.
The chosen method of identifying risks may depend on culture, industry practice and
compliance. The identification methods are formed by templates or the development of
templates for identifying source, problem or event. Common risk identification methods are:
Objectives-based risk identification- Organizations and project teams have objectives.
Any event that may endanger achieving an objective partly or completely is identified as
risk.
Scenario-based risk identification - In scenario analysis different scenarios are created.
The scenarios may be the alternative ways to achieve an objective, or an analysis of the
interaction of forces in, for example, a market or battle. Any event that triggers an
undesired scenario alternative is identified as risk see Futures Studies for methodology
used by Futurists.
Taxonomy-based risk identification - The taxonomy in taxonomy-based risk
identification is a breakdown of possible risk sources. Based on the taxonomy and
knowledge of best practices, a questionnaire is compiled. The answers to the questions
reveal risks.
Common-risk checking- In several industries, lists with known risks are available. Each
risk in the list can be checked for application to a particular situation.
Risk charting - This method combines the above approaches by listing resources at risk,
threats to those resources, modifying factors which may increase or decrease the risk and
consequences it is wished to avoid. Creating a matrix under these headings enables a
variety of approaches. One can begin with resources and consider the threats they are
exposed to and the consequences of each. Alternatively one can start with the threats and
examine which resources they would affect, or one can begin with the consequences and

determine which combination of threats and resources would be involved to bring them
about.

4.1.2.Risk assessment:
Once risks have been identified, they must then be assessed as to their potential severity of
impact (generally a negative impact, such as damage or loss) and to the probability of
occurrence. These quantities can be either simple to measure, in the case of the value of a lost
building, or impossible to know for sure in the case of the probability of an unlikely event
occurring. Therefore, in the assessment process it is critical to make the best educated decisions
in order to properly prioritize the implementation of the risk management plan.
Even a short-term positive improvement can have long-term negative impacts. Take the
"turnpike" example. A highway is widened to allow more traffic. More traffic capacity leads to
greater development in the areas surrounding the improved traffic capacity. Over time, traffic
thereby increases to fill available capacity. Turnpikes thereby need to be expanded in a
seemingly endless cycles. There are many other engineering examples where expanded capacity
(to do any function) is soon filled by increased demand. Since expansion comes at a cost, the
resulting growth could become unsustainable without forecasting and management.
The fundamental difficulty in risk assessment is determining the rate of occurrence since
statistical information is not available on all kinds of past incidents. Furthermore, evaluating the
severity of the consequences (impact) is often quite difficult for intangible assets. Asset valuation
is another question that needs to be addressed. Thus, best educated opinions and available
statistics are the primary sources of information. Nevertheless, risk assessment should produce
such information for the management of the organization that the primary risks are easy to
understand and that the risk management decisions may be prioritized. Thus, there have been
several theories and attempts to quantify risks. Numerous different risk formulae exist, but
perhaps the most widely accepted formula for risk quantification is:

Rate (or probability) of occurrence multiplied by the impact of the event equals risk
magnitude
The above formula can also be re-written in terms of a Composite Risk Index, as follows:

Composite Risk Index = Impact of Risk event x Probability of Occurrence

The impact of the risk event is commonly assessed on a scale of 1 to 5, where 1 and 5 represent
the minimum and maximum possible impact of an occurrence of a risk (usually in terms of
financial losses). However, the 1 to 5 scale can be arbitrary and need not be on a linear scale.
The probability of occurrence is likewise commonly assessed on a scale from 1 to 5, where 1
represents a very low probability of the risk event actually occurring while 5 represents a very
high probability of occurrence. This axis may be expressed in either mathematical terms (event
occurs once a year, once in ten years, once in 100 years etc.) or may be expressed in "plain
english" (event has occurred here very often; event has been known to occur here; event has been
known to occur in the industry etc.). Again, the 1 to 5 scale can be arbitrary or non-linear
depending on decisions by subject-matter experts.
The Composite Index thus can take values ranging (typically) from 1 through 25, and this range
is usually arbitrarily divided into three sub-ranges. The overall risk assessment is then Low,
Medium or High, depending on the sub-range containing the calculated value of the Composite
Index. For instance, the three sub-ranges could be defined as 1 to 8, 9 to 16 and 17 to 25.
Note that the probability of risk occurrence is difficult to estimate, since the past data on
frequencies are not readily available, as mentioned above. After all, probability does not imply
certainty.
Likewise, the impact of the risk is not easy to estimate since it is often difficult to estimate the
potential loss in the event of risk occurrence.
Further, both the above factors can change in magnitude depending on the adequacy of risk
avoidance and prevention measures taken and due to changes in the external business
environment. Hence it is absolutely necessary to periodically re-assess risks and intensify/relax
mitigation measures, or as necessary. Changes in procedures, technology, schedules, budgets,
market conditions, political environment, or other factors typically require re-assessment of risks.
4.1.3. Create a risk management plan
Select appropriate controls or countermeasures to measure
each risk. Risk mitigation needs to be approved by the
appropriate level of management. For instance, a risk
concerning the image of the organization should have
top management decision behind it whereas IT management
would have the authority to decide on computer virus risks.
The risk management plan should propose applicable and effective security controls for
managing the risks. For example, an observed high risk of computer viruses could be mitigated
by acquiring and implementing antivirus software. A good risk management plan should contain
a schedule for control implementation and responsible persons for those actions.

According to ISO/IEC 27001, the stage immediately after completion of the risk
assessment phase consists of preparing a Risk Treatment Plan, which should document the
decisions about how each of the identified risks should be handled. Mitigation of risks often
means selection of security controls, which should be documented in a Statement of
Applicability, which identifies which particular control objectives and controls from the
standard have been selected, and why.
4.1.4. Implementation
Implementation follows all of the planned methods for mitigating the effect of the risks.
Purchase insurance policies for the risks that have been decided to be transferred to an insurer,
avoid all risks that can be avoided without sacrificing the entity's goals, reduce others, and
retain the rest.
4.1.5. Review and evaluation of the plan
Initial risk management plans will never be perfect. Practice, experience, and actual loss results
will necessitate changes in the plan and contribute information to allow possible different
decisions to be made in dealing with the risks being faced.
Risk analysis results and management plans should be updated periodically. There are two
primary reasons for this:
1. to evaluate whether the previously selected security controls are still applicable and
effective
2. to evaluate the possible risk level changes in the business environment. For example,
information risks are a good example of rapidly changing business environment.

4.2 ACTIVITIES TO RISK ASSESSMENT:

4.2.1 Activity One: Look for the hazards:
It is necessary for you to stand back from the activity, and look afresh at what could cause harm.
It is important to concentrate on the significant hazards. These are hazards which harm or affect
several people. It might be a good idea to ask others what they think; they may have noted things
that were not immediately obvious to you.

4.2.2 Activity Two: Decide who might be harmed and how?

These could be young people taking part (or waiting to do so), the instructors, others supervising
the activity, those in the area of the activity or casual observers. In identifying the hazards (Step
One) you have already identified the potential of how these people might be harmed.
4.2.3 Activity Three: Evaluate the risk and decide whether existing precautions are
adequate or whether more should be done:
You have already identified the hazards. Now consider the likelihood of each of these hazards
causing harm. This will determine whether or not you need to do more to reduce the risk. It is
possible that even after all reasonable precautions have been taken some degree of risk will
remain. What you have to decide, for each significant hazard, is whether the remaining risk is
high, medium, or low.
For some activities you have to ask yourself if everything has been done to comply with the law and, in our context, the requirements also of Policy, Organization and Rules. Everything
reasonably practicable must be done to reduce and control the risk. Your aim is to minimize risks
by adding such precautions as may be necessary. Likewise, the competence of instructors/leaders
and adherence to good practice play a vital role in the provision of safe activities. There are
many ways in which risks can be minimized. This might be a change in venue, additional
training, an increased staff/participant ratio and properly equipped participants. Likewise, plans
may have to be modified during the activity, based on an on-going risk assessment. Later in this
fact sheet, we will relate this to typical Scout activities.
4.2.4 Activity Four: Record your findings:
You must inform those who will be taking part in the activity of your findings and what action
should be taken. The recording of your findings might vary depending upon circumstances. A
risk assessment for the use of a permanent climbing tower on a campsite should be a document
that each instructor has to read (and sign) prior to the start of each session. It should cover the
points you have identified in Steps one-three above. The risk assessment must be suitable and
effective and must show that

A proper check was made.

You decided who might be affected.

You dealt with all the significant hazards, taking into account potential users.

The precautions are reasonable, and the remaining risk is judged acceptable.

The recording of the assessment should be in a format which is easily read - dont write a book!
Risk assessments are not operating procedures -they inform and determine key aspects of the
operating procedures. At the campsite your risk assessment may have determined that no more
than 30 people may be admitted to the swimming pool at any one time due to the size of the pool
and the need to avoid overcrowding.
This assessment will then be reflected in the pools operating procedure and a requirement placed
on the lifeguard and those controlling bookings for the pool to count. A risk assessment for a day
in the hills or on water that you have not visited before cannot be formalized in exactly the same
way. In these cases, refer to the examples later in the fact sheet
.
4.2.5 Activity Five: Review your assessment and revise it if necessary:
In all cases, it is good practice to review your risk assessments from time to time, to ensure that
the precautions are still working effectively. If there are any significant changes, review and
revise the assessments to take account of the new hazard. For those risk assessments for a
Composite, and activities on site, it is important to ensure that when carrying out a risk
assessment the date is also set for the next review. Make sure that all relevant documentation is
changed.

Sample risk assessment sheet:

CHAPTER-5
NEED AND ITS IMPORTANCE
IN FINANCE

5.1 THE IMPORTANCE OF FINANCIAL AND ACCOUNTING ACTIVITIES WITHIN

THE ORGANIZATION

The financial and accounting function represents a specialized activity within the organization
through which the measurement, evaluation, knowledge, management and control of assets,
liabilities and equity can be performed, as well as the outcomes obtained from the economic
activity of an organization. Financial and accounting activities ensure chronological and
systematic recording, processing, publication and preservation of information regarding financial
position, financial performance and cash flow for both the domestic needs of the
organization as well as for external users.
Information provided by the financial and accounting system refers to the performance of
income and expenditure budgets, budget execution outcomes, assets under management, asset
outcomes and cost of approved programs.
Also, financial and accounting operations present the situation concerning propriety and assets,
namely inventory, calculation, analysis and control of assets denominated in currency, it provides
control of operations, processing procedures as well as the accuracy of accounting data provided
to users.
The content and range of the financial and accounting activities include:
- the existence of material and financial means;
- movement and transformation of material and financial means within the economic operations
and processes
- determination of the final outcome of movements and transformations in a value expression.
Carrying out any economic activity by an organization or entity imposes the preparation and
existence of financial and book-keeping records which represent the consignment made in a
specific order, based on set principles, of any conducted economic activity or operation.
According to the nature of the data and the manner in which they are obtained, processed and
represented, financial and book-keeping records take three distinct forms: technical and
operational records, accounting records and statistical records, which reflect the overall situation
of the organization.
Activities carried out within the financial and accounting function can be grouped as followed:
- financial activities which refer to the establishment and use of financial resources;
- accounting activities, which relate to preparation of accounting records that reflect the
existence, movement and transformation of assets in a value expression. These ensure the
integrity of the assets and give a foundation to management decisions.
Finance and book-keeping performed within an organization is key because it reflects any asset
operation and in the same time provides a series of data which are used by the management in
decision making, as well as a series of users, depending on concerns.
Under these conditions ensuring effective management of financial and accounting hazards is
essential for limiting errors and fraud, waste and uneconomical activity. Implementation of an
effective risk management system on financial and accounting activities contributes to increasing
business performance and overall performance across the entire organization, given the
interfering of this function with all other functions within the organization .

5.2 THE NEED FOR RISK MANAGEMENT IN FINANCIAL AND ACCOUNTING

ACTIVITIES
The achieving business objectives or obtaining expected results is burdened by the uncertainty of
the nature of the threats, which may become both performance barriers and opportunities. At any
time, events or situations may arise, actions or inactions, which result in failure of targets or
which can become opportunities to be exploited.
The need for risk management stems from the fact that uncertainty is a reality and a reaction to
this uncertainty is a permanent preoccupation. Therefore, the acquisition of a risk management
system, widely accepted across the organization, becomes indispensable to financial and
accounting activities.
Implementing a risk management system in the financial and accounting activity is necessary
due to the following:
- Risk management requires change in management style managers must deal with both the
consequences of events that occurred and to devise and implement measures that are likely to
reduce risks so that the organization can carry out its activities in good conditions;
- Risk management facilitates effectiveness and efficiency in terms of achieving objectives
knowledge of threats enables risk rating based on the probability of materialisation, the
magnitude of the impact and the costs necessary for implementing measures for reducing or
limiting unwanted effects.
- Risk management provides appropriate conditions for a healthy internal control ensuring the
functioning of internal control involves a complex set of management measures in order to
obtain reasonable assurance that objectives will be achieved.
Risk management involves identifying risks associated to developed activities and establishing
means to respond to them, by putting into practice adequate internal control devices to mitigate
the possibility of them occurring or the consequences in case the risk already materialized. The
process must be coherent and convergent, integrated to the objectives, activities and operations
carried out under the financial and accounting structure.
Also, staff members, regardless of their hierarchical level, should be aware of the importance of
risk management in achieving their objectives and implement monitoring and control based on
principles of efficiency and effectiveness.
Financial and accounting officers must periodically analyze the risk of their activities, develop
appropriate plans in order to limit the possible consequences of such risks and determine actions
necessary for implementing the objectives of the plans.

CHAPTER-6
FRAMEWORK AND STRATEGIES
OF RISK MANAGEMENT

6.1 FRAMEWORK

6.1.1 Governance structure

Strong independent oversight is in place at all levels throughout the group.
The group audit committee (GAC) is responsible for:
reviewing the groups financial position and making recommendations to the board on all
financial matters, including assessing the integrity and effectiveness of accounting, financial,
compliance and other control systems; and
ensuring effective communication between internal auditors, external auditors, the board,
management and regulators.
The group risk and capital management committee (GRCMC) and the group credit committee
(GCC) provide, among other things, independent and objective oversight of risk and capital
management across the group by:
reviewing and providing oversight of the adequacy and effectiveness of the groups risk
management control framework;
approving risk and capital management governance standards and policies; and
Various committees allow executive management and the board to evaluate the risks faced by the
group, as well as the effectiveness of the groups management of these risks. These committees
are integral to the groups risk governance structure.
The senior committees are set out in figure

Figure : Governance reporting structure

Standard
Bank
Group board

Board
Committees

Management
committees
Group
executive

Group
audit
committee

Group risk
and
capital

managem

Group
credit
committe

SBSA
large
exposure

Group risk
oversight
committee

Intragr
oup
exposur
e
commit
tee

Group
Risk
compli
ance
commit
tee

Group
capita
l
mana
geme
nt
comm
ittee

Grou
p
asset
and
liabili
ty
comm
ittee

Group
opera
tional
risk
commi
ttee

Group
countr
y risk
manag
ement
commit
tee

Transacti
on
review
committ
ee

Global
Persona
l
&
Busines
s
Banking
credit

Global
Corporat
e
&
Investme
nt
Banking
credit
committe

1 The board has delegated authority to these committees to act as nominated designated
committees in respect of the regulations.4 Standard Bank Group risk management report for
the six months ended June 2010

approving

and monitoring the groups risk profile and risk tendency against risk appetite for
each risk type under normal and potential stress conditions.
Executive management oversight for all risk types at group level has been delegated by the group
executive committee to the group risk oversight committee (GROC). This committee considers
and, to the extent required, recommends for approval by the relevant board committees:
levels of risk appetite and tolerance;
risk governance standards for each risk type;
actions on the risk profile;
risk strategy and key risk controls across the group;
capital planning and capital funding activities;
utilisation of risk appetite; and
usage and allocation of economic capital parameters for modelling, stress testing and scenario
analysis.
The GRCMC, GCC, GAC and GROC meet at least quarterly, with additional meetings
conducted when necessary. The group risk management subcommittees set out in figure report
directly to GROC and through GROC to the GRCMC, the GCC and GAC.
6.1.2 Approach and structure
The groups approach to risk management is based on well established governance processes and
relies on both individual responsibility and collective oversight, supported by comprehensive
reporting. This approach balances strong corporate oversight at group level, beginning with
proactive participation by the group chief executive and the group executive committee in all
significant risk matters, with independent risk management structures within individual business
units.
Business unit heads are primarily responsible for managing risk within each of their businesses
and for ensuring that appropriate, adequately designed and effective risk management
frameworks are in place, and that these frameworks are compliant with the groups risk
governance standards.
To ensure independence and appropriate segregation of responsibilities between business and
risk management, business unit chief risk officers and chief credit risk officers report
operationally to their respective business unit heads and functionally to either the group chief
risk officer or the group chief credit officer.
6.1.3 Risk governance standards, policies and procedures
The group has developed a set of risk governance standards for each major risk type to which it
is exposed. The standards set out and ensure alignment and consistency in the way in which we
deal with major risk types across the group, from identification to reporting.

All standards are applied consistently across the group and are approved by the GRCMC or the
GCC. It is the responsibility of executive management in each business unit to ensure that the
risk governance standards, as well as supporting policies and procedures, are implemented and
independently monitored by the risk management team in that particular business unit.
Compliance with risk standards is controlled through annual self-assessments conducted by
business units and group risk and review independently by the group internal auditors.
6.2 RISK MANAGEMENT STRATEGIES
Once risks have been identified and assessed, all techniques to manage the risk fall into one or
more of these major categories:

Avoidance (eliminate, withdraw from or not become involved)

Reduction (optimize mitigate)

Sharing (transfer outsource or insure)

Retention (accept and budget)

Hedging

Combination

Ideal use of these strategies may not be possible. Some of them may involve trade-offs that are
not acceptable to the organization or person making the risk management decisions. Another
source, from the US Department of Defense , Defense Acquisition University, calls these
categories ACAT, for Avoid, Control, Accept, or Transfer. This use of the ACAT acronym is
reminiscent of another ACAT (for Acquisition Category) used in US Defense industry
procurements, in which Risk Management figures prominently in decision making and planning.
6.2.1 Risk avoidance
This includes not performing an activity that could carry risk. An example would be not buying a
property or business in order to not take on the legal liability that comes with it. Another would
be not flying in order not to take the risk that the airplane were to be hijacked. Avoidance may
seem the answer to all risks, but avoiding risks also means losing out on the potential gain that
accepting (retaining) the risk may have allowed. Not entering a business to avoid the risk of loss
also avoids the possibility of earning profits. Increasing risk regulation in hospitals has led to
avoidance of treating higher risk conditions, in favor of patients presenting with lower risk.
6.2.2 Hazard prevention

Hazard prevention refers to the prevention of risks in an emergency. The first and most effective
stage of hazard prevention is the elimination of hazards. If this takes too long, is too costly, or is
otherwise impractical, the second stage is mitigation.
6.2.3 Risk reduction
Risk reduction or "optimization" involves reducing the severity of the loss or the likelihood of
the loss from occurring. For example, sprinklers are designed to put out a fire to reduce the risk
of loss by fire. This method may cause a greater loss by water damage and therefore may not be
suitable. Hal on fire suppression systems may mitigate that risk, but the cost may be prohibitive
as a strategy.
Acknowledging that risks can be positive or negative, optimizing risks means finding a balance
between negative risk and the benefit of the operation or activity; and between risk reduction and
effort applied. By an offshore drilling contractor effectively applying HSE Management in its
organization, it can optimize risk to achieve levels of residual risk that are tolerable.
Modern software development methodologies reduce risk by developing and delivering software
incrementally. Early methodologies suffered from the fact that they only delivered software in
the final phase of development; any problems encountered in earlier phases meant costly rework
and often jeopardized the whole project. By developing in iterations, software projects can limit
effort wasted to a single iteration.
Outsourcing could be an example of risk reduction if the outsourcer can demonstrate higher
capability at managing or reducing risks. For example, a company may outsource only its
software development, the manufacturing of hard goods, or customer support needs to another
company, while handling the business management itself. This way, the company can
concentrate more on business development without having to worry as much about the
manufacturing process, managing the development team, or finding a physical location for a call
center.
6.2.4 Risk sharing
Briefly defined as "sharing with another party the burden of loss or the benefit of gain, from a
risk, and the measures to reduce a risk."
The term of 'risk transfer' is often used in place of risk sharing in the mistaken belief that you can
transfer a risk to a third party through insurance or outsourcing. In practice if the insurance
company or contractor go bankrupt or end up in court, the original risk is likely to still revert to
the first party. As such in the terminology of practitioners and scholars alike, the purchase of an
insurance contract is often described as a "transfer of risk." However, technically speaking, the
buyer of the contract generally retains legal responsibility for the losses "transferred", meaning
that insurance may be described more accurately as a post-event compensatory mechanism. For
example, a personal injuries insurance policy does not transfer the risk of a car accident to the

insurance company. The risk still lies with the policy holder namely the person who has been in
the accident. The insurance policy simply provides that if an accident (the event) occurs
involving the policy holder then some compensation may be payable to the policy holder that is
commensurate to the suffering/damage.
Some ways of managing risk fall into multiple categories. Risk retention pools are technically
retaining the risk for the group, but spreading it over the whole group involves transfer among
individual members of the group. This is different from traditional insurance, in that no premium
is exchanged between members of the group up front, but instead losses are assessed to all
members of the group.
6.2.5 Risk retention
Involves accepting the loss, or benefit of gain, from a risk when it occurs. True self
insurance falls in this category. Risk retention is a viable strategy for small risks where the cost
of insuring against the risk would be greater over time than the total losses sustained. All risks
that are not avoided or transferred are retained by default. This includes risks that are so large or
catastrophic that they either cannot be insured against or the premiums would be
infeasible. War is an example since most property and risks are not insured against war, so the
loss attributed by war is retained by the insured. Also any amounts of potential loss (risk) over
the amount insured is retained risk. This may also be acceptable if the chance of a very large loss
is small or if the cost to insure for greater coverage amounts is so great it would hinder the goals
of the organization too much.
6.2.6 Risk Hedging
Hedging is the practice of taking a position in one market to offset and balance against the risk
adopted by assuming a position in a contrary or opposing market or investment. The word hedge
is from Old English hecg, originally any fence, living or artificial. The use of the word as a verb
in the sense of "dodge, evade" is first recorded in the 1590s; that of insure oneself against loss, as
in a bet, is from 1670s.
The taking of an offsetting position in related assets so as to profit from relative price
movements. For example, an investor might purchase futures contracts on gold and sell futures
contracts on silver in the belief that gold will become relatively more valuable compared with
silver over the life of the contracts.

A hedge can be constructed from many types of financial instruments,

including stocks, exchange-traded funds, insurance, forward contracts, swaps, options, many
types of over-the-counter and derivative products, and futures contracts.
6.2.7 Risk Combination
The risk and uncertainty for a single task may well be known with reasonable accuracy with
respect to its cost and its proposed completion end date. Such as the risk is distributed over a
number of issuers instead of putting it on a single issuer. This reduces the chances of default. For
example it is better to have multiple suppliers instead of relying on a single supplier.

CHAPTER-7
TOOLS AVAILABLE

7.1 TOOLS AVAILABLE FOR MANAGING THE RISKS

7.1.1 Fault tree analysis (FTA) : It is now a commonly applied method to predict the failure
probability or failure frequency of engineering systems in terms of the failure and repair
parameters of the system components. The concept of expressing the system failure causes in a
logic diagram, which became known as a fault tree, was established in the early 1960s by
Watson working at Bell Telephone Labs on the launch control system of the Minuteman
intercontinental ballistic missile. The time-dependent methodology to quantify the system failure
likelihood or frequency, known as kinetic tree theory was developed almost 10 years later by
Vesely working at the Idaho Nuclear Corporation. Enhancements to the technique including the
development of importance measures and initiator and enabler theory added to the capability. In
recent years an alternative to kinetic tree theory for efficient and accurate fault tree quantification
has been developed known as the Binary Decision Diagram method .Once constructed and
appropriate data supplied for the basic events the analysis of the fault tree can be undertaken.
Analysis produces two types of result: qualitative and quantitative.
i)

ii)

Qualitative analysis produces the minimal combinations of basic (component

failure) events which result in the system failure mode (top event). These are
known as minimal cut sets.
Quantitative results include the top event unavailability, unreliability or failure
rate.

The top event parameters are defines as follows:

unavailability: Qsys(t), the probability that the system failure mode exists at time t
unreliability: Fsys(t) the probability that the system failure mode occurs at least once from time 0
to time t.
failure rate: the rate at which the system failure mode occurs
All of these quantities can be used to judge the acceptability of the system performance. If
required the quantification can be extended to produce importance measures which identify the
contribution each basic event makes to the top event.
FTA can be used to:

understand the logic leading to the top event / undesired state.

show compliance with the (input) system safety / reliability requirements.

prioritize the contributors leading to the top event - Creating the Critical
Equipment/Parts/Events lists for different importance measures.

monitor and control the safety performance of the complex system (e.g., is a particular
aircraft safe to fly when fuel valve x malfunctions? For how long is it allowed to fly with the
valve malfunction?).
minimize and optimize resources.

assist in designing a system. The FTA can be used as a design tool that helps to create
(output / lower level) requirements.

function as a diagnostic tool to identify and correct causes of the top event. It can help
with the creation of diagnostic manuals / processes.

7.1.1.1 Fault Tree Symbols And Construction

The basic symbols used in FTA are grouped as events, gates, and transfer symbols. Minor
variations may be used in FTA software.
Event Symbols
Event symbols are used for primary events and intermediate events. Primary events are not
further developed on the fault tree. Intermediate events are found at the output of a gate. The
event symbols are shown below:

Basic event

External event Undeveloped event

Conditioning event

Intermediate event

The primary event symbols are typically used as follows:

Basic event - failure or error in a system component or element (example: switch stuck in
open position)
External event - normally expected to occur (not of itself a fault)

Undeveloped event - an event about which insufficient information is available, or

which is of no consequence

Conditioning event - conditions that restrict or affect logic gates (example: mode of
operation in effect)

An intermediate event gate can be used immediately above a primary event to provide more
room to type the event description. FTA is top to bottom approach.
Gate Symbols
Gate symbols describe the relationship between input and output events. The symbols are
derived from Boolean logic symbols:

OR gate

AND gate

Exclusive OR gate

Priority AND gate

Inhibit gate

The gates work as follows:

OR gate - the output occurs if any input occurs

AND gate - the output occurs only if all inputs occur (inputs are independent)

Exclusive OR gate - the output occurs if exactly one input occurs

Priority AND gate - the output occurs if the inputs occur in a specific sequence specified
by a conditioning event

Inhibit gate - the output occurs if the input occurs under an enabling condition specified
by a conditioning event

 Transfer Symbols
Transfer symbols are used to connect the inputs and outputs of related fault trees, such as the
fault tree of a subsystem to its system.

Transfer in

Transfer out

FMEA is a system for analyzing the design of a product or service system to identify potential
failures, then taking steps to counteract or at least minimize the risks from those failures.
The FMEA process begins by identifying failure modes, the ways in which a product, service
or process could fail. A project team examines every element of a service, starting from the
inputs and working through to the output delivered to the customer. At each step, the team asks
what could go wrong here?
A key element of FMEA is analyzing three characteristics of failures:
1.
2.
3.

How severe they are

How often they occur
How likely it is that they will be noticed when they occur
Typically, the project team scores each failure mode on a scale of 1 to 10 or 1 to 5 in each of
these three areas, then calculates a Risk Priority Number (RPN):
RPN = (severity) x (frequency of occurrence) x (likelihood of detection)
The idea is to focus improvement efforts on the failures that have the biggest impact on
customers. The highest scoring failure modes are those that happen a lot, that are bad when they
happen, and/or that are unlikely to be detected. Difficult-to-detect errors obviously are more
likely to get through to customers.
The team then completes the FMEA analysis for the highest-scoring failure modes and for any
that get the highest severity scores, even if they do not score that high overall. Obviously, a
business wants to make sure any possible disaster is prevented, even if it is unlikely to occur.
Completing the analysis means looking at the potential causes for the error mode, identifying

ways to detect the problem, developing recommended actions, and assigning responsibility for
monitoring the process and taking action when warranted.
Probability (P)
In this step it is necessary to look at the cause of a failure mode and the likelihood of occurrence.
This can be done by analysis, calculations / FEM, looking at similar items or processes and the
failure modes that have been documented for them in the past. A failure cause is looked upon as
a design weakness. All the potential causes for a failure mode should be identified and
documented. This should be in technical terms. Examples of causes are: Human errors in
handling, Manufacturing induced faults, Fatigue, Creep, Abrasive wear, erroneous algorithms,
excessive voltage or improper operating conditions or use (depending on the used ground rules).
A failure mode is given an Probability Ranking.

Ratin
Meaning
g

Extremely Unlikely (Virtually impossible or No known occurrences on similar products

or processes, with many running hours)

Remote (relatively few failures)

Occasional (occasional failures)

Reasonably Possible (repeated failures)

Frequent (failure is almost inevitable)

Severity (S)
Determine the Severity for the worst case scenario adverse end effect (state). It is convenient to
write these effects down in terms of what the user might see or experience in terms of functional
failures. Examples of these end effects are: full loss of function x, degraded performance,
functions in reversed mode, too late functioning, erratic functioning, etc. Each end effect is given
a Severity number (S) from, say, I (no effect) to VI (catastrophic), based on cost and/or loss of

life or quality of life. These numbers prioritize the failure modes (together with probability and
detectability). Below a typical classification is given. Other classifications are possible. See
also hazard analysis.

Ratin
Meaning
g

No relevant effect on reliability or safety

II

Very minor, no damage, no injuries, only results in a maintenance action (only noticed
by discriminating customers)

III

Minor, low damage, light injuries (affects very little of the system, noticed by average
customer)

IV

Moderate, moderate damage, injuries possible (most customers are annoyed, mostly
financial damage)

Critical (causes a loss of primary function; Loss of all safety Margins, 1 failure away
from a catastrophe, severe damage, severe injuries, max 1 possible death )

VI

Catastrophic (product becomes inoperative; the failure may result complete unsafe
operation and possible multiple deaths)

Detection (D)
The means or method by which a failure is detected, isolated by operator and/or maintainer and
the time it may take. This is important for maintainability control (Availability of the system) and
it is specially important for multiple failure scenarios. This may involve dormant
failure modes (e.g. No direct system effect, while a redundant system / item automatic takes over
or when the failure only is problematic during specific mission or system states) or latent failures
(e.g. deterioration failure mechanisms, like a metal growing crack, but not a critical length). It
should be made clear how the failure mode or cause can be discovered by an operator under

normal system operation or if it can be discovered by the maintenance crew by some diagnostic
action or automatic built in system test. A dormancy and/or latency period may be entered.

Rating

Meaning

Certain - fault will be caught on test

Almost certain

High

Moderate

Low

Fault is undetected by Operators or Maintainers

After these three basic steps the Risk level may be provided.
Risk level (P*S) and (D)

Risk is the combination of End Effect Probability And Severity. Where probability and severity
includes the effect on non-detectability (dormancy time). This may influence the end effect
probability of failure or the worst case effect Severity. The exact calculation may not be easy in
case multiple scenarios (with multiple events) are possible and detectability / dormancy plays a
crucial role (as for redundant systems). In that case Fault Tree Analysis and/or Event Trees may
be needed to determine exact probability and risk levels.
Preliminary Risk levels can be selected based on a Risk Matrix like shown below, based on Mil.
Std. 882.The higher the Risk level, the more justification and mitigation is needed to provide

evidence and lower the risk to an acceptable level. High risk should be indicated to higher level
management, who are responsible for final decision making.

Probability
Severity -->

II

III

IV

VI

Low

Low

Low

Low

Moderate

High

Low

Low

Low

Moderate

High

Unacceptabl
e

Low

Low

Moderat
Moderate
e

High

Unacceptabl
e

Low

Moderat Moderat
High
e
e

Moderat Moderat
High
e
e

Unacceptabl Unacceptabl
e
e

Unacceptabl Unacceptabl Unacceptabl

e
e
e

After this step the FMEA has become like a FMECA.

7.1.1.2 Uses

Development of system requirements that minimize the likelihood of failures.

Development of designs and test systems to ensure that the failures have been eliminated
or the risk is reduced to acceptable level.

Development and evaluation of diagnostic systems

To help with design choices (trade-off analysis).

7.1.1.3 Advantages
Improve the quality, reliability and safety of a product/process

Improve company image and competitiveness

Increase user satisfaction

Reduce system development time and cost

Collect information to reduce future failures, capture engineering knowledge

Reduce the potential for warranty concerns

Early identification and elimination of potential failure modes

Emphasize problem prevention

Minimize late changes and associated cost

Catalyst for teamwork and idea exchange between functions

Reduce the possibility of same kind of failure in future

Reduce impact on company profit margin

Improve production yield

7.1.2 PDPC :
The process decision program chart (PDPC) systematically identifies what might go wrong in a
plan under development. Countermeasures are developed to prevent or offset those problems. By
using PDPC, you can either revise the plan to avoid the problems or be ready with the best
response when a problem occurs.
A useful way of planning is to break down tasks into a hierarchy, using a Tree Diagram. PDPC
simply extends this chart a couple of levels to identify risks and countermeasures for the bottom
level tasks, as in the diagram below. Different shaped boxes are used to highlight the risks and
and countermeasures (they are often shown as 'clouds' to indicate their uncertain nature).

7.1.2.1 When to Use PDPC

Before

implementing a plan, especially when the plan is large and complex.

When the plan must be completed on schedule.

When the price of failure is high.

7.1.2.2 PDPC Procedure

1. Obtain or develop a tree diagram of the proposed plan. This should be a high-level diagram showing
the objective, a second level of main activities and a third level of broadly defined tasks to

accomplish the main activities.

2. For each task on the third level, brainstorm what could go wrong.
3. Review all the potential problems and eliminate any that are improbable or whose
consequences would be insignificant. Show the problems as a fourth level linked to the tasks.
4. For each potential problem, brainstorm possible countermeasures. These might be actions or
changes to the plan that would prevent the problem, or actions that would remedy it once it
occurred. Show the countermeasures as a fifth level, outlined in clouds or jagged lines.

5. Decide how practical each countermeasure is. Use criteria such as cost, time required, ease of
implementation and effectiveness. Mark impractical countermeasures with an X and practical
ones with an O.

Here are some questions that can be used to identify problems:

o What inputs must be present? Are there any undesirable inputs linked to the good inputs?
o What outputs are we expecting? Might others happen as well?
o What is this supposed to do? Is there something else that it might do instead or in addition?
o Does this depend on actions, conditions or events? Are these controllable or uncontrollable?
o What cannot be changed or is inflexible?
o Have we allowed any margin for error?
o What assumptions are we making that could turn out to be wrong?
o What has been our experience in similar situations in the past? 2
o How is this different from before?
o If we wanted this to fail, how could we accomplish that?

Process Decision Program Chart(PDPC) is a technique designed to help prepare contingency

plans. The emphasis of the PDPC is to identify the consequential impact of failure on activity
plans, and create appropriate contingency plans to limit risks. Process 3 diagrams and planning
tree diagrams are extended by a couple of levels when the PDPC is applied to the bottom level
tasks on those diagrams.

An example of PDPC used with a cutting machine is shown below.

7.1.3 Insurance - It is the most common risk management tool used in organizations. The
insurance can be applied to any physical property like equipment in the organization in order to
recover from the loss occurred due to damages. The risk management can prior analyse the risks
causing damages to the organization and formulates insurance policy during any losses to the
organization.
7.1.4 Risky calculations This method of managing risk includes the process of continuous
scanning of the risk at various phases in the business operations. It is the process of calculating
the most occurring risks. These are identified by the priorities given to the risks during their
occurrence with respect to its severity. Hence the risk management authority processes on the
high priority risk by calculating the risk exposure. This calculation is obtained by the following
methods:
o Risk exposure The probability of the risk occurrence and total loss to the organisation
provides the overall exposure of specific risk.
Risk Exposure, RE = Probability of occurring risk x Total loss due to risk
o Risk reduction leverage (RRL) The value of the return on investment for countermeasures is
obtained. The reduction in the risk exposure and cost of countermeasure helps in prioritising the
possible countermeasures.
RRL = Reduction in Risk Exposure Cost of countermeasure
o Managing Risk: Once the risks are identified and calculated the following processes are

performed to mitigate risk. This process is less in terms of cost and choosing the best plan can
avoid risk exposures and provides a better action to perform. It includes the stages of identifying
the risk and choosing plans to avoid, or reduce risk. If the method avoiding is considered, the
risk management chooses the alternative actions to counterpart the risk else if it is reduction
method, then it changes the current action by adding new action to reduce the risk. The
contingency planning depends upon the risk exposure and reduction leverage.

Figure: depicts the concept of managing risk

7.2 QUANTITATIVE RISK MEASUREMENT

Quantitative risk measurement (QRA) is the process of estimating the occurring risks and
providing methods to reduce risks so that the risks are evaluated and mitigated at acceptable
levels. It also includes analyzing and classifying the identified risks and providing quantitative
information during the decisions making process for choosing the best course of risk reduction
action. QRA is performed during the design of the new process in order to calculate the amount
of risk present.
7.2.1 Based on sensitivity
The sensitivity analysis during the process of risk determination provides a key to understand the
elements causing overall risk. It includes the process of estimating the critical assumptions of the
effective risks and implement methods to mitigate risk. The methods implemented for mitigating
risks are compared with clients risk tolerability qualitative criteria. If the risk exceeds the
criteria, then the most cost effective risk reduction method is implemented.
7.2.2 Based on volatility
The quantitative risk measurement based on volatility includes assessing the uncertainties
occurring during business operations. The occurring changes are assessed and monitored for
future implementation of countermeasures. It includes analysis of various data sets, operating
processes, occurring elements, and affecting stakeholders. The current measurement of risk is
analyzed and any immediate occurring changes are addressed by various simulation methods like
Monte Carlo which consists of simple statistics for analyzing key strategic decisions.
7.2.3 Based on downside potential
The quantitative risk measurement is usually considered with both threat and opportunities
from occurring risks. If the organisation experiences only threat, then the quantitative risk
measurement process is said to be potential downside. The risk process aims to manage both
threats and opportunities so that the vital elements causing the risks can be estimated. This
provides an insight of determining the upside phase (best estimation) and downside phase
(worst case) of the risks. The potential shortfall in risk analysis includes data quality,
interpretation and the actions to be applied to reduce risk.

CHAPTER-8
ADVANCED TOPICS
IN
RISK MANAGEMENT

8.1 VALUE AT RISK

In financial mathematics and financial risk management, Value at Risk (VaR) is a widely
used risk measure of the risk of loss on a specific portfolio of financial assets. For a given
portfolio, probability and time horizon, VaR is defined as a threshold value such that the
probability that the mark-to-market loss on the portfolio over the given time horizon exceeds this
value (assuming normal markets and no trading in the portfolio) is the given probability level.
For example, if a portfolio of stocks has a one-day 5% VaR of $1 million, there is a 0.05
probability that the portfolio will fall in value by more than $1 million over a one day period if
there is no trading. Informally, a loss of $1 million or more on this portfolio is expected on 1 day
out of 20 days (because of 5% probability). A loss which exceeds the VaR threshold is termed a
VaR break. Thus, VaR is a piece of jargon favored in the financial world for a percentile of the
predictive probability distribution for the size of a future financial loss. In other words if you
have a record of portfolio value over time then the VaR is simply the negative quantile function
of those values.

CALCULATING VALUE-AT-RISK STEP BY STEP

The generality of value-at-risk poses a computational challenge. In order to measure market risk
in a portfolio using value-at-risk, some means must be found for determining the probability
distribution of that portfolios market value. Obviously, the more complex a portfolio isthe
more asset categories and sources of market risk it is exposed tothe more challenging that task
becomes.

It is worth distinguishing two concepts:

A value at risk measure is an algorithm with which we calculate a portfolios value-at-risk.

 A value at risk is our interpretation of the output of the value-at-risk measure.

A value-at-risk metric, such as one-day 90% USD VaR, is specified with three items:

A time horizon

A probability

A currency

For a given value-at-risk metric, a value-at-risk measure calculates an amount of money,

measured in that currency, such that there is that probability of the portfolio not
loosing that amount of money over that horizon. In the terminology of mathematics, this is
called a quantile, so one-day 90% USD VaR is just the .90-quantile of a portfolios one day loss.
This is worth emphasizing: value-at-risk is a quantile of loss. The task of a value-at-risk measure
is to calculate such a quantile.

For a given value-at-risk metric, measure time in units of the value-at-risk horizon. Let time 0 be
now, so time 1 represents the end of the horizon. We know a portfolios current market value 0p.
Its market value 1P at the end of the horizon is unknown. Define portfolio loss 1L as

L = 0p 1P

[1]

If 0p exceeds 1P, the loss will be positive. If 0p is less than 1P, the loss will be negative, which is
another way of saying the portfolio makes a profit.

Because we dont know the portfolios future value 1P, we dont know its loss 1L. Both are
random variables, and we can assign them probability distributions. That is exactly what a valueat-risk measure doesin assigns a distribution to 1P and/or 1L, so it can calculate the desired

quantile of 1L. Most typically, value-at-risk measures work directly with the distribution of
1
P and use that to infer the quantile of 1L. This is illustrated in Exhibit 1 for a 90% VaR metric.

Exhibit 1: . A 90% VaR metric can be valued from the distribution of 1P. The .90-quantile

of 1L (the portfolios value-at-risk) equals the .10-quantile of 1P minus the portfolios current
value 0p. Other value-at-risk metrics can be valued similarly

Exhibit 1 shows how the .90-quantile of 1L (the portfolios value-at-risk) can be obtained as the .
10-quantile of 1P minus the portfolios current value 0p. Other value-at-risk metrics can be valued
similarly. So if we know the distribution for 1P, calculating value-at-risk is easy. The challenge
for any value-at-risk measure is constructing that distribution of 1P. Value-at-risk measures do so
in various ways, but all practical value-at-risk measures share certain features described below.

Because value-at-risk measures are probabilistic, they deal with various random financial
variables. Three types are particularly significant and are given standard notation:

a portfolio value 1P;

asset values 1Si ; and
key factors 1Ri
asset

values 1S i; and

key factors 1R i.

We have portfolio value 1P, which is the portfolios market value at time 1the end of the valueat-risk horizon. It has current value 0p. Mathematically, a portfolio is defined as an ordered pair
(0p,1P).

Asset values 1Si represent the accumulated value at time 1 of individual assets held by the
portfolio. Individual assets might be stocks, bonds, futures, options or other instruments. Current
asset values are denoted 0si. Mathematically, we define an asset as an ordered pair
(0si,1Si). The m asset values 1Si comprise an ordered set (or vector) called the asset vector,
which we denote 1S. Its current value 0s is the ordered set of asset current values 0si.

[2]

Key factors 1Ri represent values at time 1 of financial variables that can be used to value the
assets. Depending on the composition of the portfolio, key factors might represent exchange
rates, interest rates, commodity prices, spreads, implied volatilities, etc. The n key
factors 1Ri comprise an ordered set called the key vector, which we denote 1R. Value-at-risk
measures utilize not only the current value 0r for the key vector but also other historical values
1
r, 2r, 3r, , r:

[3]

Where are we going with this? The quantities 1P, 1Si and 1Ri are all random. But the portfolios
value 1P is a function of the values 1Si of the assets it holds. Those in turn are a function of the
key factors 1Ri. For example, a bond portfolios value 1P is a function of the values 1Si of the
individual bonds it holds. Their values are in turn functions of applicable interest rates 1Ri.
Because a function of a function is a function, 1P is a function of 1R:
1

P = (1R)

[4]

Value-at-risk measures apply time series analysis to historical data 0r, 1r, 2r, , r to construct
a joint probability distribution for 1R. They then exploit the functional relationship
between 1P and 1R to convert that joint distribution into a distribution for 1P. From that
distribution for 1P, value-at-risk is calculated, as illustrated in Exhibit 1 above.

Lets formalize this. Exhibit 2 summarizes the components common to all practical value-at-risk
measures:

Exhibit 2: All practical value-at-risk measures accept portfolio holdings and historical market

data as inputs. They process these with a mapping procedure, inference procedure, and
transformation procedure. Output comprises the value of a value-at-risk metric. That value is the
value-at-risk measurement.

A value-at-risk measure accepts two inputs:

historical data 0r, 1r, 2r, , r for 1R, and

the portfolios holdings .

The portfolio holdings comprise a row vector whose components indicate the number of units
held of each asset. For example, if a portfolio holds 1000 shares of IBM stock, 5000 shares of
Google stock and a short position of 3000 shares of Microsoft stock, its holdings are
= (1000 5000 3000)

[5]

The two inputshistorical data and portfolio holdingsare processed separately by two
procedures within the value-at-risk measure:
An inference procedure applies methods of time series analysis to the historical data 0r, 1r,
2r, , --r to construct a joint distribution for 1R.
A mapping procedure uses the portfolios holdings to construct a function such that 1P =
(1R).

The mapping procedure uses a set of pricing functions i that value each asset 1Si in terms of 1R:
1

Si = i(1R)

[6]

For example, if asset 1S1 is a bond, pricing formula 1 will be a bond pricing formula.
If asset 1S2 is an equity option, pricing formula 2 will be an equity option pricing formula. A
functional relationship 1P = (1R) is then defined as a weighted sum of the pricing formulas i,
with the weights being the holdings i:
1

P = 11S1 + 21S2 + + m1Sm

[7]

= 11(1R) + 22(1R) + + mm(1R)

[8]

This is called a primary mapping. If a portfolio is large or holds complex instruments, such as
derivatives or mortgage-backed securities, a primary mapping may be computationally expensive
to value. Many mapping procedures replace a primary mapping with a simpler
approximation
. Such approximations are called remappings. They can take many forms.

Two common examples are remappings that are constructed, using the method of least squares,
as either a linear polynomial or quadratic polynomial approximation of . Such remappings are
called, respectively, linear remappings and quadratic remappings.

Most of the literature on value-at-risk is either elementary or theoretical, so remappings receive

little mention. This is unfortunate. As a practical tool for making production value-at-risk
measures tractable, remappings can be indispensable.
Returning to Exhibit 2, we have discussed the two inputs to a value-at-risk measure as well as the
inference procedure and mapping procedure that process these. If you think about it, the two
outputs of those procedures correspond to the two components of risk. As explained by Holton
(2004), every risk has two components:

 uncertainty
exposure

In the context of market risk, we are uncertain if we dont know what will happen in the markets.
We are exposed if we have holdings in instruments traded in those markets. A value-at-risk
measure characterizes uncertainty with the joint distribution for 1R constructed by its inference
procedure. It characterizes exposure with the portfolio mapping constructed by its mapping
procedure. A value-at-risk measure must combine those two components to measure a portolios
market risk, and it does so with a transformation procedure.

A transformation procedure accepts as inputs

a joint distribution for , and
R

a portfolio mapping , which can be either a primary mapping or a remapping.

It uses these to construct a distribution for 1P from which it calculates the portfolios value-atrisk.
Transformation procedures take various forms, but there are essentially three types:

Linear Transformation procedures apply if the portfolio mapping is a linear polynomial.

They employ a standard formula from probability theory for calculating the variance of a linear
polynomial of a random vector. For certain asset categories, such as equities or futures, primary
mappings can be liner polynomials. Alternatively, may be a linear remapping.
Quadratic Transformation procedures apply if the portfolio mapping is a quadratic
polynomial and the joint distribution of 1R is joint-normal. Primary mappings are almost never
quadratic polynomials, so quadratic transformations assume use of a quadratic remapping.
Monte Carlo Transformation procedures employ the Monte Carlo method and are applicable
to all portfolio mappings. This advantage comes with potentially significant computational
expense, as Monte Carlo transformation procedures entail revaluing the portfolio under
numerous scenarios. A subcategory of Monte Carlo transformation procedures do not randomly

generate scenarios but instead construct them directly from historical data for 1R. These are
called historical transformation procedures.

Elementary treatments of value-at-risk often mention methods for calculating value-at-risk.

Mostly, these reference the transformation procedures used. For example, the terms parametric
method or variance-covariance method refer to value-at-risk measures that employ a liner
transformation procedure. The delta-gamma method refers to those that use a quadratic
transformation procedure. The Monte Carlo method and historical method refer, of course,
to value-at-risk measures that use Monte Carlo or historical transformation procedures.

8.1.1 Applications of VaR

Reforming trading organizations and amending capital allocation are the important areas for
most of the businesses. As we have studied in the previous section, VaR can be applied for the
enhancement of these areas. VaR can be applied for the following:
Risk measurement - VaR delivers a complete and steady fashion in forward-looking
evaluation of portfolios risk profile; and offers vital information about the overall risk profile of
the firm. It would have been almost impossible to predict huge loss without VaR. VaR brings
risks into picture by setting position limits.
Risk management- VaR should also be used for risk management along with risk
measurement to maximize the benefits of VaR. It is easy to evaluate the interaction of risk
exposures when these exposures have been recognized and quantified. It helps to prioritize the
risks which may have more variability to the earnings.
Financial reporting - Various situations are performed, first with different asset allocation
percentages, secondly by investigating the impacts of liquidity of trading assets and lastly by
taking into account the possibilities of short selling in daily trading operations.
Financial control - Although VaR depends on several assumptions, it helps to recognize the
risks that may cause huge loss and analyse the allocation of finance to those particular risks.
Computing regulatory capital- Internal risk rating system in managing credit risk are
developed and utilized in banks. This is applied directly to corporate and project finance risk
rating model which helps to govern regulatory capital requirements.

8.1.2 Limitations of VaR

We are aware that there is no perfect solution to any issue. In the same way, VaR also has certain
limitations. The limitations of VaR are as follows:
Estimation difficulties - The VaR calculated through different approaches provides different
values. It is not always possible to calculate VaR through historical and simulation approaches as
they provide different values. Using the VaR requires precise valuation of estimated VaR. The
existing methods of measuring VaR accuracy are more complex.
Creates false sense of security - VaR displays certain unfavorable properties like insufficient
risk aggregation. Artzner and Delbaen (1998) illustrate that the VaR of a portfolio might be
greater than the sum of individual VaR of the components. In certain instances, the framework of
original VaR avoids variations. Uryasev (2000) solved this issue by recommending Conditional
VaR (CVaR) as an alternative solution.
Misjudge worst-case results - The understanding of normal VaR is uninformative regarding
the potential loss which exceeds the normal VaR.
The Normal VaR presents a non-convex multiextreme function. Hence, dissimilar to the
mean-variance risk measures, it needs techniques of complex global optimization while
analyzing the optimal values of portfolio elements.
In certain cases, the VaR of a specific component doesnt always explain effectively the VaR
of the overall portfolio
It does not properly incorporate positive results, thus failing to provide a complete picture.
VaR is little problematic to use and is not an intelligent risk measure as its estimation is
subjected to large errors. These drawbacks can be easily exploited by individuals within the
company. But it does not mean that VaR is not a useful tool in risk management.

8.2 TIME VALUE OF MONEY

Refers to the ability to invest money and earn income or interest over a period of time. Thus, the
point in time when the money will be paid becomes very important. The longer the delay in
making a payment, the more interest that can be earned. The time value of money is a function of
the interest rate paid and the amount of time the money is invested.
The time value of money is the premise that a fixed amount of money available today is more
valuable/desired than the same amount of money available in the future. This premise can be
generalized for economic resources (of which money is an embodiment by social contract). We
can state two reasons to justify the premise for all resources: 1) We prefer to have in our control a
resource today rather than in the future, because of the inherent uncertainty that characterizes any
future event. We cannot be certain that we will acquire the resource in the future. 2) We prefer to
have in our control a resource today rather than in the future, because we could use to our favor
this resource in the meantime (this is a temporal version of the notion of "opportunity cost").

Especially for money, there is a third reason, namely the existence of inflation: given inflation,
the same amount of money will buy tomorrow fewer goods than today. It must be noted however
that while Uncertainty of the Future and Opportunity Cost, are rooted in the very foundations of
human existence, inflation is a historical event that may change direction. In the case of
"negative inflation", ie where money increases rather than loses its value as time passes, then
"money tomorrow" tends to be more valuable than "money today" (or at least, it partially offsets
the pull of the other two fundamental reasons given above towards the opposite direction).
Nevertheless, in modern market economies, a consistent trend of negative inflation is absent for
almost a century.
A fourth reason is the belief that maybe the money might not be around in the future. The
borrower might not be around or the repayment contract could be lost. The currency could be
abolished or a catastrophy could occur rendering money valueless.
DISCOUNT RATE

The time value of money can be easily quantified at a personal level. A person can ask herself,
"What do I prefer, 100 euros today or XXX euros in a year from now?" When she finds the
amount that makes her "indifferent", then she can calculate easily her Personal Discount Rate.
Assume that given the question, "100 euros now or 120 euros in one year from now," a person
replies, "it's all the same to me". Then this person's Yearly Personal Discount Rate (YPDR) is
calculated as:
YDR = (120/100)-1 =1,2-1 =0,2 =20%

And in general terms

YPDR = (Equally preferred value in a year / Value today)-1

Note that YPDR quantifies together the effects of all the reasons given above that lead to
"money tomorrow" being worth less than "money today".
If a person has calculated his own YPDR honestly, carefully, and rationally, and has tested it over
a period of time for stability of preferences, he can then use it as a tool to assist him in taking
economic decisions than involve different amounts and timings of money (to be given or to be
received). Essentially, by using the discount rate, we can calculate what amount of money

received or given today is -for us- equivalent with an amount of money to be received (or to be
given) in the future.

Some standard calculations based on the time value of money are:

Present value : The current worth of a future sum of money or stream of cash flows given a
specified rate of return. Future cash flows are discounted at the discount rate, and the higher
the discount rate, the lower the present value of the future cash flows. Determining the
appropriate discount rate is the key to properly valuing future cash flows, whether they be
earnings or obligations.
Present value of a future sum.
The present value formula is the core formula for the time value of money; each of the other
formulae is derived from this formula. For example, the annuity formula is the sum of a series of
present value calculations.
The present value (PV) formula has four variables, each of which can be solved for:

1. PV is the value at time=0

2. FV is the value at time=n
3. i is the discount rate, or the interest rate at which the amount will be compounded
each period
4. n is the number of periods (not necessarily an integer)
The cumulative present value of future cash flows can be calculated by summing the
contributions of FVt, the value of cash flow at time t

Note that this series can be summed for a given value of n, or when n is .

Present value of an annuity: An annuity is a series of equal payments or receipts that

occur at evenly spaced intervals. Leases and rental payments are examples. The payments
or receipts occur at the end of each period for an ordinary annuity while they occur at the
beginning of each period for an annuity due.

Present value of a growing annuity

In this case each cash flow grows by a factor of (1+g). Similar to the formula for an annuity, the
present value of a growing annuity (PVGA) uses the same variables with the addition of g as the
rate of growth of the annuity (A is the annuity payment in the first period). This is a calculation
that is rarely provided for on financial calculators.

Where i g :

To get the PV of a growing annuity due, multiply the above equation by (1 + i).

Where i = g :

Future value is the value of an asset or cash at a specified date in the future that is
equivalent in value to a specified sum today.

Future value of a present sum

The future value (FV) formula is similar and uses the same variables.

Future value of an annuity (FVA) is the future value of a stream of payments (annuity),
assuming the payments are invested at a given rate of interest.

The future value of an annuity (FVA) formula has four variables, each of which can be solved
for:

1. FV(A) is the value of the annuity at time = n

2. A is the value of the individual payments in each compounding period
3. i is the interest rate that would be compounded for each period of time
4. n is the number of payment periods
To get the FV of an annuity due, multiply the above equation by (1 + i).

8.2.1 REASONS FOR TIME VALUE OF MONEY

Money has time value because of the following reasons:
1. Risk and Uncertainty : Future is always uncertain and risky. Outflow of cash is in our control
as payments to parties are made by us.
There is no certainty for future cash inflows. Cash inflows is dependent out on our Creditor,
Bank etc. As an individual or firm is not certain about future cash receipts, it prefers receiving
cash now.
2. Inflation: In an inflationary economy, the money received today, has more purchasing power
than the money to be received in future. In other words, a rupee today represents a greater real
purchasing power than a rupee a year hence.
3. Consumption: Individuals generally prefer current consumption to future consumption.
4. Investment opportunities: An investor can profitably employ a rupee received today, to give
him a higher value to be received tomorrow or after a certain period of time.
Thus, the fundamental principle behind the concept of time value of money is that, a sum of
money received today, is worth more than if the same is received after a certain period of time.
For example, if an individual is given an alternative either to receive ` 10,000 now or after one
year, he will prefer ` 10,000 now. This is because, today, he may be in a position to purchase
more goods with this money than what he is going to get for the same amount after one year.
Thus, time value of money is a vital consideration in making financial decision.
Let us take some examples:
EXAMPLE 1: A project needs an initial investment of ` 1,00,000. It is expected to give a return
of ` 20,000 per annum at the end of each year, for six years. The project thus involves a cash

outflow of ` 1,00,000 in the zero year and cash inflows of ` 20,000 per year, for six years. In
order to decide, whether to accept or reject the project, it is necessary that the Present Value
of cash inflows received annually for six years is ascertained and compared with the initial
investment of ` 1,00,000.
The firm will accept the project only when the Present Value of cash inflows at the desired rate
of interest exceeds the initial investment or at least equals the initial investment of ` 1,00,000.

EXAMPLE 2: A firm has to choose between two projects. One involves an outlay of ` 10 lakhs
with a return of 12% from the first year onwards, for ten years. The other requires an investment
of ` 10 lakhs with a return of 14% per annum for 15 years commencing with the beginning of the
sixth year of the project. In order to make a choice between these two projects, it is necessary to
compare the cash outflows and the cash inflows resulting from the project. In order to make a
meaningful comparison, it is necessary that the two variables are strictly comparable. It is
possible only when the time element is incorporated in the relevant calculations. This reflects the
need for comparing the cash flows arising at different points of time in decision-making.

CHAPTER-9
LITERATURE SURVEY

9.1 GREATEST CHALLENGES FOR THE INSURANCE INDUSTRY

The insurance market is "hard" when premiums are high and underwriting standards are
tight.

The insurance market is "soft" when premiums are low and underwriting standards are

loose.

9.2 THE RISK OF INVESTING IN GOLD

The risks to owning gold include the following:

Gold fluctuates in price just like other assets. There are periods of time when gold is
"expensive" in relation to the U.S. dollar. If an investor buys gold when it is selling at a high
price in relation to the dollar and then sells it at a lower price, the investor will, of course,
lose money.

There is an "opportunity cost" to owning gold as it does not pay interest as bonds, or
money market accounts or savings accounts do. Nor does gold pay a dividend the way many
stocks do. Instead, it just "sits there looking pretty" neither earning interest nor paying a
dividend. If an investor owns gold during a period of time when it is not gaining in value (or
worse is losing value), the investor will have lost out on the opportunity to earn income
from having invested in an alternative asset. This opportunity cost can be significant,
especially when the virtues of compound interest are considered.

When an investor purchases gold, attention needs to be given to how the gold will be
safely stored. Storing gold coins in one's house is the equivalent of putting money under
one's mattress: It is not a safe place to keep it. Some investors use safe deposit boxes
(available at some banks) to store gold. Other investors purchase gold in a manner that does
not require taking delivery on the gold. For instance, a gold exchange traded fund enables
the purchase of gold without having to take possession of it as the gold is collectively stored
for owners of the fund in some safe place, such as a bank vault.

While more a drawback than a risk, gold coins are considered "collectibles"; as such, the
long term federal capital gains rate for gold is higher than for stocks (about 28% for gold
coins versus 15% for stocks).

9.2.1 ANALYSIS:
MUMBAI, FEB. 5:

The steep rise in gold prices over the past few years indicates that the risk involved in investment
in gold has heightened, cautioned K. C. Chakrabarty, Deputy Governor, Reserve Bank of India.
This is a fact which is not recognized by people, he said at a Workshop on Financial Literacy.
Some basic concepts are not fully appreciated even by seemingly literate groups, resulting in
assumption of excessive risks.
One example that I often quote about the widespread financial illiteracy is the theory being
floated around by the so-called financial advisers about investment in gold being a hedge
against inflation and a safe asset, said the Deputy Governor.
Given that the price of the yellow metal has surged in the last few years, Chakrabarty flagged the
risks involved in investing in gold.
According to the RBIs Financial Stability Report, the price of gold carries an uncertainty
premium arising from risk aversion among investors in recent years. This has caused an abovenormal return that is not sustainable in the long term.
Since Indian households hold a significant quantity of gold, they face the risk of a correction in
gold prices.
There has been a reduction in the share of financial assets in household savings as households
preference for physical assets and valuables like gold seem to be rising, thereby adding to the
pressure on the current account deficit (CAD). This is a worrying factor, said the report.
CAD arises when a countrys total imports of goods, services and transfers is greater than
exports.

9.2.2 CURBS ON GOLD DEMAND

To tamp down the demand for gold, the Government has upped the Customs duty on gold
imports from 4 per cent to 6 per cent.
Further, a RBI working group has suggested introduction of gold-linked financial products,
which are not backed fully in physical form, to help reduce gold imports. Inflation-indexed
bonds are also in the works to offer investors a hedge against inflation and dissuade them from
gold investments.
According to the RBIs Macroeconomic and Monetary Developments document for the third
quarter, continuing large imports of oil and gold have resulted in a deterioration of the trade
balance.
Further, low growth and uncertainty in advanced economies as well as emerging market and
developing economies continued to affect exports in the third quarter of 2012-13.

The deterioration in trade balance (with imports outstripping exports) has led to the CAD-GDP
ratio reaching a historical of 5.4 per cent in the August-September quarter of 2012-13.
Gold imports continue to account for a large part of Indias CAD. Also, the country accounts for
a quarter of the world demand for gold.
9.3 THE RISK OF INVESTING IN BONDS
Investing in bonds, whether they are public or private, also carries risks, especially the
insolvency risk (credit risk) and the interest rate risk. The credit risk of bonds is usually indicated
by its rating.
Ratings give a long-term view of the likelihood of companies being able to meet their
commitments, i.e. paying the interest and repaying the principal of the bonds they issue.
The three main international bond rating companies are Standard & Poors, Moodys and Fitch.
Although there are usually no major discrepancies between these companies scores, the methods
they use to analyse and rate bonds are different.
Bonds with ratings of BBB or higher are considered to be investment grade. Any bond rated
below this is considered to be high risk, i.e. a junk bond.
However, ratings can change as often as analysts review the company that issued the bonds.
Whenever there is a change in the company or in its economic environment, analysts review its
rating.
The table below shows the different bond ratings given by two of the main rating agencies,
Moodys and Standard & Poors
Moodys

Standard & Poors

Degree
Protection

of

Investor

Investment Grade
Aaa
Aa
A

AAA
AA
A

Baa

BBB

Extremely strong
Very strong
Strong but susceptible to
changes in certain economic
conditions
Adequate protection but these
protective components may
be deficient and likely to delay
repayments in the event of
changes

in economic circumstances
Junk Bond
BB

Ba
B

Caa

CCC

Ca
C

CC
C

Greater uncertainties and

questionable financial security
Assurance of payment over
any long period of time is
small
Securities of very poor
standing
Highly vulnerable to default
May already be in default

In default

9.3.1 Data Analysis

9.4 RISK MANAGEMENT AT ICICI

In March 1999, ICICI filed a suit in the Debt Recovery Tribunal, Delhi against Esslon Synthetics
Limited and its Managing Director (in his capacity as guarantor) for recovery of amounts totaling
Rs. 169 million (US$ 3 million) due from Esslon Synthetics. In May 2001, the guarantor filed a
counterclaim for an amount of Rs. 1.0 billion (US$ 21 million) against ICICI and other lenders
who had extended financial assistance to Esslon Synthetics on the grounds that he had been
coerced by officers of the lenders into signing an agreement between LML Limited, Esslon
Synthetics and the lenders on account of which he suffered, among other things, loss of business.
The matter is currently pending before the Debt Recovery Tribunal, Delhi.
In April 1999, ICICI filed a suit before the High Court of Judicature at Bombay against Mardia
Chemicals Limited for recovery of amounts totaling Rs. 1.4 billion (US$ 29 million) due from
Mardia Chemicals. The suit was subsequently transferred to the Debt Recovery Tribunal,
Mumbai. In July 2002, ICICI Bank issued a notice to Mardia Chemicals under the Securitization
and Reconstruction of Financial Assets and Enforcement of Security Interest Ordinance, 2002
(subsequently passed as an Act by the Indian Parliament) demanding payment of its outstanding
dues. In August 2002, Mardia Chemicals filed a suit in the city civil court at Ahmedabad against
ICICI Bank, Mr. K. V. Kamath, Managing Director and Chief Executive Officer and Ms. Lalita
D. Gupte, Joint Managing Director, for an amount of Rs. 56.3 billion (US$ 1.2 billion) on the
grounds that Mardia Chemicals has allegedly suffered financial losses on account of ICICIs
failure to provide adequate financial facilities, ICICIs recall of the advanced amount and ICICIs
filing of a recovery action against it.
The city civil court held that the suit should have been filed in the pending proceedings before
the Debt Recovery Tribunal, Mumbai. Mardia Chemicals filed an appeal before the High Court
of Gujarat, which dismissed the appeal and ordered that the claim against ICICI Bank be filed
before the Debt Recovery Tribunal, Mumbai and the claim against Mr. K.V. Kamath and Ms.

Lalita D. Gupte be continued before the city civil court at Ahmedabad. In June 2003, the
promoters of Mardia Chemicals in their capacity as guarantors of loans given by ICICI to Mardia
Chemicals filed a civil suit in the city civil court at Ahmedabad against ICICI Bank for an
amount of Rs. 20.8 billion (US$ 437 million) on the grounds of loss of investment and loss of
profit on investments. The pleadings in the matter are yet to be completed. Mardia Chemicals
had also filed a petition in the High Court, Delhi, challenging the constitutional validity of the
Securitization and Reconstruction of Financial Assets and Enforcement of Security Interest
Ordinance, 2002. The matter has since been transferred to the Supreme Court of India, where it is
currently pending.

9.5 THE CHANGING RISK IN AGRICULTURE FROM GLOBALIZATION AND

VOLATILITY
By Dr. J. Shannon Neibergs
Through globalization, the world economy is becoming increasingly interdependent and
economic risks are increasing in unexpected areas. A recent example is the devastating financial
collapse of MF Global, which was a leading agricultural commodities broker serving as a
clearing house for agricultural commodity futures market transactions until it declared
bankruptcy in October 2011. MF Global used client funds to purchase high risk European bonds
that defaulted which in-turn caused a liquidity crisis for MF Global. Estimated client losses are
up to 1.2 billion dollars. The counter party default of MF Global was unexpected and is an
example of the increasingly complex risks from globalization that agricultural producers need to
be made aware of through risk management education.
As agricultural commodity markets become increasingly intertwined through globalization,
market and financial risks are magnified in terms of price volatility. Volatility is defined as the
variation in price over time. Increasing volatility in prices and input costs is evident across
agriculture. Several grain , livestock and fruit and vegetable commodities reached record high
prices in 2011. Fertilizer costs have become highly volatile due to globalization in production as
well as demand. Volatility greatly increases financial risk because producers have to commit
financial resources to produce their crops before knowing their crop yield and in many cases
price. Producers can easily be caught in a profitability squeeze if volatility increases production
costs but decreases sale prices. Producers need risk management education to understand and
manage the changing risks due to increased volatility.
Evidence of increased volatility from the corn market shows that from January to July 2011, 68
corn futures contract months settled at the regulated price limit move, compared to 36 corn
futures contract limit moves in all of 2010. In response to increased market volatility, the CME
Group received regulatory approval to increase the daily price limit move on its corn futures

market contracts in August, 2011. Some market participants are concerned that increased price
limits will increase price volatility and in-turn margin call requirements. Some agricultural
producers may have difficulty in meeting increased margin call requirements while country
elevators are concerned about their ability to finance margin requirements. This could adversely
affect their ability to offer forward contracts to farmers. Hedging market risk using forward and
futures market contracts have been widely recommended as risk management tools. Risk
management education provides producers tools and knowledge to implement risk reducing
strategies that work to increase their long-term profitability.
Dr. J. Shannon Neibergs is the Director of the Western Center for Risk Management Education
with Washington State University Extension

CHAPTER-10
BENEFITS
AND
LIMITATIONS

10.1 BENEFITS
Risk management is a process which provides assurance that:

objectives are more likely to be achieved;

damaging things will not happen or are less likely to happen;

beneficially things will be or are more likely to be achieved.

It is not a process for avoiding risk. The aim of risk management is not to eliminate risk, rather to
manage the risks involved
The potential benefits from risk management are :

supporting strategic and business planning;

supporting effective use of resources;

promoting continuous improvement;

fewer shocks and unwelcome surprises;

quick grasp of new opportunities;

reassuring stakeholders;

helping focus internal audit programme;

10.2 LIMITATIONS

Prioritizing the risk management processes too highly could keep an organization from ever
completing a project or even getting started. This is especially true if other work is suspended
until the risk management process is considered complete.
It is also important to keep in mind the distinction between risk and uncertainty. Risk can be
measured by impacts x probability.
If risks are improperly assessed and prioritized, time can be wasted in dealing with risk of losses
that are not likely to occur. Spending too much time assessing and managing unlikely risks can
divert resources that could be used more profitably. Unlikely events do occur but if the risk is
unlikely enough to occur it may be better to simply retain the risk and deal with the result if the
loss does in fact occur. Qualitative risk assessment is subjective and lacks consistency. The
primary justification for a formal risk assessment process is legal and bureaucratic.

CHAPTER-11
RECOMMENDATIONS
AND
CONCLUSION

11.1 FINAL RECOMMENDATIONS

There should be sound co-operation between industries, Government and other interested
stakeholders of the industry.

There should be scientifically sound risk assessment methods.

There should be transparency in the review and utilization of risk assessment data.

There should be support for the precautionary approach.

There should be proper maintenance of plant.

There should be separate section in the company for risk management.

There is need of standardization of risk assessment principles and methodologies.

11.1.1 MODEL FOR SYSTEM LEVEL RISK ASSESSMENT

The following may be used to assist in making preliminary judgments regarding risk
classifications:

Consequences

Probability

Low Risk

Moderate Risk

High Risk

Insignificant cost,
schedule, or technical
impact

Affects program
objectives, cost, or
schedule; however
cost,
schedule,
performance are
achievable

Significant
impact,
requiring reserve or
alternate courses of
action to recover

of Little or no estimated Probability

High likelihood of

Occurrence

likelihood

sufficiently high to be occurrence

of
concern
to
management

Extent
Demonstration

of Full-scale, integrated
technology has been
demonstrated
previously

Has
been
demonstrated
but
design changes, tests
in
relevant
environments required

Significant design
changes required in
order to achieve
required/desired
results

Existence
Capability

of Capability exists in
known
products;
requires
integration
into new system

Capability exists, but Capability does not

not at performance currently exist
levels required for
new system

11.2 CONCLUSION
The essence of risk management is not avoiding or eliminating risk but deciding which risks to
exploit, which ones to let pass through to investors, and which ones to avoid or hedge. In this
chapter, we focused on exploitable risks by presenting evidence on the payoff to taking risk.
Although there is evidence that higher risk taking, in the aggregate, leads to higher returns, there
is also enough evidence to the contrary (that is, risk taking can be destructive) to suggest that
firms should be careful about which risk they expose themselves to.
Risk management underscores the fact that the survival of an organization depends heavily on its
capabilities to anticipate and prepare for the change rather than just waiting for the change and

react to it. The objective of risk management is not to prohibit or prevent risk taking activity, but
to ensure that the risks are consciously taken with full knowledge, clear purpose and
understanding so that it can be measured and mitigated. It also prevents an institution from
suffering unacceptable loss causing an institution to fail or materially damage its competitive
position. Functions of risk management should actually be bank specific dictated by the size and
quality of balance sheet, complexity of functions, technical/ professional manpower and the
status of MIS in place in that bank. There may not be one-size-fits-all risk management module
for all the banks to be made applicable uniformly. Balancing risk and return is not an easy task
as risk is subjective and not quantifiable where as return is objective and measurable. If there
exist a way of converting the subjectivity of the risk into a number then the balancing exercise
would be meaningful and much easier.
Banking is nothing but financial inter-mediation between the financial savers on the one hand
and the funds seeking business entrepreneurs on the other hand. As such, in the process of
providing financial services, commercial banks assume various kinds of risks both financial and
non-financial. Therefore, banking practices, which continue to be deep routed in the philosophy
of securities based lending and investment policies, need to change the approach and mindset,
rather radically, to manage and mitigate the perceived risks, so as to ultimately improve the
quality of the asset portfolio.
As in the international practice, a committee approach may be adopted to manage various risks.
Risk Management Committee, Credit Policy Committee, Asset Liability Committee, etc are such
committees that handle the risk management aspects. While a centralized department may be
made responsible for monitoring risk, risk control should actually take place at the functional
departments as it is generally fragmented across Credit, Funds, Investment and Operational
areas. Integration of systems that includes both transactions processing as well as risk systems is
critical for implementation.
In a scenario where majority of profits are derived from trade in the market, one can no longer
afford to avoid measuring risk and managing its implications thereof. Crossing the chasm will
involve systematic changes coupled with the characteristic uncertainty and also the pain it brings
and it may be worth the effort. The engine of the change is obviously the evolution of the market
economy abetted by unimaginable advances in technology, communication, transmission of
related uncontainable flow of information, capital and commerce through out the world. Like a
powerful river, the market economy is widening and breaking down barriers. Governments role
is not to block that flow, but to accommodate it and yet keep it sufficiently under control so that
it does not overflow its banks and drown us with the associated risks and undesirable side
effects.
To the extent the bank can take risk more consciously, anticipates adverse changes and hedges
accordingly, it becomes a source of competitive advantage, as it can offer its products at a better
price than its competitors. What can be measured can mitigation is more important than capital
allocation against inadequate risk management system. Basel proposal provides proper starting
point for forward-looking banks to start building process and systems attuned to risk
management practice. Given the data-intensive nature of risk management process, Indian Banks
have a long way to go before they comprehend and implement Basel II norms, in to-to.

The effectiveness of risk measurement in banks depends on efficient Management Information

System, computerization and net working of the branch activities. The data warehousing solution
should effectively interface with the transaction systems like core banking solution and risk
systems to collate data. An objective and reliable data base has to be built up for which bank has
to analyze its own past performance data relating to loan defaults, trading losses, operational
losses etc., and come out with bench marks so as to prepare themselves for the future risk
management activities. Any risk management model is as good as the data input. With the
onslaught of globalization and liberalization from the last decade of the 20th Century in the
Indian financial sectors in general and banking in particular, managing Transformation would be
the biggest challenge, as transformation and change are the only certainties of the future.