Why is some risk diversifiable and some not diversifiable

Introduction to Risk Management, Chapter 1

Sections 1.23-1.35

3/29 Class

Risk Classifications

Most commonly used are:

Pure and speculative risk

Subjective and objective risk

Diversifiable and non-diversifiable risk

Quadrants of risk (hazard, operational, financial, strategic)

These classifications are not mutually exclusive and can be applied to any given risk.

Pure and Speculative Risk

Pure risk- Chance of loss or no loss, but no chance of gain.

Speculative risk- A chance of loss, no loss, or gain

Credit risk- The risk that a customer or other creditors will fail to make promised payments as they come due.

Being able to distinguish between both pure and speculative risks is important as they are managed differently

What are the four speculative risks in investments?

Subjective and Objective Risk

When a decision is made that involves risk, it’s usually on an individual’s or organization’s assessment of the risk.

The assessment can be based on opinions which can be subjective, factual, or objective.

Subjective risk- The perceived amount of risk based on an individual’s or organization’s opinion.

Objective risk- The measurable variation in uncertain outcomes based on facts and data.

Diversifiable and Non-Diversifiable Risk

Diversifiable risk- Not highly correlated and can be managed through diversification or spread of risk.

Example- A fire that affects a small number of businesses.

Non-Diversifiable risk- Includes inflation, unemployment, natural disasters. They are correlated and tend to occur simultaneously rather than randomly.

Systemic risks are usually non-diversifiable.

Example-Leverage from financial banking institutions can disrupt the financial system.

Quadrants of Risk

There is no real consensus of how an organization should categorize risks, but one common approach is to divide them into four quadrants:

1) Hazard risk- Property, liability, or personnel loss exposures and are generally subjective to insurance.

2) Operational risk- These risks fall outside the hazard risk category and arise from people or failure in processes, systems, or controls, including information technology.

3)Financial risk- The effect of market forces on financial assets or liabilities and include market risk, credit risk, liquidity risk, and price risk.

4) Strategic risk- From trends in the economy or society, including changes in the economic, political, and competitive environments, as well as demographic shifts.

Quadrants of Risk, cont.

Hazard and operational risk are classified as pure risks, financial and strategic risk are classified as speculative risks.

The four quadrants if risk focus on the risk source and who traditionally manages it.

Risk can fall into multiple risk quadrants, not just one.

See the diagram on p. 1.28

Enterprise Risk Management (ERM)

Emerged in the 1990’s.

Financial regulators in both the US and Europe have adopted ERM and it is now an integral part of various regulations.

Traditional risk management is concerned with an organization’s pure risk, primarily hazard risk.

ERM manages all of the organization’s risks including operational, financial, and strategic risks.

There is no clear dividing line between risk management and ERM, and they are used interchangeably.

ERM Definitions

ISO 2009- Coordinated activities to direct and control an organization with regard to hazard risk.

RIMS, CAS, and COSO’s definitions are found on p. 1.30 in the table.

ISO’s definition of risk- the effect of uncertainty on objectives.

There are various definitions of ERM, and all include the concept of managing all of an organization’s risk to help an organization meet its objectives.

The link between the management of an organization’s risk and its objectives is a key driver in deciding how to asses and treat risks.

Theoretical Pillars of ERM

1) Interdependency

The silo type of management is typical on traditional risk management and ignores any interdependencies and assumes that financial risk is unrelated to a hazard risk.

Events are statistically independent if the probability of one event occurring does not affect the probability of a second event occurring. An example is mortgage loans in different geographical regions may seem independent, but the 2008 financial crisis revealed that they were significantly interdependent.

2) Correlation

Correlation increases risk, while correlation risks can reduce risk to the extent to provide a balance or hedge. Example is supply-chain risk in a single geographic location.

3) Portfolio Theory

Combination of risks. It assumes that risk includes both individual risks and their interactions. Example-Fuel prices increase, can affect both airlines and the consumer demand. Hedging this price can help offset costs.

Organizational Relationships

Under the traditional risk management model, there is a risk manager and department to manage hazard risk.

The focus was primarily on risk transfer (insurance).

Large organizations include claims management, safety, and loss prevention in the risk management department.

ERM has the risk management function as broader and includes all of the risks of the organization, not just hazard risk.

The ENTIRE organization at all levels becomes responsible for risk management as the ERM framework encompasses all stakeholders.

Organizational Relationships, cont.

The board of a public company has the ultimate responsibility for oversight of the organization’s risks.

Dodd-Frank Act from 2010 requires certain types of financial companies to appoint board risk committees.

Some public companies have formed executive-level risk committees, chaired by the CRO or Chief Risk Officer, who reports to the CEO or Chief Executive Officer.

See both diagrams on p. 1.32.

The CRO

The CRO engages the organization’s management in the continuous conversation that establishes risk strategic goals to the organization's strengths, weaknesses, opportunities, and threats (SWOT).

Stakeholders include employees, management, the board of directors, and shareholders. External stakeholders include customers, regulators, and the community.

CRO is responsible to help the enterprise create a risk culture where managers and employees become risk owners.

In a fully integrated ERM organization, identifying and managing risk becomes part of every job description and every project.

Also is a measure on strategic objectives and evaluations.

Implementing ERM

First and foremost, senior management’s commitment!

Must have access to data from all organizational areas and levels to identify and asses the organization’s risks.

Risk managers must have the authority to make and enforce necessary changes, often against significant resistance.

Effective communication is key!

The CEO should meet with senior managers to discuss the purpose and goals for their support.

A task force should be comprised of representatives from each function of work with the CRO and/or risk management professionals to get buy-in from key stakeholders.

When ERM is fully implemented, a developed communication matrix moves information throughout the organization that includes dialogue and discussion from all levels of the organization.

Valid metrics and continuous flow of cogent data is critical.

An effective reporting structure is utilized informing the entire organization, including both internal and external stakeholders.

Impediments to ERM

A major impediment is technological deficiency.

In order to be successful, relevant information must be received.

Management needs information in a timely and concise manner to meet its objectives. A common tool used is the “dashboard”

Perhaps the single most impediment is traditional organizational culture is in entrenched silos. The risk management function traditionally purchased insurance and had claim-oversight.

Human resources, finance, operations, information technology, and even safety had their own, unique management structure.

The New ERM Culture

Risk management is integrated throughout the organization.

All managers from every sector take charge and responsibility for risk management.

To achieve accountability, many organizations charge back the gains and costs associated with risk management to the responsible function.

Example: An operating division would be charged for the cost of hazard insurance and claims and also receive credits for new business or production improvements.

Questions

1) Explain how its so important to understand risk and risk management beyond traditional concepts dealing with risks of accidental loss.

2) What are the four speculative risks in investments?

3) Define pure and speculative risk, subjective and objective risk, diversifiable and non-diversifiable risk, and the quadrants of risk. Provide an example for each.

4) In your opinion, why do you think ERM can be difficult to implement into an organization that has traditional risk management?

5) What is the significance of being entrenched in the silos when it comes to ERM?

6) In order for ERM to be successful, what support must you have from the organization?