|
Keane Insight
Minimise your risk
An organisation differentiates itself by its ability to effectively
manage risk says Teresa Leung
Business risks are a given. Fortunately they can be managed.
Enterprises need to classify and identify these risks before they source solutions
to manage them. Risks exist in the different layers of business. For instance,
a financial institution faces market risk, structural risk, credit risk and
operational risk. “Some risks, such as credit risk, can affect many different
industries,” says Terry Wong, principal of risk management at the SAS
Institute. This is because credit risk is associated with failure to make payments
on time.
Risks can be defined and classified, but risk management
is another tale. It is a broad concept that rings different bells in different
organisations. ‘To explain it in layman terms, it is an approach to manage
the vulnerability of an organisation.’ The organisation can apply an integrated
and strategic approach to handle this exposure through a risk management process
involving technology, knowledge and people,” says Linda Hui who is the
managing director at F5 Networks-HongKong. Christopher Marshall, who is the
senior director for banking and risk management at Oracle Asia-Pacific, says
that risk management is more about managing risks in a cost-effective manner,
rather than reducing risk.
Managing risk with technology
Though software applications can help companies identify,
measure, and manage risk, they play only a small part in the risk management
process. The core components of risk management may have nothing to do with
the applications that one uses. The best risk management practice involves defining
goals and objectives, cultural changes, sharing a common risk language in the
organisation, defining the oversight structure, developing a business risk management
strategy, and implementing risk control processes. All these cannot be done
by simply deploying applications.
Different types of risks have specific software applications
to measure them. For example, market risk management systems take information
about market portfolios, and convert them to measure a portfolio’s sensitivity
to market changes. The measure of the market risk of an investor’s portfolio
may include stocks, bond, and mutual funds.
Such systems combine information about a portfolio’s
sensitivity to economic changes or other events that impact the market with
information about the likely range of possible market shifts.
Different risks require different mechanisms
Credit risk applications take historical data about defaults
in a particular market segment, and use it to estimate the likelihood of future
defaults or credit rating migration of a particular company or a borrower. Combining
the probability that a company will default, the user’s exposure to that
company and the value of a contract or the size of a loan gives a company a
measure of the likely losses it could face over a given time period.
When it comes to structural risk, which is associated with
interest rate fluctuations, financial institutions typically measure it using
ALM (asset liability management) systems. According to Marshall, some ALM systems
project a wide range of possible interest rate scenarios and evaluate how the
bank’s portfolio of cash flow performs in different scenarios. The result
is a measure of risk for the bank as a whole.
Today, many risk management applications are used to measure
risks faced by financial institutions such as market risk, operational risk
and structural risk. These are largely due to the Basel II requirements that
aim to improve the safety and soundness of the financial system by aligning
capital adequacy assessment more closely with the underlying risks in the banking
industry.
To deal with security risks, companies can contact security
software providers for software solutions and consultancy firms for help in
formulating security policies. Unfortunately, even with risk management technology
not much can be done about environmental risks, such as natural disasters, terrorist
attacks, change in governmental regulations, says Hui. “These risks are
hard to quantify and unquantifiable risks are hard to manage,” she says.
Smaller companies are wrong to think they have no risk management needs. Enterprises
need to think in terms of the sophistication of their business when it comes
to risk.
Both small and large companies are likely to deal with complex
scenarios and large volumes of complex data. Without the proper use of risk
management tools, they are likely to lose out from the lack of understanding
of the risks facing them.
- Market risk—organised around the
risk of interest rate fluctuations, currency fluctuations, equity fluctuations
and commodity fluctuations and how they might affect some key performance
measure, typically the value of a portfolio or the level of net income
of a firm.
- Structural risk—associated with interest
rate fluctuations and their effect on business net income or portfolio
value.
- Operational risk—centres around operational
failures or incidents and their impacts on the functioning of a business.
- Credit risk—factors that make client and
counter party defaults more likely, and makes estimates of typical losses
that could be expected with a corporation’s accounts receivable
or with a bank’s loan portfolio as a result of defaults.
|
—Asia Computer Weekly
|
