FIN 562

Brobst Winter 2017

Week 1 Slides

Agenda

5:45 6:30

Course Introduction

6:30 7:15

Enterprise Risk Management

7:30 8:30

Risk Concepts

Course Introduction

Individual introductions / name cards

Chuck Brobst

Email: crbrobstjr@gmail.com / cbrobst@DePaul.edu (please send to both)

Suggestion: include my professional email too

C.Brobst@gfmsolutionsgroup.com

Office Phone: 312-869-4740

Office Hours: Thursdays from 4:00pm to 5:30pm (or by appointment)

Text & Readings:

Lam, James, 2014, Enterprise Risk Management: From Incentives to

Controls (John Wiley & Sons)

Barton, Shenkir, Walker, 2002, Making Enterprise Risk Management Pay

3
Off: How Leading Companies Implement Risk Management (Prentice
Hall)

Course Introduction (cont.)

Course

Learning Objectives

Theory

and practice of Risk Management

To become

conversant in the terminology and topics of

risk to the extent that you will be capable to conduct a
substantive interview

To provide

understanding of the various risks that a

firm faces and the methods that can be used to manage
the risk

To address

some basic financial derivative products

frequently used mitigate various exposures
4

Course Introduction (cont.)

Course

Learning Objectives

Learn

how firms address operating exposures

Both

financial and nonfinancial firms will be considered

when discussing the implementation of risk
management programs

There

is a heavy focus on mechanical methods for

measuring and managing financial risk due to the highly
developed tools and frameworks
We

will place emphasis on using such tools to address

risks across the enterprise
5

Course Introduction (cont.)

Course Grade

Homework Assignments (3) 10%

Mini Quizzes 10%

Mid-term Exam 30%

Final Exam 40%

Class Participation 10%

5%

based on attendance

5%

based on classroom activities

Work done for this course must adhere to the University Academic Integrity
Policy, which you can review in the Graduate Student Handbook or by
visiting:
http://www.depaul.edu/university-catalog/academic-handbooks/Pages/defa
6
ult.aspx
.

Course Introduction (cont.)

Session
1

Day
Jan 5

Jan 12

Jan 19

Jan 26

Feb 2

Proposed Topics
Overview of Risk Management,
Mechanism, responsibilities, and
governance.

Assignment
Lam, Ch. 1-3
Barton Ch. 2

Financial Market Risk

Interest Rate Risk
Duration
Homework #1 assigned
Mini-Quiz 1
Forward & Futures Contracts, Option
Contracts, Put Call Parity/Greeks
Overview, Collars, etc.
Homework #2 assigned
Operational Risk, Framework
Identification, Measurement,
Management
Types and Evolution of Operational
Risk Quantification
Swaps and CDOs

Lam, Ch. 13
Barton Ch. 5 Microsoft

Midterm Exam (2 hours)

Homework #1 due
Class slides. Textbooks
covering the subject
available for loan upon
request.
Homework #2 due
Lam, Ch. 14

Course Introduction (cont.)

Session

Day

Feb 9

Feb 16

Feb 23

Mar 2

10

Mar 9

EXAM

Mar 16

Proposed Topics

Assignment

Cyber Risk and related issues

Credit Risk, Basic Framework
Risk Models / Economic Capital

Lam, Ch. 9
Lam, Ch. 10
Barton, Ch. 3 Chase
Manhattan
Risk quantification - Credit Risk
Lam, Ch. 12
Quantitative Approaches & Concepts, Lam, Ch. 13
Risk adjusted returns,
Model Risk
Homework #3 assigned
Governance and Oversight
Homework #3 due
Risk-based decision making
Lam, 5
Lam, Ch. 24
Mini-Quiz 2
Role of Board
Enterprise Risk Management

Risk Appetite/Risk Culture

Case Discussion
Course Review

Final Examination

Barton Ch. 6 United Grain

Growers
Lam, Ch. 22
Barton, Ch. 4 DuPont
Economic Articles on Risk

Course Introduction (cont.)

Class

participation is a key component

Elements
5%

of grade is attendance

Mandatory

class project participation

Collaborative

homework reviews

One

minute summary of a risk-management related

article

Case

study discussion

Questions
9

Risk Management, a Brief History

Risk based on an Italian word that means to dare

Most developments in risk management stem from ideas or

thoughts from 1650 to 1760. A few examples:

Law of Large Numbers (1703) average outcome will approach expected

value the more times an experiment is performed

Normal Curve (1730s)

Bayes Theorem (1750s)

connects conditional probabilities to their inverses

think of this as how assumptions of states of the world affect expected

outcomes

Two significant exceptions:

Mean Reversion (1875)

Benefits of Diversification (1952)

10

What is Risk Management?

Avoiding Risk? Uncertainty?

No risk, no return

Higher risk, higher return

To determine which risks are acceptable and whether the reward is

commensurate

Returns are relative to risk

Selecting the appropriate level

Sacrificing resources today for future, uncertain returns

The capacity to manage risk (i.e., appetite for risk with forward
choices) is a key element in driving the economic system forward

Every business decision involves risk in one form or another

11

Alternative to Risk Management

Over

the long term, the only alternative to risk

management is crisis management and crisis
management is much more expensive, time
consuming, and embarrassing.
We

will include examples of crisis management as a

result of poor risk management

12

Why Manage Risk?

Risk

management is a virtuous cycle in which all

stakeholders benefit

Managements

job

Despite

the premise of financial and portfolio theory,

shareholders cannot do this for themselves

Reduce

earnings volatility = adding value

Reduces

variability in share price and lowers required

returns
Maximize

shareholder value

Empirically

Promote

job and financial security

13

Enterprise-Wide Risks
Financial

Risk

Unexpected

outcome due to financial variables like

markets, credit, liquidity

Business

Risk

Unexpected

outcome due to sales volume,

production cost, input costs, competition,
economic climate and government regulations

Operational

Risk

Unexpected

outcome due to inadequate processes,

people or systems

14

Why an Enterprise Approach to Risk?

Integrate

risk management efforts = View across

functional silos enables
Risk

interdependency = correlation

Unified

methodology and measurement across enterprise

Enterprise-level
Enables

business and data analytics

Effective

Identify

data = Aggregated view of risk

reporting

gaps and redundancies

Cross-pollination
Competitive

of insights

advantage
15

Enterprise-Wide Risks

Business
Financial

Operational

Risk (and functional)

interdependencies exist

Some are
opportunities

Some are threats

All provide insights

into how different
functions within a
business impact each
other

16

Why Enterprise Approach? - Examples

Business

& Operational & Market Risk

Rising cost of raw materials; higher cost of finished goods;

lower margins

Procurement department hedges commodity purchases and

generates gains on financial contracts

Sales department increases output price to offset cost of

raw materials

Competitors maintain prices due to coordinated approach to

risk

Companys competitive position suffers

17

Why Enterprise Approach? Examples (cont.)

Business

& Market Risk

Media companies revenues come under pressure during

economic slowdown

Central bank monetary policy is accommodative, leading to

low short-term interest rates

Opportunity: hedge business risk with a financial risk profile

that reduces interest expense when revenues slow or decline
due to economic conditions

18

Why Enterprise Approach? Examples (cont.)

Business

& Operational Risk

High sales volume results in unusually high volume of new

contract negotiations

Legal department is understaffed for high volumes, lacks

coordination with sales group to understand the unique
nature of new client opportunity

New contractual agreement is drafted and signed

New client has the legal rights that were unintended and
substantially reduce the revenue opportunity of the
relationship
19

Why Enterprise Approach? Examples (cont.)

Operational

& Financial Risk

What are some intuitive hypotheses for the relationship

between, say, fraud and market conditions?

20

How to Operate with Risk

Understand
Assess

the risk

the risk appropriately (i.e., price it)

Require

sufficient returns to support engaging in activities

Raise

/ invest sufficient capital to withstand / sustain

operations in the event of downside risks

Disclose

risks to stakeholders

Educate

and incorporate role players in the risk

management process

21

Raising Risk Awareness

Chinese philosopher: smart person learns from their mistakes and a wise person
learns from the mistakes of others

Industry best practices

Benchmarking
Active

dialogue with peers, competitors through industry and function related events

Lessons learned EVERY significant loss is a learning opportunity

Case

studies of mismanagement at other companies

Discussion

by comparison of practices across industry participants

of how to avoid similar outcomes

Initiative formulation and execution

Report

and log incidents

Review

process

Ascertain
Develop

causes

prevention procedures
22

Everyone is a Risk Manager

Culture

needs to encourage all employees to

contribute
Senior

executive buy-in, leadership

How?
Education
Dialogue
E.g.,

Ask employees how projects can fail

Incentives
Link

compensation to reward AND risk

23

Key Risk Lessons

1.

Know Your Business

2.

Establish Checks and Balances

3.

Set Limits and Boundaries

4.

Keep Your Eye on Cash

5.

Use the Right Yardstick

6.

Use the Right Carrot

7.

Balance the Arts and Sciences of Risk Management

24

Know Your Business

Shared responsibility

Board of directors to employees

Managers must understand the business and processes under

their supervision and approval authority

Business and operational processes

Key performance drivers

Major risks

ALL employees

How individual accountabilities affect the risks of the

organization

How their functions relate to others in the company

25

Establish Checks and Balances

Diversify people and processes to prevent any one person or group from
gaining excessive power to take risks

Limit individuals authority to affect the overall business

Establish visibility into individuals activities

Examples of important practices

Appoint independent directors

Establish risk and audit committees

Proofreading and oversight

Failures

Trade tickets buried in a traders drawer how does this happen?

Allied Irish Bank lost $750 million through fictitious transactions

Front-office involvement in middle office and risk control activities

Anecdote
26

Establish Checks and Balances

Failures

27

Set Limits and Boundaries

When is there too much risk?

Limits define when a business must stop

Market risk

Product limits (options, forwards, exotics, etc.)

Tenor limits

Market sensitivity metrics

Option

Greeks

Duration

Credit risk

Counterparty limits

Risk rating

Country (Sovereign)
28

Set Limits and Boundaries (cont.)

Boundaries are used to control business and organizational

risks

Established policies and statements addressing

Sales standards

Product disclosures

Employment practices

Hiring

Termination

ERM policy

Statement of risk appetite

Explicit limits / tolerances

29

Keep Your Eye on the Cash

The most painful fraud and errors affect cash

Cash is king, accounting is opinion.

Cash is a valuable indicator of reasonableness of accounting

results

Long delays between reported earnings and actual cash

flows are a warning sign

Example: anti-money laundering efforts focus on cash

transactions and movement

Greater importance of cash reporting and reconciliation as

e-commerce and electronic banking dominate new economy
30

Use the Right Yardstick

Performance metrics used to evaluate individuals are a key

driver of behavior exhibited

Drive risk awareness by evaluating employees on

Revenue metrics

AND

Risk metrics

Most cautionary tales resulted from performance measured

solely based on profitability

Risks were either unsupervised OR purposely concealed

31

Pay for the Performance You Want

Performance measurement and compensation is the most

powerful driver of behavior

Design and implement incentives to reinforce desired

behaviors

Compensation based on profits is asymmetric

As a trader colleague once told me I dont care how much money

I lose, I will not pay the bank!

32

Balance Arts and Sciences of Risk Mgt.

Science

Behaviors

Processes

Commitment

Systems

Communication

Reporting

Statement of guiding
principles

Training & development

Reinforcement of
positive

Art

People

Skills

Culture

Values

Incentives
33

Types of Risk

Credit

Market

Operational

Business

Liquidity

Legal/Reg.

Strategic

Reputation

Systemic
34

Risk Concepts

Exposure

Volatility

Probability

Severity

Time Horizon

Correlation

Capital

35

Risk Concepts (contd)

Exposure What do I stand to lose?

Market or credit exposures can typically be stated concretely

1,000

shares of stock purchased for $50 / share = $50,000

exposure

$10,000,000

loaned to Company ABC = $10,000,000 of loan

exposure

Financial derivative exposure is frequently more complex

However, well-defined

methods have been developed to

estimate

Strategic, Business, Operational exposure can be amorphous

and difficult to quantify
36

Risk Concepts (contd)

Volatility How uncertain is the future?

Variability of potential outcomes

How

far could the actual outcome be from the expected

outcome?

Describes the relative value of options in pricing functions

Greater volatility = greater risk

Specific, quantifiable meaning in some areas

Standard

deviation

What do you think happens to volatility assumptions when

markets behave erratically?
37

Risk Concepts (contd)

Volatility: greater volatility = greater risk

38

Risk Concepts (contd)

Probability How likely is the risky event?

For certain risk types, volatility and probability of risk are directly and
easily related

Market risk, credit risk

Higher volatility equates to higher probability of unexpected events

In many cases, the risky event is the result of a progression of intermediate steps

Example: The risk of EUR depreciation such that the EURUSD exchange rate moves
from 1.2000 to 1.1000

For other risk types, the probability of risk episodes is very low, but the
impact is devastating and the outcome is binary

i.e. the event happens without partially impacting the company along the way

Example: A fire that destroys a data center

39

Risk Concepts (contd)

Probability (contd)

If the concern is whether an outcome will occur, it is important to

consider the process by which it can happen

Example: The risk of EUR depreciation such that the EURUSD exchange rate
moves from 1.2000 to 1.1000

1.21

EUR|USD=1.20
1.19

Most times, market prices do not jump or gap as they depreciate,

however, under certain conditions, prices can drop rapidly and materially

In

evaluating the probability of a risk, it can be helpful to

consider whether the company gets a second chance to
evaluate
40

Risk Concepts (contd)

Severity How bad might it get?

Where exposure is the total amount at stake

severity is the loss likely to be suffered

Often a function of other risk factors

In general: Expected Loss = Severity x Probability

Market risk

Severity is directly related to volatility

Higher volatility Greater severity

Credit risk

Severity = Exposure x (1 Recovery Rate)

41

Risk Concepts (contd)

Severity How bad might it get?

In general: Expected Loss = Severity x Probability

42

Risk Concepts (contd)

Time Horizon How long will I be exposed to the risk?

Longer exposures Greater risk

Time is considered in different ways for different risks

Credit risk: the longer a liability is outstanding, the more

time for a companys ability to pay to decline

Market risk: the longer the exposure, the more time for
market outcomes to deviate from the expected outcome

Operational risk: the longer the period to recover from an

operational disaster, the greater the loss

43

Risk Concepts (contd)

Time Horizon How long will I be exposed to the risk?

44

Risk Concepts (contd)

Time Horizon How long will I be exposed to the risk?

Longer exposures Greater risk

45

Risk Concepts (contd)

Correlation How are risks related to each other?

Greater correlation among exposures = Greater risk

Key concept in diversification, and a key tenet of integrated approach to

enterprise risk management

Imperfect correlation (<1.00) among exposures provides diversification and

risk reduction

Implies that complete elimination (hedging) of all exposures is at least partially

redundant

Negative correlation (<0.00) among exposures enables some offset of

certain exposures against each other

Hedging only one of two offsetting exposures will actually increase a companys
aggregate exposure to loss

Earlier example of media company revenue (cyclical) and interest expense

indexed to short-term interest rates
46

Risk Concepts (contd)

Correlation (contd)

Reduce risk concentration

Imperfect correlation reduces concentration of risk

Address concentrated risk

Introduce

risk limits or targets

EUR 10 million currency position

Redundant data centers

Management of key employee risk through outsourcing

Provide offsetting risks (hedges)

47

Risk Concepts (contd)

Correlation (contd)

Example: highly correlated exposures

Portfolio volatility =

48

Risk Concepts (contd)

Correlation (contd)

Example: highly correlated exposures

Portfolio volatility =

49

Risk Concepts (contd)

Correlation (contd)

Example: highly correlated exposures

Correlation
A
A
B
C

B
1.00
0.30
(0.60)

C
0.30
1.00
(0.80)

(0.60)
(0.80)
1.00

Portfolio volatility =

50

Risk Concepts (contd)

Capital What should be set aside to cover unexpected losses?

Two purposes
Cover

required investment

Cover

unexpected losses

Another
In

some cases, based on regulatory requirements

Greater coverage Greater creditworthiness

metric for risk

Probability of survival

Used as a comparative basis for business units in the same company

Capital intensive business units must generate greater profit to meet hurdle
returns on capital

Metric to gauge efficient users of capital, contributors to shareholder value

51

Risk Processes

Risk Awareness

Encourage employees to consider risks involved in their activities

Understand their role in managing risk

Risk Measurement

Consistent reporting metrics that express the potential, unexpected

negative impact on the company

Risk Control ensure tolerable range of outcomes

Evaluation
Do

nothing

Mitigate

Execute mitigation strategy

Insure, Hedge, Hire, Outsource, Build, Move, etc

52

Risk Management Process

Identify Risk Exposures

Measure and Estimate Risk Exposures

Find Instruments and Facilities to

Shift/Trade Risks

Assess Effects of Exposures

Assess Costs and Benefits of

Instruments

Form a Risk Mitigation Strategy: (i) avoid,

(ii) transfer, (iii) mitigate, (iv) keep

Evaluate Performance

53

Risk Awareness

Objectives

Proactive identification of risks

Individual responsibility for consequences

Communication

Processes

Set tone

Ask questions

Common structure and language

Tools,

metrics, strategies

Training

Incentives aligned with accountability

54

Risk Measurement

What gets measured gets managed

Limitations

Data, analytics, systems resources

Disciplined data capture and reporting

Key Elements

Losses levels and important trends

Incidents loss of clients, policy violations, fraud

Risk Assessments advance disclosure of areas that threaten the company

Key Risk Indicators

Exposure actual quantity versus limits

Risk/return metrics

Operating metrics errors, complaints, downtime

55

Risk Control

Support business growth

Establish/maintain review process to evaluate and rationalize new and

existing businesses

Support profitability

Pricing should include reflection of risks as well as traditional costs

What if competitive forces do not allow competitive pricing based on

consideration of risks?

Control downside

Manage within acceptable range given companys appetite

Use sensitivity limits to manage impact under extreme outcomes in

risk factors

Transfer risk by insuring or hedging

56