Risk management is the process of:
Identifying the risks faced by an organisation.
Assessing how likely these risks are and what their impact could be.
Responding to each risk with appropriate actions and decision-making.
The key objective of risk management is to optimise risk-adjusted returns.
Enterprise risk management:
Is an holistic approach rather than a silo approach:
- looks at risks from all sources across the whole organisation.
- is led by the Board, coordinated by the RMF, and is the responsibility of all.
- considers interactions between risks such as concentration and diversification.
- is a dynamic ongoing process.
- is a consistent approach across the organisation.
Aids in value creation:
- by integration into business processes and strategic decision-making
- considering both upside and downside risks
Risk measurement:
- considers quantifiable and unquantifiable risks
Risk response:
- retain, remove, reduce, transfer
What are the differences between risk and uncertianty.
Risk refers to a situation where all possible outcomes and their probabilities are known (or can at least be estimated). Risk can typically be modelled or managed.
Uncertainty refers to the situation where we lack knowledge/understanding of the processes which lead to the various possible outcomes. Uncertainty cannot be modelled and is very difficult to manage.
Risk exposure.
Risk exposure is the maximum loss that can be suffered if an event occurs.
Risk volatility.
Risk volatility is a measure of the variability within the range of possible outcomes.
Risk probability.
Risk probability is the likelihood that an event occurs.
Risk severity.
Risk severity is the loss that is likely to be incurred if an event occurs.
Risk time horizon.
Risk time horizon is the length of time for which an organisation is exposed to a risk.
Risk correlation.
Risk correlation is the degree to which differing risks behave similarly in response to common events.
Risk capital.
Risk capital is the money set aside to cover unexpected losses.
