Various Means of Managing Risk

28/07/2020 0 By indiafreenotes

Risk Management is the process of identifying, assessing, and controlling threats to an organization’s capital and earnings. These threats, or risks, could stem from a wide variety of sources, including financial uncertainty, legal liabilities, strategic management errors, accidents, and natural disasters. IT security threats and data-related risks, and the risk management strategies to alleviate them, have become a top priority for digitized companies. As a result, a risk management plan increasingly includes companies’ processes for identifying and controlling threats to its digital assets, including proprietary corporate data, a customer’s personally identifiable information (PII) and intellectual property.

All risk management processes follow the same basic steps, although sometimes different jargon is used to describe these steps. Together these 5 risk management process steps combine to deliver a simple and effective risk management process.

Step 1

Identify the Risk. You and your team uncover, recognize and describe risks that might affect your project or its outcomes. There are a number of techniques you can use to find project risks. During this step you start to prepare your Project Risk Register.

Step 2

Analyze the risk. Once risks are identified you determine the likelihood and consequence of each risk. You develop an understanding of the nature of the risk and its potential to affect project goals and objectives. This information is also input to your Project Risk Register.

Step 3

Evaluate or Rank the Risk. You evaluate or rank the risk by determining the risk magnitude, which is the combination of likelihood and consequence. You make decisions about whether the risk is acceptable or whether it is serious enough to warrant treatment. These risk rankings are also added to your Project Risk Register.

Step 4

Treat the Risk. This is also referred to as Risk Response Planning. During this step you assess your highest ranked risks and set out a plan to treat or modify these risks to achieve acceptable risk levels. How can you minimize the probability of the negative risks as well as enhancing the opportunities? You create risk mitigation strategies, preventive plans and contingency plans in this step. And you add the risk treatment measures for the highest ranking or most serious risks to your Project Risk Register.

Step 5

Monitor and Review the risk. This is the step where you take your Project Risk Register and use it to monitor, track and review risks.

Risk is about uncertainty. If you put a framework around that uncertainty, then you effectively de-risk your project. And that means you can move much more confidently to achieve your project goals. By identifying and managing a comprehensive list of project risks, unpleasant surprises and barriers can be reduced and golden opportunities discovered. The risk management process also helps to resolve problems when they occur, because those problems have been envisaged, and plans to treat them have already been developed and agreed. You avoid impulsive reactions and going into “fire-fighting” mode to rectify problems that could have been anticipated. This makes for happier, less stressed project teams and stakeholders. The end result is that you minimize the impacts of project threats and capture the opportunities that occur.

Preventable Risks

These are internal risks, arising from within the organization, that are controllable and ought to be eliminated or avoided. Examples are the risks from employees’ and managers’ unauthorized, illegal, unethical, incorrect, or inappropriate actions and the risks from breakdowns in routine operational processes. To be sure, companies should have a zone of tolerance for defects or errors that would not cause severe damage to the enterprise and for which achieving complete avoidance would be too costly. But in general, companies should seek to eliminate these risks since they get no strategic benefits from taking them on. A rogue trader or an employee bribing a local official may produce some short-term profits for the firm, but over time such actions will diminish the company’s value.

This risk category is best managed through active prevention: monitoring operational processes and guiding people’s behaviors and decisions toward desired norms. Since considerable literature already exists on the rules-based compliance approach, we refer interested readers to the sidebar “Identifying and Managing Preventable Risks” in lieu of a full discussion of best practices here.

Strategy Risks

A company voluntarily accepts some risk in order to generate superior returns from its strategy. A bank assumes credit risk, for example, when it lends money; many companies take on risks through their research and development activities.

Strategy risks are quite different from preventable risks because they are not inherently undesirable. A strategy with high expected returns generally requires the company to take on significant risks, and managing those risks is a key driver in capturing the potential gains. BP accepted the high risks of drilling several miles below the surface of the Gulf of Mexico because of the high value of the oil and gas it hoped to extract.

Strategy risks cannot be managed through a rules-based control model. Instead, you need a risk-management system designed to reduce the probability that the assumed risks actually materialize and to improve the company’s ability to manage or contain the risk events should they occur. Such a system would not stop companies from undertaking risky ventures; to the contrary, it would enable companies to take on higher-risk, higher-reward ventures than could competitors with less effective risk management.

External Risks

Some risks arise from events outside the company and are beyond its influence or control. Sources of these risks include natural and political disasters and major macroeconomic shifts. External risks require yet another approach. Because companies cannot prevent such events from occurring, their management must focus on identification (they tend to be obvious in hindsight) and mitigation of their impact.

Companies should tailor their risk-management processes to these different categories. While a compliance-based approach is effective for managing preventable risks, it is wholly inadequate for strategy risks or external risks, which require a fundamentally different approach based on open and explicit risk discussions. That, however, is easier said than done; extensive behavioral and organizational research has shown that individuals have strong cognitive biases that discourage them from thinking about and discussing risk until it’s too late.

Classification of Risks in Banking sector


  1. Credit Risk

  • Credit risks involve borrower risk, industry risk and portfolio risk. As it checks the creditworthiness of the industry, borrower etc.
  • It is also known as default risk which checks the inability of an industry, counter-party or a customer who are unable to meet the commitments of making settlement of financial transactions.
  • Internal and external factors both influences credit risk of bank portfolio.
  • Internal factors consist of lack of appraisal of borrower’s financial status, inadequate risk pricing, lending limits are not defined properly, absence of post sanctions surveillance, proper loan agreements or policies are not defined etc.
  • Whereas external factor comprises of trade restrictions, fluctuation in exchange rates and interest rates, fluctuations in commodities or equity prices, tax structure, government policies, political system etc.

How banks manage this risk?

  • Top management consent or attention should be received in order to manage the credit risk.
  • Credit Risk Management Process include:
  1. In a loan policy of banks, risk management process should be articulated.
  2. Through credit rating or scoring the degree of risk can be measured.
  3. It can be quantified through estimating expected and unexpected financial losses and even risk pricing can be done on scientific basic.
  • Credit Policy Committee should be formed in each bank that can look after the credit policies, procedures and agreements and thus can analyze, evaluate and manage the credit risk of a bank on a wide basis.
  • Credit Risk Management consists of many management techniques which helps the bank to curb the adverse effect of credit risk. Techniques includes: credit approving authority, risk rating, prudential limits, loan review mechanism, risk pricing, portfolio management etc.
  1.  Market Risk 

  • Earlier, majorly for all the banks managing credit risk was the primary task or challenge.
  • But due to the modernization and progress in banking sector, market risk started arising such as fluctuation in interest rates, changes in market variables, fluctuation in commodity prices or equity prices and even fluctuation in foreign exchange rates etc.
  • So, it became essential to manage the market risk too. As even a minute change in market variables results into substantial change of economic value of banks.
  • Market risk comprises of liquidity risk, interest rate risk, foreign exchange rate risk and hedging risk.

How banks manage this risk?

  • The major concern for the top management of banks is to manage the market risk.
  • Top management of banks should clearly articulate the market risk policies, agreements, review mechanisms, auditing & reporting systems etc. and these policies should clearly mention the risk measurement systems which captures the sources of materials from banks and thus has an effect on banks.
  • Banks should form Asset-Liability Management Committee whose main task is to maintain & manage the balance sheet within the risk or performance parameters.
  • In order to track the market risk on a real time basis, banks should set up an independent middle office.
  • Middle office should consist of members who are market experts in analyzing the market risk. The experts can be: economists, statisticians and general bankers.
  • The members of Middle office should be separated from treasury departments or in daily activities of treasury department.
  1. Operational Risk

  • For a better risk management practice, it has become essential to manage the operational risk.
  • Operational risk arise due to the modernization of banking sector and financial markets which gave rise to structural changes, increase in volume of transactions and complex support systems.
  • Operational risk cannot be categorized as market risk or credit risk as this risk can be described as risk related to settlement of payments, interruption in business activities, legal and administrative risk.
  • As operational risk involves risk related to business interruption or problem so this could trigger the market or credit risks. Therefore, operational risk has some sort of linkages with credit or market risks.

How banks manage this risk?

  • There is no uniform approach in measuring the operational risk of banks. Till date simple and experimental methods are used but foreign banks have introduced some advance techniques to manage the operational risk.
  • For measuring operational risk, it requires estimation of the probability of operational loss and also potential size of the loss.
  • Banks can make use of analytical and judgmental techniques to measure operational risk level.
  • Risk of operations can be: audit ratings, data on quality, historical loss experience, data on turnover or volume etc. Some international banks has developed rating matrix which is similar to bond credit rating.
  • Operational risk should be assessed & reviewed at regular intervals.
  • For quantifying operational risk, Indian banks have not evolved any scientific methods and are using simple benchmark system which measures business activity.