Risk management process (2) (issues to consider in evaluating risks…
Risk management process (2)
contents of risk register
measures of risk
estimate of max loss that may occur with a given probability over a specified time period.
how to manage low likelihood/high impact risks
diversify away to limit extent
passed to a reinsurer
mitigated using management control scenarios such as disaster recovery planning
important not to concentrate on them unduly at the expense of other types of risk
1.) group risks into broad categories e.g. systems risks, fraud. This should involve input from a wide range of senior individuals in the organisation
2.) develop a plausible adverse scenario of risk events for each group of risks, representative of all risks in the group.
3) Calculate the consequences/cost of the risk event occurring for each scenario again involving the input from senior staff.
4.) Calculate the total costs of all risks represented by each scenario
issues to consider in evaluating risks
should the ruin probability be expressed over a single year or over the whole run-off of the business?
modelling more than two variables stochastically is too complex
effect of multiple risk events may be greater or less than the sum of individual risks.
some risks, such as operational risks are highly subjective.
past data must be used with caution in estimating the consequences of rare events