RIMS Workshops: Financial and Quantitative Risk
I recently attended one of the Risk and Insurance Management Society’s (RIMS) workshops in Toronto: “Finance for the Risk Manager”, facilitated by Philippe Sarfati, Chief Risk Officer for Coast Capital Savings in Vancouver. My motive was to become familiar with finance risk analysis, and then somehow to integrate it with my current techniques for risk assessment: business decisions should benefit from a comprehensive approach.
This quest has some history: I first became interested in risk in finance when participating in the review of public-private partnerships in BC government. Much later I attended another workshop (Risk Analysis Tools Boot Camp) with the idea of exploring how financial and statistical modeling should be related to the whole planning process. My thought is that risk managers really ought to oversee data analysis and financial models, to review their scope and assumptions, and situate them in a wider context of corporate goals and values (see my February 2009 post Financial Risk Modeling).
Well, my overall impression was that the course was a ‘tour de force’ from the banking world. It was fascinating to see how a career banker brought rigorous methods to risk quantification for individual projects.
It was clear that the facilitator conceived of the world of risk management as primarily a financial exercise, because ERM (enterprise risk management) was relegated to a sub-category within Ops, while the main rubrics of the risk regime were: Credit Risk; Operations Risk; Market Risk; Liquidity and Funding; and Legal/Regulatory/Compliance Risk.
Therefore, we were really learning financial analysis for projects – from a risk management perspective, largely to recommend or reject a given project. Among other things, we looked at Expected Loss, Risk Adjusted Return on Capital, and the relationship between discounted cash flows to likely and required returns. Earnings at Risk ,Value at Risk and Credit Risk exercises are included in the slide deck.
We had an interesting discussion on the role of professional financial advisors: while everyone agreed that we are all to some degree dependent on outside sources to substantiate investment decisions, there is no substitute for your own analysis.
The idea was for risk managers to understand that they really need to present to senior executive or the Board a range of options, with risk factors made clear. You can present the likely rate of return for a given project; that is, the forecast or expected return. It must be equal to or greater than the firm’s required rate of return – their own internal benchmark. You must also present the probability of success for each of 3 options. You need to use stress testing, present the risks of doing nothing, and explain the opportunity cost associated with each option.
Business Decisions and Risk
Project decisions, in conjunction with the financial analysis, are then go/no-go decisions made by virtue of:
- the difference between required and expected returns;
- the organization’s tolerance for risk; i.e.,
- the degree of variability or volatility that the organization’s capital structure can support; and
- the possibility of correlated risk.
What struck me was that the financial analysis fundamentally relied on various calculated probabilities of events: that is, the typical probabilities of failure for similar projects or lines of business.
The trouble is, rating agency reports, as well as peer or industry data, can be either hard to obtain, or suffer from poor validity and comparability. The instructor pointed out that, indeed, a firm’s proprietary Internal Risk Rating – a system that models income, risks and losses based on similar projects or lines of business – if well developed and accurate, can be a source of competitive advantage.
I would add that projects are also dependent upon the probabilities of events that are not necessarily catalogued, assigned a probability distribution, or even identified without a concerted effort. There are unique elements, and many risk categories that are not strictly financial, within a given scenario. Projects and program plans should be checked at the conceptual stage re: alignment with strategic direction and core business, reputation risk, stakeholder and consultation risk, and the organization’s system of ethics and values.
This workshop met very well my expectation to gain some understanding of how the financial analysis is done. I think, to be comprehensive, the risk manager has to facilitate the discussion to integrate the financial view with strategic and operational risk assessment.