ERM Flashcards — Part 2

Components of ERM

Final versions: [Pt.1] [Pt.2] [Pt.3] [Pt.4] [Pt.5] [Pt.6]

  • Structural changes leading to more strategic flexibility: 1. increase outsourcing; 2. spread operations to other sites/countries (reduce concentration); 3. shift distribution channels (physical store to online); 4. move to multi-disciplinary project teams.
  • Actuarial Control Cycle: General commercial and economic environment >> (specify problem <-> develop solution <-> monitor experience) << professionalism.
  • Sweeting’s ERM cycle: Identification >> Assessment >> Management >> Monitoring >> Modification >> Identification.
  • Identification in ERM cycle: Define and record all risks in a consistent way.
  • Assessment in ERM cycle: Consider and quantify risks in the context of risk appetite.
  • Management in ERM cycle: Ongoing treatment of risks.
  • Monitoring in ERM cycle: Continuous recording, review and reporting of risks, losses, and effectiveness of treatments, plus external audit.
  • Modification in ERM cycle: Alter approach as business and risk environment changes.
  • Three lines of defense: 1. line management staff in business units; 2. CRO, risk management team and compliance team; 3. Board and audit function.
  • Responsibilities of first line of defense: Measure and manage risk in individual business units on a daily basis (in line with company’s risk appetite and risk policies).
  • Responsibilities of second line of defense: Establish risk and compliance policies, support and monitor line management, report to Board.
  • Responsibilities of third line of defense: Effective governance of risk management process, set risk management strategy, approve policies and ensure ERM is effective.
  • Items requiring a clear statement in establishing risk management policies: 1. upper bound for risk exposure; 2. current risk exposure; 3. desired risk exposure; 4. breakdown of upper bound and risk targets into more detailed statements; 5. detailed operational guidelines for managers.
  • Utility function: Measure of happiness or satisfaction as a function of wealth. Different functions can express different attitudes to potential gains and losses.
  • Key features of realistic utility functions: 1. monotonic increasing (having more of something is always better); 2. concave (marginal utility decreases as wealth increases).
  • Features of quadratic utility functions: 1. can use to maximize expected wealth subject to volatility; 2. increasing absolute and relative risk aversion.
  • Features of exponential utility functions: 1. constant absolute risk aversion; 2. increasing relative risk aversion.
  • Features of power utility functions: 1. decreasing absolute risk aversion; 2. constant relative risk aversion.
  • Prospect function: Function is concave above W_0 and convex below W_0 (S-shaped).
  • Two reasons why prospect functions are better than utility functions: 1. considers investor’s starting point of wealth (risk seeking when facing losses, risk averse when facing gains); 2. prospect function flattens out at both ends (reflects ambivalence to gains/losses at extremes of wealth).
  • Time period covered by risk management policy: Generally similar to what is in the company’s business plans (3 to 5 years).
  • Frequency of review for risk management policy: At least annually.
  • Risk management policy — objectives and definitions: 1. goals of ERM activities; 2. statement of company’s philosophy on risk management and desired risk culture; 3. risk categories and definitions (taxonomy).
  • Risk management policy — risk management culture: 1. role of risk managers (CEO, CRO, executive managers, risk sponsors, risk owners, risk committee members); 2. structure of corporate governance (delineation of responsibilities).
  • Risk management policy — risk management processes and benchmarks: 1. overview of each stage of risk management process; 2. risk appetite and tolerance statements; 3. risk policy standards (ensure risk policies are consistent across company).
  • Factors that can be set by probabilistic risk appetite statements: 1. solvency level; 2. target credit rating; 3. earnings volatility; 4. ability to pay dividends; 5. economic capital.
  • Four key risk management processes and systems requiring documentation: 1. decisions made and their reasons; 2. systems (specs, UAT); 3. financial models (data, assumptions); 4. failures.
  • Desirable features of information used for monitoring: 1. timely; 2. reliable; 3. relevant; 4. balance of amount of data and ease of interpretation (clarity).
  • Five types of communication: 1. internal; 2. external (inwards); 3. external (outwards); 4. informal; 5. formal.
  • Benefits of consistent risk language: Key to avoiding problems such as duplication or omission of risks. Should increase speed of ERM adoption and is particularly important for multi-national companies.
  • Development process for risk metrics: Board sets a limit on level of risk that is acceptable. Risk Management Function conducts analysis to identify key drivers that may lead to breaching the limit, then set up risk metrics to monitor these drivers to get an early indication of changes in risk profile.
  • Usage of KRIs: Managers can use KRIs to identify when risk limits are close to being exceeded and initiate actions to keep the company within its risk tolerance.
  • Considerations for selecting KRIs: 1. polices and regulations; 2. strategies and objectives; 3. past losses and incidents; 4. stakeholder requirements; 5. risk assessments.
  • Desirable features of KRIs: 1. based on consistent methods and standards; 2. incorporate key risk drivers; 3. quantifiable; 4. tracked over time; 5. tied to objectives; 6. linked to an accountable individual; 7. useful in decision making; 8. able to be benchmarked externally; 9. timely; 10. cost effective to measure; 11. simple (not simplistic); 12. both leading and lagging indicators.
  • ERM feedback loop: Management and other stakeholders are informed of significant issues or changes in business and/or environment. These issues or changes are then incorporated into the ERM framework.
  • Key components of a risk report to the Board: 1. qualitative and quantitative information; 2. summary of losses and incidents; 3. summary of business risks and key discussions and decisions required of the Board; 4. narrative from management on important data and trends; 5. KPIs against KRIs with important deviations and trends highlighted; 6. important events and milestones (regulatory visit).
  • Design of a management reporting system: Use a top-down approach. Consider what information is necessary to make management decisions. Once this information is identified and sourced, it needs to be presented in a way that is easily understood.
  • Features of a good management reporting system: 1. clear, relevant, timely, reliable; 2. single point of access to critical risk information collected from various risk systems and data sources; 3. role-based summary with drill-down capabilities; 4. link to decisions that need to be made; 5. mix of qualitative/quantitative and internal/external data; 6. opportunity for users to provide commentary.
  • Common mistakes of management reporting systems: 1. simply collating data from silos; 2. overwhelming users with too much information; 3. providing data that does not aid decision making; 4. focus on quantity instead of quality of information.
  • Information contained in an ERM scorecard: 1. cost of risk and mitigation strategies; 2. regulatory or policy violations; 3. performance based feedback loops (actual versus expected); 4. ERM development milestones.
  • Company stakeholder: Someone who supports and participates in the survival and success of a company.
  • Five categories of stakeholders: 1. principal (contribute capital and/or expect returns); 2. agency (paid by principals to perform specific roles); 3. controlling (supervise principals or their agents); 4. advisory (advise principals or their agents); 5. incidental (affected by the behaviors and actions of principals or their agents).
  • Role of shareholder service (proxy) providers: On behalf of shareholders, 1. express views on the company; 2. manage proxy voting. ISS (US) and PIRC (UK) are examples.
  • Concerns about the role of shareholder service providers: 1. power but no responsibility; 2. potential for conflict of interest (may also provide services or consult for company); 3. tick-box method (template applied to all firms).
  • Four aspects of customer management: 1. acquisition; 2. retention; 3. knowing the customer; 4. effective crisis management.
  • Features of effective crisis management: 1. be honest, don’t cover up; 2. act swiftly to resolve; 3. keep stakeholders informed; 4. focus on long term value instead of short term costs.
  • Three examples of types of employees with high agency risk: 1. employees lower in the org chart; 2. members of unions; 3. free agents (people who are self employed or who could be if they wished).
  • Three aspects of employee management: 1. recruitment; 2. retention, promotion, training; 3. dismissal and resignations.
  • Post 2008 regulatory changes: 1. updated SEC requirements; 2. temporary bans on short-selling; 3. Dodd-Frank Act (new regulators, orderly liquidation plan for banks); 4. replacement of FSA with PRA and FCA in the UK; 5. greater likelihood that regulatory capital requirements exceed capital determined from internal models.
  • Four key risks faced by governments: 1. insufficient tax revenues; 2. inappropriate insolvencies; 3. regulatory arbitrage; 4. electoral losses.
  • Three key risks faced by professional advisers: 1. reputational risk; 2. litigation risk; 3. conflict of interest.
  • Two key risks faced by rating agencies: 1. reputational risk; 2. conflict of interest.
  • Potential benefits of a strategic alliance: 1. faster product development; 2. access to new markets; 3. sharing of financial risks; 4. economies of scale.
  • Potential pitfalls of a strategic alliance: 1. conflicts of interest; 2. waste of resources; 3. damage to reputation; 4. loss of intellectual capital and disputes over intellectual property.
  • Strategies to maximize benefits of a strategic alliance: 1. only form alliance if it really is the best option (best meets specific goal, full merger is not needed); 2. find the right alliance partner (team should evaluate potential partners); 3. monitor progress of alliance carefully (adequate resources, regular refocusing).
  • Benefits of separating management and ownership: 1. enables people with expertise in running a business to make decisions without requiring them to invest capital; 2. allows individuals and companies to invest without getting involved in the day-to-day running of the company; 3. continuity of management despite frequent change in owners.
  • Role of agency risk in 2008 crash: Short term nature of employee reward structures led to misalignment of interests. Some employees were given bonuses based on growth in total amount loaned.
  • Nine key stakeholders: 1. directors; 2. shareholders; 3. employees; 4. customers or policyholders; 5. government and regulators; 6. auditors; 7. credit rating agencies; 8. shareholder service providers; 9. business partners.
  • Conflicts between stakeholders: 1. agency risk; 2. different objectives of debt holders and equity holders; 3. dominant CEO and employees who try to win favor; 4. managers wanting to protect job security by making low-risk decisions; 5. regulators whose prospects are enhanced by financial crisis; 6. governments who favor short term approaches to seek re-election.
  • CRO position within an organization structure: Sit on Board or report to Board through CEO or CFO.
  • Key responsibilities of the CRO: 1. manage various risk functions; 2. provide leadership and direction; 3. design and implement ERM framework; 4. ongoing risk policy development; 5. risk reporting (internal and external); 6. capital allocation; 7. stakeholder communication on risk profile; 8. develop systems to analyze, monitor and manage risk.
  • Five key skills of a CRO: 1. leadership (have vision and recruit); 2. communication; 3. stewardship (guardian of assets); 4. technical competence; 5. consulting (influence and educate Board).
  • Items that need to be immediately determined by a new CRO: 1. understanding of company’s risk tolerance; 2. alignment of management compensation with prudent risk management; 3. risk reporting channels; 4. gaps in skills, capability and experience of team; 5. which business units increase overall value; 6. link between risk management and capital management, pricing and reserving; 7. quality and extent of stakeholder communication; 8. governance structures; 9. appropriateness of risk management operating model.
  • Roles of the CRF: 1. give advice to Board on risk; 2. assess overall risks; 3. compare overall risks with risk appetite; 4. act as central focus point for staff to report new and enhanced risks; 5. give guidance to line managers about identification and management of risks; 6. monitor risk management progress; 7. put whole picture together.
  • Three types of relationships between the first two lines of defense: 1. offense versus defense; 2. policy versus policing; 3. partnership.
  • Offense versus defense relationship for first two lines of defense: Business units focus on maximizing income and risk management focuses on minimizing losses.
  • Problem with the offense versus defense relationship: Potentially destructive and damaging to company as business units and risk management function have opposing objectives and incentives.
  • Policy versus policing relationship for first two lines of defense: Business units operate within rules set by the risk management function and policed by the risk management, audit and compliance functions.
  • Problems with the policy versus policing relationship: 1. policies may become out of date (RMF not in touch with day-to-day operations); 2. audit and compliance reviews are not continuous (can miss things); 3. friction between line management and risk management; 4. line management has little incentive to report problems and violations.
  • Partnership relationship for first two lines of defense: Risk management staff are integrated into the business units and the two functions share same measures of performance.
  • Problem with the partnership relationship between first two lines of defense: Independence may suffer (hard for risk management staff integrated into business units to also have a corporate oversight role).
  • Mixed approach between first two lines of defense: In a large company, the risk management function can be split between a central team and units embedded in each business unit. Need to ensure a silo mentality does not develop (maybe use a matrix reporting framework).
  • Four challenges in managing the relationship between BU and RMF: 1. conflict and conflict resolution; 2. managing risk management staff within business units; 3. aligning incentives; 4. measuring operational risks.
  • Five key skills required within RMF: 1. project management; 2. change management; 3. relationship management; 4. technical expertise; 5. implementation ability.
  • Six risk questions management should address when developing strategies: 1. what risks prevent achieving objectives; 2. how to assess and monitor risks; 3. how to mitigate or transfer risks; 4. what is the expected risk adjusted performance; 5. what risk limits and tolerances to adopt; 6. who will measure and monitor risks.
  • Ways to address inaccuracy of assumptions: 1. set trigger points; 2. set up specific risk committee.
  • Best practices for remuneration systems in financial organizations: 1. link between executive compensation and risk management should be disclosed (salaries and bonuses); 2. compensation arrangements should not encourage excessive or inappropriate risk taking; 3. clawback provisions should be implemented where appropriate and practical.
  • Process to address non-compliance: Risks of non-compliance should be identified and a plan drawn up for achieving compliance in a suitable time period. For regulatory non-compliance, decide whether to inform regulators. Progress toward compliance should be monitored and corrective action taken if necessary.
  • Responsibilities of the internal audit function: 1. ensure company systems are secure; 2. monitor compliance with laws and regulations; 3. check for system errors; 4. look for non-observance of internal governance codes; 5. examine key financial calculations; 6. examine key procedures.
  • Assurance systems: Processes and structures designed to give the Board confidence that the ERM framework is effective.
  • Six step process for risk identification and assessment: 1. business analysis; 2. identify risks; 3. obtain agreement (on risks and responsible individuals); 4. evaluate risks; 5. produce risk register; 6. review risk register regularly.
  • Business analysis in risk identification: If goals are unclear, difficult to establish risks impacting achievement. Involves looking at 1. business plan; 2. company structure and system of internal controls; 3. current and projected accounts and accounting ratios; 4. market information; 5. resources available; 6. legislative and regulatory constraints; 7. general economic environment.
  • Reasons to invest in risk identification and assessment: 1. enhance awareness and transparency of risks; 2. helps transfer knowledge and improve understanding across company; 3. create basis for further analysis; 4. enhances quality of reporting to Board and management; 5. all this leads to better decision making.
  • Conditions for benefiting from risk identification and assessment: 1. senior sponsorship; 2. consistent on standards used over time; 3. comprehensive risk profile (quantitative and qualitative); 4. integrate risk identification with entire risk management process; 5. demonstrate added value.
  • Lam’s four-stage process for ensuring value add from risk identification and assessment: 1. foundation setting; 2. risk identification, assessment and prioritization; 3. deep dives, risk quantification and management; 4. business and ERM integration.
  • Steps in foundation setting: 1. gain executive sponsorship; 2. organize and plan resources; 3. define risk taxonomy; 4. build customized risk identification and assessment tools; 5. educate and train project teams and management.
  • Steps in risk identification, assessment and prioritization: 1. understand business objectives, risk appetite, and regulatory requirements; 2. undertake risk assessments (top-down and bottom-up); 3. produce risk reports and risk maps; 4. prioritize risks.
  • Steps in deep dives, risk quantification and management: 1. conduct more detailed assessments of top risks; 2. produce risk tolerance statements and track KRIs; 3. determine risk management strategies and total cost of risk (for pricing).
  • Steps in business and ERM integration: 1. link risk assessment with strategic planning and business review; 2. integrate risk assessment into everyday business operations; 3. conduct scenario analysis and stress testing; 4. report on risks; 5. create and maintain loss/event database; 6. establish risk escalation policies.
  • Pitfalls in foundation setting: 1. lack of senior management buy-in and participation; 2. bad resource planning and allocation; 3. insufficient preparation leading to inefficient or ineffective process.
  • Pitfalls in risk identification, assessment and prioritization: 1. lack of clear business objectives or risk appetite; 2. focus on consequences instead of causes of risk; 3. inconsistent estimates of likelihood and severity.
  • Pitfalls in deep dives, risk quantification and management: 1. lack of prioritization of key risks; 2. insufficient risk quantification; 3. risk assessment not translated into value adding actions.
  • Pitfalls in business and ERM integration: 1. restricting integration to low level reports; 2. failure to fundamentally change business attitude to risk management.
  • Six tools used in the risk identification process: 1. SWOT analysis; 2. risk checklist; 3. risk prompt list; 4. risk taxonomy; 5. case studies; 6. process analysis.
  • Risk checklist: List of risks identified on past projects or external source.
  • Risk prompt list: List of different categories of risks to consider with examples of each. Can be produced at an industry-wide level or by a supervisory authority. May include risk trigger questions (previous events to consider) like PEST(ELI).
  • Risk taxonomy: Structured way to classify and break down risks.
  • Process analysis: Construct flow charts that detail business processes and the links between them.
  • Common pitfall of risk identification: Not comprehensive (due to bias in the process or participants).
  • Seven techniques used in the risk identification process: 1. brainstorming; 2. independent group analysis; 3. surveys; 4. gap analysis; 5. Delphi technique; 6. interviews; 7. working groups.
  • Brainstorming: Gather a group of people and generate ideas in a free form way. Often facilitated by an external consultant and requires participants to be in the same location at the same time.
  • Independent group analysis: Each risk is presented and then discussed by the group. An agreed list of risks is ranked independently by each member of the group and responses combined to form an overall ranking.
  • Benefits of using surveys: Online or postal surveys can generate a wide range of responses cheaply and without collusion between participants.
  • Gap analysis: Type of questionnaire designed to identify company’s current and desired risk exposures. Board may best identify desired, line management may best identify current.
  • Delphi technique: Structured communication technique where participants answer questionnaires in two or more rounds. After each round, a facilitator provides an anonymous summary of the previous round conclusions and reasons. Participants then revise their earlier answers and range of answers will hopefully converge to a consensus.
  • Benefits of the Delphi technique: Maintain anonymity and independence and addresses difficulties in designing questionnaires and surveys.
  • Working groups: Small number of individuals (usually specialists) are tasked with considering a specific risk or group of risks.
  • Pitfall of brainstorming: Risk of convergent thinking (group think). Uneven participation leads to incomplete or biased results.
  • Pitfall of independent group analysis: Unbalanced groups may produce biased results.
  • Pitfalls of surveys: Poor response rate and framing problems. Question asked influences the response.
  • Disadvantages of gap analysis: Difficult or costly to engage Board.
  • Disadvantages of Delphi technique: Time consuming and costly.
  • Disadvantages of interviews: Time consuming and costly. Multiple interviewers can lead to inconsistencies.
  • Pitfalls of working groups: If members are specialists, identification will be more narrow and specialists may want to work at a higher level of precision than is cost justified.
  • Key elements of a risk register: 1. labeling or numbering system for risks identified; 2. category of risk; 3. clear description; 4. assessment of likelihood and applicable timeframe; 5. response action cost and expected residual risks; 6. individuals involved; 7. version control.
  • Seven risk concepts in Lam: 1. exposure; 2. volatility; 3. probability; 4. severity; 5. time horizon; 6. correlation; 7. capital.
  • Three reasons to hold capital: 1. manage cashflow (working capital); 2. facilitate growth and new ventures (development capital); 3. cover unexpected losses (risk capital).
  • Benefits of risk mapping: 1. gets people together to talk about risks; 2. improves understanding of risks, effects of risk management activities, and which risks require further attention; 3. final result is an excellent visual tool for reporting to Board.
  • Factors used to rank effectiveness of risk controls: Whether 1. risk exposures are within tolerance limits; 2. controls are in place; 3. risks are linked to potential impact on return; 4. risk metrics reporting is established.
  • Reasons why emerging risks are important: 1. influence corporate strategy; 2. may affect profits; 3. may yield opportunities for new product.
  • Four trends leading to emerging risk challenges: 1. globalization; 2. technology; 3. changing market structures (deregulation, privatization); 4. restructuring (M&A, outsourcing).
  • Three emerging IT risks: 1. cyber security; 2. cloud computing; 3. social media.
  • Cyber risk: Any risk of financial loss, disruption or damage to the reputation of an organization from some sort of failure of its IT systems.
  • Horizon scanning: Systematic search for potential developments over the long term, with emphasis on changes that are at the edges of current thinking.
  • Three types of behavioral bias: 1. overconfidence; 2. anchoring; 3. representative heuristics (what is easier to imagine is more likely).
  • Ways to reduce the problem of bias: 1. incorporate checks and balances; 2. introduce optimism bias.
  • Risk measure: Function indicating the amount of capital that should be added to a risk portfolio with loss distribution L to make it acceptable to the risk controller.
  • Monotonicity: If L1≤L2 then F1≤F2. If portfolio 2 exhibits greater losses under all future scenarios than portfolio 1, then risk will be higher for portfolio 2.
  • Subadditivity: F(L1+L2)≤F(L1)+F(L2). Merging risk situations does not increase overall level of risk.
  • Positive homogeneity: F(k*L)=k*F(L) for any constant k≥0. Doubling the size of loss will double the risk.
  • Translation invariance: F(L+k)=F(L)+k for any constant k≥0. Adding or deducting an amount from the loss means that the capital needed to mitigate the impact is changed by the same amount.
  • Convex risk measure: F(w*L1 +(1-w)*L2)≤w*F(L1)+(1-w)*F(L2). Diversification can reduce risk and amount of risk capital needed.
  • Pros and cons of deterministic versus probabilistic measures: Deterministic measures are simplistic, giving a board indication of the level of risk. Probabilistic measures are potentially more accurate, but re more complex and can imply inappropriate levels of confidence.
  • Three deterministic approaches for risk measures: 1. notional; 2. factor sensitivity; 3. scenario sensitivity.
  • Notional approach for risk measures: Broad-rush risk measure, e.g. risk weightings can be applied to market value of assets and total can be compared to liabilities to determine notional risk-adjusted financial position.
  • Advantage of notional approach: Simple to implement and interpret across a diverse range of companies.
  • Disadvantages of notional approach: 1. potentially undesirable use of a catch-all weighting for undefined asset classes; 2. possible distortions in the market caused by increased demand for asset classes with high weightings; 3. treating short positions as exact opposites of long positions; 4. no allowance for risk concentration; 5. probability of changes in values of assets and liabilities is not quantified.
  • Factor sensitivity approach for risk measures: Determines degree to which a company’s financial position is affected by the impact of a change in a single underlying risk factor.
  • Advantage of sensitivity approach: Increased understanding of risk drivers.
  • Disadvantages of sensitivity approach: 1. not assessing wider range of risks; 2. difficult to aggregate over multiple risk factors; 3. probability of changes considered is not quantified.
  • Scenario sensitivity approach: Similar to factor sensitivity, but considers the effect of changing a set of risk factors.
  • Five probabilistic approaches to risk measures: 1. deviation (including volatility); 2. Value at Risk; 3. probability of ruin; 4. Tail Value at Risk (or conditional value at risk); 5. expected shortfall.
  • Information ratio: Average excess (active) return over tracking error.
  • Advantages of deviation measures: 1. simple to calculate; 2. applicable to wide range of risks; 3. can be aggregated if correlations are known.
  • Disadvantages of deviation measures: 1. difficult to interpret comparisons (other than simple ranking); 2. misleading if underlying distribution is skewed; 3. does not focus on tail risk and underestimates tail if leptokurtic; 4. aggregation can be misleading (if component distributions are not normally distributed).
  • Basel VaR requirements: 99% confidence level over 10-day horizon.
  • Advantages of VaR: 1. simple expression; 2. units mean something; 3. applicable to all risk types and risk sources; 4. easily translates into a risk limit.
  • Disadvantages of VaR: 1. no indication on losses greater than VaR; 2. can underestimate asymmetric and fat-tailed risks; 3. sensitive to data choices, parameters, assumptions; 4. not a coherent risk measure (not sub-additive); 5. regulatory usage may encourage herding and increased systemic risk.
  • Three general approaches to VaR calculation: 1. empirical; 2. parametric (or variance-covariance); 3. stochastic.
  • Advantages of VaR empirical approach: 1. simple; 2. no requirements to specific distribution of returns; 3. realistic.
  • Disadvantages of VaR empirical approach: 1. relies on bootstrapping past data to capture all future scenarios; 2. implies past data is indicative of future experience; 3. does not facilitate stress or scenario testing; 4. limits of interpolation.
  • Advantages of VaR parametric approach: 1. easy to calculate; 2. reduced dependence on past data; 3. parameters are easy to adjust.
  • Disadvantages of VaR parametric approach: 1. more difficult to explain than empirical approach; 2. relies on past data to derive parameters; 3. difficult to ensure parameter selection is consistent; 4. runs risk of using an inappropriate statistical distribution; 5. complex inter-dependencies are difficult to reflect.
  • Advantages of VaR stochastic approach: 1. can reflect more complex features of underlying losses; 2. produces wider range of possibilities than empirical method; 3. easy to sensitivity test.
  • Disadvantages of VaR stochastic approach: 1. more difficult to explain than empirical and parametric; 2. choice of distribution and parameters can be subjective and difficult; 3. gives a different answer each time; 4. can be computationally intensive.
  • Advantages of TVaR of VaR: 1. considers losses beyond VaR; 2. it is a coherent risk measure.
  • Disadvantages of TVaR: 1. choice of distribution of parameters can be subjective and difficult; 2. highly sensitive to assumptions (more of a concern because we are using uncertain information in the tail).
  • Pros and cons of Expected Shortfall: Same as TVaR except 1. it has little intuitive meaning; 2. cannot be readily linked to the current valuation.
  • Three factors of VaR for market risk: 1. exposure amount; 2. price volatility; 3. liquidity.
  • Two factors affecting time horizon selection: 1. expected time to recover from loss; 2. expected time to reinstate risk mitigation.
  • Considerations in determining risk discount rate: 1. sponsor’s cost of capital; 2. rate of inflation; 3. interest rates; 4. rates of return on other investments; 5. level if inherent risk exposure.