Risk management encompasses all methods and practices which have been developed so far in order to control events susceptible to affect negatively the revenues and net worth of a firm.
In most people’s mind, risk management suggests audit, control, reports... However, this is only the visible part of the iceberg. Indeed, risk management involves a complex infrastructure of systems, practical methods, and people implemented in a firm to identify, assess and limit or select risks.
One second thing that people might ignore about “risk” is that some risks also represent an opportunity. Indeed, risk is often symmetric: if you have risk you must also have an opportunity. Is this always the case? If we think about financial risks such as credit, market and liquidity risks, this should indeed be the case. Financial institutions typically get exposure to financial risks voluntarily. Why is that? The answer is quite straight forward: “to enjoy risk premiums”. Market practitioners have an expression for this: there is no free lunch. In financial markets, if one wants to eliminate risks, the return obtained will be the risk-free rate. For financial institutions well able to perform the job described above in selecting risks, the risk premiums might offer attractive opportunities. This is why risk management is so important.
Risk management is also important since some risks are undesirable to the extent that they do not bring opportunity. If we think about the risk of an accident for an airline company, none would be ready to accept s risk. For financial institutions, the equivalent is called “operational risk”. This has been defined by the Basel Committee as “the risk of loss resulting from inadequate or failed internal processes, people, and systems, or from external events”. While exposure to financial risks might be rewarded by a risk premium, operational risk is only a cost. And it is hard to eliminate. Like companies involved in industry and transportation, financial institutions have to build a sound infrastructure to manage human errors and fraud. Audits and controls are thus important. But as at least as important is the fact that the firm can trust the people under its responsibility. As risk management experts use to say “firms should build a risk management culture”. This represents values, knowledge and competences shared by people involved in the conduct of business throughout the company.
Christine Verpeaux, lecturer in risk management at PSB Paris School of Business.
