Risk management process

See the list of related resources at the bottom of this page.

Risk management processes are receiving greater emphasis now than ever before, for a number of reasons.

There is a new regulatory emphasis on risk management, as evidenced by the Turnbull report, the Basel 2 regulations for banks, and, especially, the risk-based approach to regulation adopted by the FSA. Both Turnbull and the FSA are particularly strong on the process of risk management, while Basel perhaps places more emphasis on measurement (after all, Basel is all about risk-based capital requirements).

In addition there is a trend towards Enterprise Risk Management as an overall management technique, an example of the fact that risk management is currently very fashionable in management circles. Of course, this and the regulatory emphasis are probably not disconnected.

A good risk management process is typically a control cycle, including at least the following stages:

Establishing context
Identification
Assessment
Control and mitigation
Monitoring
Review

Resources

A Risk Management Standard: Produced by The Institute of Risk Management, in conjunction with ALARM (The National Forum for Risk Management in the Public Sector) and airmic (The Association of Insurance and Risk Managers). It is available from their website at http://www.theirm.org/publications/PUstandard.html.
RAMP: The Institution of Civil Engineers and the Faculty and Institute of Actuaries have produced a process for risk analysis and management for projects known as RAMP. Its website is at http://www.ramprisk.com/. A simplified version of the process is described at http://www.actuaries.org.uk/Display_Page.cgi?url=/ramp/index.xml.
Risk Management, by Andrew Holmes: A book in the ExpressExec series. It gives a brief overview of several aspects of risk management, rather less biased towards banking than many other books (and also much shorter). It covers a somewhat eclectic range of topics, and has a useful list of resources. Visit its page at Amazon.
Risk Management, by Michel Crouhy, Dan Galai, Robert Mark: This is another book written primarily from a banking viewpoint. It has a whole chapter on risk management in nonbank corporations, and mentions the issues in some of the other chapters. Its treatment of credit risk covers credit rating systems, and distinguishes several different measurement approaches. It has a chapter on operational risk. This book emphasises the need for risk management systems. Visit its page at Amazon.
Building a framework for operational risk management: the FSAs observations: The FSA published this document in July 2003, as they prepared to implement CP142, the consultation paper on operational risk systems and controls. The documument is the result of discussions the FSA held with 22 firms actively developing risk management systems for operational risk. It describes instances of good practice, and discusses the progress that has been made so far. The main conclusion is that although considerable progress has been made, the industry is still at an early stage of developing operational risk frameworks. The report is available at http://www.fsa.gov.uk/pubs/policy/ps142_2.pdf
Financial Services Authority: The FSA is the regulatory authority for the financial services industry in the UK. Its website at http://www.fsa.gov.uk contains all the public documents produced by the FSA, including consultation papers and the texts of speeches as well as the currently applicable Handbook of rules and guidance.
Mastering Risk Volume 2: Applications: This book, edited by Carol Alexander, is a collection of chapters by different authors that first appeared as a series in the Financial Times. The chapters vary in quality: some of them are rather more useful than others. There is an unstated bias towards banking. It has four chapters on operational risk, covering measurement and modelling as well as an overview chapter. There are several chapters on different aspects of modelling credit risk. Visit its page at Amazon.
PS04/16: Integrated Prudential sourcebook for insurers: This Policy Statement reports on the main issues arising from Consultation Paper 190 (Enhanced capital requirements and individual capital assessments for non-life insurers), Consultation Paper 195 (Enhanced capital requirements and individual capital assessments for life insurers) and the audit and reviewing actuary proposals in Consultation Paper 202 (Insurance regulatory reporting – changes to the publicly available annual return for insurers) and publishes the associated rules and guidance. It is available at http://www.fsa.gov.uk/Pages/Library/Policy/Policy/2004/04_16.shtml.
Turnbull Report: Internal Control: Guidance of Directors on the Combined Code. Published by the Institute of Chartered Accountants in England and Wales. See http://www.icaew.co.uk/internalcontrol for more information.
CP190: Enhanced capital requirements and individual capital assessments for non-life insurers: Consultation paper 190 from the FSA discusses how capitial requirements will be determined for non-life insurers. It was issued in July 2003, and the consultation period ended on 30 November 2003. The overall effect of the proposals will be to introduce a new risk-based minimum requirement, the ECR (Enhanced Capital Requirement), and the concept of ICG (Individual Capital Guidance) which will take into account both the ECR and the systems and controls that firms have in place. CP190 is available at http://www.fsa.gov.uk/Pages/Library/Policy/CP/2003/190.shtml
CP195: Enhanced capital requirements and individual capital assessments for life insurers: Consultation paper 195 from the FSA discusses how capitial requirements will be determined for non-life insurers. It was issued in August 2003, and the consultation period ended on 30 November 2003. The overall effect of the proposals will be to introduce a new risk-based minimum requirement, the ECR (Enhanced Capital Requirement), and the concept of ICG (Individual Capital Guidance) which will take into account both the ECR and the systems and controls that firms have in place. CP195 is available at http://www.fsa.gov.uk/Pages/Library/Policy/CP/2003/195.shtml
Report on Enterprise Risk Management: The Casualty Actuarial Society presents a process for ERM. The primary purpose of the report is to consider the role of actuaries in risk management, but it gives a useful general overview too. It includes a risk classification meant for general use, rather than limited to a specific industry. The report is available from the CAS site at http://casact.org/research/erm/.

	:: About :: Blog :: Notes :: All topics :: All links :: Publications :: Downloads :: Contact Related topics: Operational Risk Risk identification Risk maps The FSA and operational risk Financial Services Authority The FSA and risk based capital Enterprise risk management ARROW risk assessment framework Risk classification Future regulation of insurance briefing Risk indicators Read my blog. Is your software use Competent, Complacent or Compromised? Take my 30 second quiz now, and find out! Read past issues of my newsletter. Tools download a simple code profiler for Excel VBA. Automated spreadsheet testing, documentation and more. Download now, or find out more at http://www.xlsior.com. Search WWW Search louisepryor.com
Risk management process Themes: Risk management See the list of related resources at the bottom of this page. Risk management processes are receiving greater emphasis now than ever before, for a number of reasons. There is a new regulatory emphasis on risk management, as evidenced by the Turnbull report, the Basel 2 regulations for banks, and, especially, the risk-based approach to regulation adopted by the FSA. Both Turnbull and the FSA are particularly strong on the process of risk management, while Basel perhaps places more emphasis on measurement (after all, Basel is all about risk-based capital requirements). In addition there is a trend towards Enterprise Risk Management as an overall management technique, an example of the fact that risk management is currently very fashionable in management circles. Of course, this and the regulatory emphasis are probably not disconnected. A good risk management process is typically a control cycle, including at least the following stages: Establishing context Identification Assessment Control and mitigation Monitoring Review Resources A Risk Management Standard Produced by The Institute of Risk Management, in conjunction with ALARM (The National Forum for Risk Management in the Public Sector) and airmic (The Association of Insurance and Risk Managers). It is available from their website at http://www.theirm.org/publications/PUstandard.html. RAMP The Institution of Civil Engineers and the Faculty and Institute of Actuaries have produced a process for risk analysis and management for projects known as RAMP. Its website is at http://www.ramprisk.com/. A simplified version of the process is described at http://www.actuaries.org.uk/Display_Page.cgi?url=/ramp/index.xml. Risk Management, by Andrew Holmes A book in the ExpressExec series. It gives a brief overview of several aspects of risk management, rather less biased towards banking than many other books (and also much shorter). It covers a somewhat eclectic range of topics, and has a useful list of resources. Visit its page at Amazon. Risk Management, by Michel Crouhy, Dan Galai, Robert Mark This is another book written primarily from a banking viewpoint. It has a whole chapter on risk management in nonbank corporations, and mentions the issues in some of the other chapters. Its treatment of credit risk covers credit rating systems, and distinguishes several different measurement approaches. It has a chapter on operational risk. This book emphasises the need for risk management systems. Visit its page at Amazon. Building a framework for operational risk management: the FSAs observations The FSA published this document in July 2003, as they prepared to implement CP142, the consultation paper on operational risk systems and controls. The documument is the result of discussions the FSA held with 22 firms actively developing risk management systems for operational risk. It describes instances of good practice, and discusses the progress that has been made so far. The main conclusion is that although considerable progress has been made, the industry is still at an early stage of developing operational risk frameworks. The report is available at http://www.fsa.gov.uk/pubs/policy/ps142_2.pdf Financial Services Authority The FSA is the regulatory authority for the financial services industry in the UK. Its website at http://www.fsa.gov.uk contains all the public documents produced by the FSA, including consultation papers and the texts of speeches as well as the currently applicable Handbook of rules and guidance. Mastering Risk Volume 2: Applications This book, edited by Carol Alexander, is a collection of chapters by different authors that first appeared as a series in the Financial Times. The chapters vary in quality: some of them are rather more useful than others. There is an unstated bias towards banking. It has four chapters on operational risk, covering measurement and modelling as well as an overview chapter. There are several chapters on different aspects of modelling credit risk. Visit its page at Amazon. PS04/16: Integrated Prudential sourcebook for insurers This Policy Statement reports on the main issues arising from Consultation Paper 190 (Enhanced capital requirements and individual capital assessments for non-life insurers), Consultation Paper 195 (Enhanced capital requirements and individual capital assessments for life insurers) and the audit and reviewing actuary proposals in Consultation Paper 202 (Insurance regulatory reporting – changes to the publicly available annual return for insurers) and publishes the associated rules and guidance. It is available at http://www.fsa.gov.uk/Pages/Library/Policy/Policy/2004/04_16.shtml. Turnbull Report Internal Control: Guidance of Directors on the Combined Code. Published by the Institute of Chartered Accountants in England and Wales. See http://www.icaew.co.uk/internalcontrol for more information. CP190: Enhanced capital requirements and individual capital assessments for non-life insurers Consultation paper 190 from the FSA discusses how capitial requirements will be determined for non-life insurers. It was issued in July 2003, and the consultation period ended on 30 November 2003. The overall effect of the proposals will be to introduce a new risk-based minimum requirement, the ECR (Enhanced Capital Requirement), and the concept of ICG (Individual Capital Guidance) which will take into account both the ECR and the systems and controls that firms have in place. CP190 is available at http://www.fsa.gov.uk/Pages/Library/Policy/CP/2003/190.shtml CP195: Enhanced capital requirements and individual capital assessments for life insurers Consultation paper 195 from the FSA discusses how capitial requirements will be determined for non-life insurers. It was issued in August 2003, and the consultation period ended on 30 November 2003. The overall effect of the proposals will be to introduce a new risk-based minimum requirement, the ECR (Enhanced Capital Requirement), and the concept of ICG (Individual Capital Guidance) which will take into account both the ECR and the systems and controls that firms have in place. CP195 is available at http://www.fsa.gov.uk/Pages/Library/Policy/CP/2003/195.shtml Report on Enterprise Risk Management The Casualty Actuarial Society presents a process for ERM. The primary purpose of the report is to consider the role of actuaries in risk management, but it gives a useful general overview too. It includes a risk classification meant for general use, rather than limited to a specific industry. The report is available from the CAS site at http://casact.org/research/erm/.
Copyright © 2003-2008 Louise Pryor. All rights reserved. Site developed by Louise Pryor. Louise Pryor is no longer practising as a consultant — the site is maintained as an archive, and is not updated.