As we discussed in the previous article, risk management performs three they roles, and the failure can happen in performing any of these roles.
Identify and evaluate the risks
The first step is to identify and measure risk. Typically, risk management will choose certain risk metric to measure and benchmark risk. The choice of risk metric is critical and choosing a wrong metric that doesn’t suit the firm’s strategy can lead to risk management failure.
One metric commonly used by the financial institutions is Value at Risk. Even if the institution calculates the VaR correctly, it does not mean that the measure is suitable for everyone and it answers the right questions for the management. Specifically in case of VaR, it tells us the minimum worst loss that a firm will face in a given time horizon and at a given confidence interval. This by itself is good information. However, the management may actually be interested in knowing the worst expected loss, which is not what VaR tells.
After the correct risk metric has been selected, there are two key mistakes:
- The risk managers mismeasure the known risks
- The risk managers ignore some very important risks
Communicate Risks to Management
Once the risks have been identified, they need to be communicated to the management. Again the risk management may fail to communicate risk to the senior management and board. Since the senior management and board decides what risks to take and what to avoid, this communication failure can be disastrous.
Monitor and Manage Risks
Finally it’s the duty of risk managers to monitor and manage the risks as per the firm’s objectives. This involves hedging risks, setting limits on trades, etc. This also is a point of failure as the risk manager may fail to perform its duties.