Risk—and risk management—is an inescapable part of economic activity. People generally manage their affairs in order to be as happy and secure as their environment and resources will allow. But regardless of how carefully these affairs are managed, there is risk because the outcome, whether good or bad, is seldom predictable with complete certainty. There is risk inherent in nearly everything we do, but this reading will focus on economic and financial risk, particularly as it relates to investment management.
All businesses and investors manage risk, whether consciously or not, in the choices they make. At its core, business and investing are about allocating resources and capital to chosen risks. In their decision process, within an environment of uncertainty, these entities may take steps to avoid some risks, pursue the risks that provide the highest rewards, and measure and mitigate their exposure to these risks as necessary. Risk management processes and tools make difficult business and financial problems easier to address in an uncertain world. Risk is not just a matter of fate; it is something that organizations can actively control with their decisions, within a risk management framework. Risk is an integral part of the business or investment process. Even in the earliest models of modern portfolio theory, such as mean–variance portfolio optimization and the capital asset pricing model, investment return is linked directly to risk but requires that risk be managed optimally. Proper identification and measurement of risk, and keeping risks aligned with the goals of the enterprise, are key factors in managing businesses and investments. Good risk management results in a higher chance of a preferred outcome—more value for the company or portfolio or more utility for the individual.
Portfolio managers need to be familiar with risk management not only to improve the portfolio’s risk–return outcome, but also because of two other ways in which they use risk management at an enterprise level. First, they help to manage their own companies that have their own enterprise risk issues. Second, many portfolio assets are claims on companies that have risks. Portfolio managers need to evaluate the companies’ risks and how those companies are addressing them.
This reading takes a broad approach that addresses both the risk management of enterprises in general and portfolio risk management. The principles underlying portfolio risk management are generally applicable to the risk management of financial and non-financial institutions as well.
The concept of risk management is also relevant to individuals. Although many large entities formally practice risk management, most individuals practice it more informally and some practice it haphazardly, oftentimes responding to risk events after they occur. Although many individuals do take reasonable precautions against unwanted risks, these precautions are often against obvious risks, such as sticking a wet hand into an electrical socket or swallowing poison. The more subtle risks are often ignored. Many individuals simply do not view risk management as a formal, systematic process that would help them achieve not only their financial goals but also the ultimate end result of happiness, or maximum utility as economists like to call it, but they should.
Although the primary focus of this reading is on institutions, we will also cover risk management as it applies to individuals. We will show that many common themes underlie risk management—themes that are applicable to both organizations and individuals.
Although often viewed as defensive, risk management is a valuable offensive weapon in the manager’s arsenal. In the quest for preferred outcomes, such as higher profit, returns, or share price, management does not usually get to choose the outcomes but does choose the risks it takes in pursuit of those outcomes. The choice of which risks to undertake through the allocation of its scarce resources is the key tool available to management. An organization with a comprehensive risk management culture in place, in which risk is integral to every key strategy and decision, should perform better in the long-term, in good times and bad, as a result of better decision making.
The fact that all businesses and investors engage in risky activities (i.e., activities with uncertain outcomes) raises a number of important questions. The questions that this reading will address include the following:
What is risk management, and why is it important?
What risks does an organization (or individual) face in pursuing its objectives?
How are an entity’s goals affected by risk, and how does it make risk management decisions to produce better results?
How does risk governance guide the risk management process and risk budgeting to integrate an organization’s goals with its activities?
How does an organization measure and evaluate the risks it faces, and what tools does it have to address these risks?
The answers to these questions collectively help to define the process of risk management. This reading is organized along the lines of these questions. Section 2 describes the risk management process, and Section 3 discusses risk governance and risk tolerance. Section 4 covers the identification of various risks, and Section 5 addresses the measurement and management of risks. Section 6 provides a summary.