Having disposed of current events, we can finally get to the action. The title of the chapter is: What does a risk manager do? So far the answer has been more about what a risk manager measures, or discusses, or thinks about, or plans.
Now that you've got your VaR, and used your stress tests and scenario analyses to figure out good plans for everything you can foresee, and patched all the holes in your profit and loss distribution, do you knock off and grab a beer? No, sorry, you still have to manage the risk.
This job naturally divides into two parts, inside and outside the VaR boundary. Inside the VaR boundary you have plenty of data and outcomes are limited, so conventional statistical analysis works fine. Your basic goal here is to get risk to Kelly levels, no higher and no lower. That's more complicated than the way the criterion is usually written, because Kelly is very sensitive to the possibility of low-probability bad events. That is, you're going to have to use some trans-VaR analysis to set the appropriate parameter values for total wealth and variance. If you instead use obvious measures such as the enterprise value of the firm for wealth and the day-to-day variance of outcome for variance, you will take far too much risk and will fail.
Let's postpone the question of setting the risk level for a bit in order to discuss how you exercise control. Remember that you're not a dictator, and you're not the only person in the firm who understands risk. Also, you ...