Elsevier UK Jobcode:RTF Chapter:CH02-H8304 22-3-2007 5:09p.m. Page:35 Trimsize:165×234MM
Fonts used:Ocean Sans & Sabon Margins:Top:42pt Gutter:54pt Font Size:10/12 Text Width:30p6 Depth:47 Lines
What is meant by risk management? 35
risk is usually incurred by not adhering to applicable laws, rules and regulations –
local or international.
Tax risk results from tax authorities opposing the institution’s position on tax
issues. Security risk is the risk of loss of confidentiality, integrity or availability of
information or assets, through accident or fraud. This type of risk divides into physical
security and information security.
The legal fees themselves may be crippling. WorldCom’s bankruptcy in 2002 has
been the largest ever in the United States. In the case of MCI, WorldCom’s suc-
cessor entity which came out of Chapter 11 protection, legal fees connected to the
bankruptcy were high. Some 45 firms of lawyers and consultants have been claiming
over $600 million at a New York court, for guiding the communications company
through the bankruptcy process.
The board, chief executive officer and senior management should personally follow
the aforementioned risk types. They should be provided with prognostication of
worse cases made possible through stress testing, targeting losses that could arise from
extreme, but plausible, major events.
In matters concerning credit, market, liquidity
and legal risk, stress test results should be gauged against the institution’s capacity
to bear losses expressed as maximum loss the entity could withstand without going
under or urgently seeking for a white knight.
The identification of stress events and scenarios to which the institution is vulner-
able should be followed by an assessment of their potential impact. Well-managed
institutions extensively implement stress measures and limits for their activities, using
a number of methods and techniques, which they continue to refine in order to better
Areas of risk concentration,
Potential vulnerability to stress, and
Likely damage to reputation or business viability.
In conclusion, risk management and risk control are integral parts of the board’s
commitment to providing consistent, high quality results from operations. Assisted by
his risk manager(s) the CEO should aim to achieve an appropriate balance between
risk and return, both in ongoing business activities and in longer-term strategic
management of the institution’s capital.
2.5 Internal control. The feedback channel
Military organizations learned long ago that orders which are not followed up have
little chance of being executed. Therefore, they have organized a feedback system to
check on their execution and the execution’s aftermath. The feedback channel is very
important with all entities whose CEO is removed from the scene of action. Short of
a reliable feedback, he or she:
Will be divorced from reality, and
Have no means to assure that the job is done.