Risk identification and evaluation is the foundation of any ERM framework. Unfortunately, it is not simple: first, we have to define what “risk” is in the context of a financial services firm, then we have to identify the critical risk events and, finally, we have to evaluate or measure the likelihood of those events occurring. The remainder of this chapter is devoted to these three steps: risk definition, risk identification and risk evaluation.
Some concepts are difficult to define absolutely, depending instead on the mutable perspective of the observer. The definition of risk is similar: what is a risk for one person might very well be an opportunity for another. For example, a fall in equity markets will harm the long-term institutional investor but may represent a windfall for a long/short hedge fund. Similarly, a fall in house prices hurts the existing home owner but may make the property market accessible to those who do not currently own a home.
Risk is generically defined as the possible failure to meet your desired and expected objectives due to future, uncertain events. Unfortunately, this definition is only slightly less vague given that banks and insurers, like individuals, have to pursue many different and possibly conflicting objectives in parallel.
Fortunately, the most important objectives, and therefore risks, facing financial services firms can be summarized ...