Risk Management for State Street Financial Centers Services

In today’s global environment, it is necessary for every organization to manage risk in an effective manner. Effective risk management provides various benefits to an organization such as increase in firm’s value, increase in profitability etc. Risk can be defined as uncertainty and result of uncertainty. It can be classified into systematic and unsystematic risk.

Systematic risk is associated with risk of market or overall economy, while unsystematic risk is related with the specific assets and firm (Al-Tamimi & Al-Mazrooei 2007). The risk or uncertainty is measured in an organization through the risk management techniques. According to Kerzner (2009), risk management is the process of dealing with risk. It includes planning for risk, risk identification, risk analysis and development of risk response strategies for monitoring and controlling the risks. Risk management is related with sound project management activities as a proper risk management is proactive rather than reactive, positive rather than negative and also increases probability for the project success (Kerzner 2009). Blokdijk (2009) describes that risk management is the process of identifying risk and trying to come up with appropriate strategies that will be effective for an organization to handle situations that may impact of organizational effectiveness. The effective risk management begins with the understanding of how an organization is appetite of risk. Risk management includes identifying, evaluating, analyzing, treating, monitoring and communicating the impact of risk throughout the organization (Isaca 2009). Egbuji (1999) exhibited in research that risk management is an objective corporate approach that is used to decide the best way of controlling the threats to the security of an organization. It deals with decision making related to the risk and their implementation within the organization. It also includes flow of the decision throughout the organization and risk evaluation (Egbuji 1999). The risk management is an effective method for minimizing the adverse effects of risks and maximizing the benefits of incurring the risks. Risk management focuses on different type of risk such as market risk, credit risk, liquidity risk and operational risk that helps an organization to facilitate effective risk management. Market risk decreases the value of a portfolio due to some market risk factors such as equity risk, interest risk, currency risk and commodity risk (Tarantino 2008). Credit risk deals with measurement of credit exposure, credit aggregation & netting and credit enhancement. Liquidity risk includes those risks that arise due to the risk of a security and asset that is not traded quickly in the market (Tarantino 2008). Operational risk arises due to execution of a company’s business such as people, systems and different processes through which a company operates its business.

This risk is also known as fraud risk, legal risk, physical risk and environmental risk (Tarantino 2008). For a better risk management, it is necessary to identify the responsibilities of board members such as development of the processes and strategies annually to identified risks, appointment of a board committee that review the risk management process, disclose risk management in the annual report and facilitate internal control system (Tarantino 2008). Dubai International Financial Centre (DIFC) was launched in 2004 to add a new dimension to Dubai’s diversification programme. DIFC rode the crest of an economic development wave ushered in by the creation of specialised economic free zones in Dubai. DIFC represents a new generation of free zones that are driving the next phase of Dubai’s economic growth. By developing a world-class hard and soft infrastructure, DIFC has created a secure and productive platform from which financial institutions are able to tap the vast growth potential for investment, insurance and capital market services in the region. Dubai International Financial Centre Authority (DIFCA) is an autonomous body which provides the administration services for its clients, determines the future vision and growth of the DIFC In order to cater the demand of the market and maintain it has various departments to help the day to day activities as well contribute to the economic growth of the region and Dubai. It is necessary for DIFCA to manage risk effectively. Scholes (1998) described in its research that the risk management system is an exposure of financial and a control system. An exposure to financial system is a dynamic that gives managers an opportunity to assess the effects of change in economic factors and the economic profit and loss of the entity (Scholes 1998). In risk management, enterprise risk management is new concept that is followed by various organizations across the services.

Enterprise risk management is a process that identify potential event that may affect an entity and managing risk within its risk appetite that will help in achieving organization’s objectives. ERM process is affected by an organisation’s board of director, management and other personnel (Demidenko & McNutt 2010). It includes different factor to manage risk effectively such as internal environment, objective setting, event identification, risk assessment, risk response, control activities, information and communication and monitoring (Demidenko & McNutt 2010). This research helps in indentify different concepts such as what is risk management, implication of enterprise risk management and a procedure that should be followed in order to manage risk effectively and why it is important for DIFCA. In this consulting exercise we shall look into the current risk management structure and provides a framework to DIFCA for the effective that are compared to the best risk management practice and at the same time be more pragmatic to implement and follow. The aim would be to increase its effectiveness, competitive position among the leading financial centres in the region as well as around the world. Research Aim & Objectives The research is aimed to identify existing framework, procedures and policy of risk management for the financial service center and apply this information for DIFCA. It is a consultancy project and the main objective of this project is to provide recommendation to DIFCA about risk management that includes framework, policies and procedures for better risk management. It also explains about enterprise risk management that is widely used concept amongst various segments of an organization. The main objectives of this research are as follows -: To review the literature concerned with the risk management framework, policies processes and the ERM. Identify the activities that should be taken by DIFCA to facilitate effective risk management. Provide recommendations for the risk management framework to DIFCA. Determine the standards and principles that will facilitate a sound risk management in DIFCA. The above research objectives will be accomplished through the literature review related to the risk management framework, policies, processes and enterprise risk management. Conclusion It can be concluded that risk management is necessary for every organization to enhance the profitability, reduce impact of uncertainties and to maximize the value of firm. Risk management is a set of activities that is used by an organization to control uncertainties. This research is done to identify the framework of risk management and to apply it within DIFCA.

Chapter 2: Company Analysis

Background Information Company Overview: State Street Corporation (SSFS) was founded as a bank in 1792, in Boston, Massachusetts. It started providing mutual fund services since 1924. State Street Bank and Trust Company was established in 1962. After this, SSFS acquired and established different business units in different countries such as establishment of a new software development technology by the acquisition of UniverseSoft Technology Company in China, in 2006. It also acquired Currenex that deal in online foreign exchange trading and in 2007, it acquired Investors Financial Services Corporation that provides different financial services (State Street 2010). SSFS is a financial holding company that works with its subsidiary namely State Street Bank and Trust Company. It provide several financial services to different users by providing different type of products and services such as fund accounting, custody, investment management, securities landing, transfer agency services, hedge fund services and operations outsourcing for investment managers (State Street 2010). It also operates its operation in several countries such as US, Europe, Canada, Asia etc. It operates through two business divisions such as investment servicing and investment management. Investment service division provides different investment service to different customers such as mutual fund, collective investment fund, corporate, public retirement plan, and insurance company globally (State Street 2010). It also provides security finance such as deposit and short-term investment facilities, loan and lease financing, outsourcing manager operations related with investment, hedge fund and performance, risk and compliance analytics to support institutional investors. Investment management division provides assets management services such as investment research services (State Street 2010). SSFS focuses on delivering value to shareholders, customer, employees and communities in which they work. SSFS has a strategic alliance with Pensions First Analytics (PFA). It is an UK based company that provides risk management and advisory services (State Street 2010). Importance of Risk Management for DIFCA: Risk management is quite important for DIFC A as it is helpful for both assets owners and managers.

Assets owners and managers scrutinize current risk management practice closely and link it with current environment and help in manage investment, credit, liquidity and operational risks that help to facilitate corporate governance and to compliance with regulatory requirements. It also helps in reducing operational risks and costs (Houlahan & Tahbazian 2010). The risk management will also be helpful to handle credit crisis as many institutional investors require these services for effective investment decision. DIFCA can response customers through making material changes in investment processes and by providing more sophisticated data management and reporting system. Due to the recent financial crisis, risk management has become more important for an organization to increase transparency and returns (Houlahan & Tahbazian 2010). Currently, DIFCA is facing several risks due to environmental uncertainty and changing global customer requirements that are also causing an increase in the importance of risk management for it. Following are some risks that have been identified and also exhibit the importance of risk management framework for DIFCA – SSFS provides different services to different customers and it is difficult to make an effective coordination among them. Another risk is related to the exposure of potential losses in its revenue and profitability. It is because of the real estate value, assets management and related entities that are not proceeding as expected before the financial crisis hit Dubai. This relationship may incur loss for DIFC due to uncertainty of time that is required in the recovery of the company’s clients. DIFC have participated in many ventures under its assets and investment arm DIFCI. Under this program, some investments were done without proper due diligence and best practice guidelines. This along with the recession and other crisis in the Dubai has made an impact on its financial position. Involvement of DIFCA and other entities in regulatory non-compliance may cause higher legal expenses and may also violate its image among its clients. There was no proper controls and checks within the DIFCA and every department were working as a silo Risk Management in SSFS: The main focus of DIFCA is on the development of innovative risk management techniques. DIFCA defines risk management as minimizing overall portfolio volatility, maximizing its revenue with the lowest amount of performance dispersion or minimizing the tracking error of a passive hedging policy against a particular benchmark. The CEO and the Managing director are responsible for managing the team that ensures balance between uncertainty and risk. Current Risk Management Policies, Processes and Principles: DIFCA, Head of Risk and Compliance to manage the risks in an effective manner.

The mandate is to lead a team of enterprise risk professionals that support the business in facilitating risk management. Boards of directors also play an important role of risk manager to manage global risk management in the company. DIFCA has appointed two of top five consulting company to guide the organisation during these difficult times.

Following are charter that is established by DIFCA under its risk management policies- Risk and Capital Committee Charter – Risk and capital committee charter is used by DIFCA that helps in assessment and management of risks and capital adequacy and it is established by the company’s board of directors. It assists the board in fulfilling its responsibilities. Committee members are appointed and replaced by the board on the recommendation of the Nominating and Corporate Governance Committee through its internal compliance team. Following are some authorities and responsibilities of committee: This committee is responsible for discussing with management about company assessment and risk management. It consider different risk such as market, operational, fiduciary, interest rate, liquidity, business and credit risks and policies related with these risk (State Street, 2010). It also provides an oversight over the corporate governance principles and also controls & monitors capital adequacy to manage the risks. It also reviews estimation of economic capital and receives appropriate report. This report is related with assessment, analysis, monitoring, management and mitigation of risk exposures.

Committee is also responsible for reviewing and approving some matters such as portfolio investment securities, strategic investment and provisions for credit and security processing (State Street, 2010). It is also responsible for regulatory matters such as duties and obligations of the board under Basel II. The committee can delegate its responsibility to management, make reports on board, evaluate committee’s performance annually and can review the charter annually to provide recommendations on the potential changes (State Street, 2010). Issues that are considered in risk management by SSFS: Risk is directly related with role of governance in an organization. The process of risk management should be regular, ongoing and transparent as the risk assessment incorporates both internal and external expertise (State Street Corporation 2009). Some issues should be considered, while making risk management process. These are as below: Proper knowledge of risk associated issues. Prepare provisions for advanced risk management and develop an ongoing concept. Establish adequate and regular risk assessment process. Enhance participation of members in fundamental risk process. Conclusion This chapter is quite effective to determine the risk management approach in SSFS. The company analysis is also effective to determine the policies and procedures that should be implemented within the organization to increase the effectiveness of risk management framework. It will also be effective to develop and enterprise risk management model for SSFS.

Chapter 3: Literature Review

Introduction This chapter analyzes a theoretical framework for the risk management. It describe about the risk management as different people consider risk management in different manner. It also provides a framework and process for risk management. The literature review also includes analysis of the journal and articles that are related to the prior research done for risk management framework in the financial service centers. The literature review provides some findings that are beneficial to provide recommendations on risk & compliance management framework, policies and procedures for SSFS. Literature Review Definition of risk Management: According to Isaca (2009), risk management is the process of identifying vulnerabilities and threats to the information resources used by an organization in order to achieve business objectives and to establish measures that will be effective to reduce the impact of these risks (Isaca 2009). The risk management is an effective method for minimizing the adverse effects of risks and maximizing the benefits of incurring the risks.

Egbuji (1999) described opposite the Kerzner (2009) that risk management can be proactive and reactive both. Proactive approach advocates that implementation of control is necessary without waiting the disasters to be happen while in reactive approach implementation of control take place after it happened to mitigate disasters (Egbuji 1999). The process of risk management follows a two phase approach. In first phase analyses and assessment of risk is performed, while the second involves the activities of planning, resourcing, controlling and monitoring to reduce the risk (Egbuji 1999). According to Hillson (2003), risk management is an important management approach that deals with inevitable uncertainty that aims to minimize the risk and to maximize opportunities by maintaining focus on achievement of objectives (Hillson 2003). He further explained that there are number of standard processes that guide businesses to implement the risk management. But the effective risk management requires a clear understanding of risk that is faced by the businesses (Hillson 2003). The clear understanding of the risk is related to the simply identification of risks and to characterize them with the probability of their occurrences and decide their impact on objectives. According to him, risk breakdown structure is a powerful aid for risk identification, assessment and reporting (Hillson 2003). According to Ross & Boadpati (2006), risk management is an ongoing process for managing the identifiable risk of an organization and determining appropriate managerial strategies in order to preserve and insure the assets of an organization (Ross & Bodapati 2006). It includes proactive management techniques that are designed to protect an organization from losses. Risk management process also includes risk controls through risk evaluation, selecting management alternatives, implementing appropriate strategy and monitoring the results of implemented strategy.

The most important objective of risk management is to divert budget dollars from non productive uses to productive uses (Ross & Bodapati 2006). Massingham (2010) exhibited in its research that risk management and knowledge management are related with each other. He described that knowledge is necessary to comprehend and manage the risk. Knowledge can reduce the risk leading to better risk management as knowledge assist risk identification, risk quantification and risk response (Massingham 2010). Process of knowledge management also helps in facilitating risk management such as by transferring knowledge to decision makers, improving accessibility of knowledge, embedding knowledge in controls & system and avoiding the financial catastrophes that is caused by poor risk management.

The different tools of knowledge management helps in manage the risk in a better way (Massingham 2010). Flouris & Yilmaz (2010) used human factor to describe risk management. The research exhibits that risk management is the process of identifying and assessing human factor based risk. Effective management of human resource based risk helps to achieve corporate success. To manage the human factor based risk, it is necessary to emphasis on both more systematic decision framework and some new assessment tools. New human factor risk management model is used that helps in better management of human risk management (Flouris & Yilmaz 2010). According to Damodaran (2008), risk management is part of everyone’s job.

Some decades ago risk management was viewed as finance function in which the CEO plays the role of risk measurer, assessor and punishers. The main function of risk management is risk assessment and risk hedging. With the evaluation of strategic risk management and enterprise risk management, involvement of other person in the organization is also increased. Now risk management has become the part of everyone’s job (Damodaran 2008). Risk management is a set of activities and measures that are aimed to deal with risk to maintain control over the entire organization. In risk management, it is necessary to identify the risk, some other strategies are also necessary for risk management. A standard risk management program includes different aspects such as policies & procedures, code of conduct, internal controls, physical security, communication security, continuity plan and monitoring reviews. To make a standard risk management program, it is necessary that risk management is properly defined in the policies of a firm (Quinn 2007). Schneier & Miccolis (1998) described about holistic risk management approach in their study. Holistic risk management approach directly deals with enterprise risk management. In enterprise risk management (ERM), all risk of a company is considered on an enterprise level.

Practices of ERM are quite different in all organization as each company is unique for a particular risk. ERM is a systematic approach to manage risk, in which risk, risk factors and mitigation programs are considered on a business wide basis (Schneier & Miccolis 1998). Burnaby & Hass (2009) described that the objective of enterprise-wide risk management is to develop strategic corporate objectives that are measurable, identify the risk that may prevent accomplishment of the corporate objectives and to identify strategies that will be helpful in mitigating to those risks (Burnaby & Hass 2009). Risk management includes several steps such as mandate from the top, ERM department & buy-in, decide on control framework, determination of all risks, accessing risks, business unit objectives & performance measures, objectives & control summary, monthly ERM reporting system, analysis by ERM department and continuously monitoring of the processes. Managing risk is the part of corporate governance and ability of an entity to achieve results (Burnaby & Hass 2009). Demidenko & McNutt (2010) described a definition of risk management that is provided by COSO ERM. It is a process that identify potential event that may affect an entity and managing risk within its risk appetite that will help in achieving organization’s objectives. This ERM process is affected by an entity’s board of director, management and other personnel. Other definition is provided by ASNZ 4360 that states risk management as an integral part of good business practices and quality management and it is a continues process of improvement (Demidenko & McNutt 2010). Demidenko & McNutt (2010) described in its research that enterprise risk management is a key component of corporate governance. It helps in balancing the relationships between company’s management, shareholders, board members and other stakeholders.

Risk governance approach helps in developing an ethical ERM system and provides a robust approach to manage an organization’s risk profile. A clear risk management structure with a defined set of accountabilities insures good governance with ethical codes, roles and responsibilities. Audit committee that is facilitated under the risk management focuses on the overall risk profile, framework and internal audit focuses for assurance of effective risk management (Demidenko & McNutt 2010). The different frameworks help to implement the requirements of risk management and internal control such as committee of sponsoring organizations (COSO), ERM and Australian and New Zealand risk management standard (ASNZ) 4360:2004. COSO ERM was developed by the Tread-way Commission in 2004 that helps organizations to establish a better ERM system. The ASNZ 4360:2004 has become an accepted practice approach of risk management in Australasia (Demidenko & McNutt 2010). Figure 1: Source: (Demidenko & McNutt 2010). The above diagram shows the ERM system provided by COSO that includes eight different components such as internal environment, objective setting, event identification, risk assessment, risk response, control activities, information and communication and monitoring. It helps in looking at risk of an organization both internally and externally with an ethical perspective (Demidenko & McNutt 2010). Figure 2: Source: (Demidenko & McNutt 2010). The above figure 2 describes risk management standards provided by ASNZ 4360:2004 that contributes to good corporate governance. This process includes five stages such as establish context, identify risk, analysis risk, evaluate risk and finally treat risk (Demidenko & McNutt 2010). Greanstein & Vasarhelyi (2002) described risk management as a methodology that assesses the potential of future event that may create adverse affects for an organization and implementing cost efficient strategies that help in dealing with these risk. This definition includes different elements such as assessment and identification of future events.

Once future events are identified, the prevention and detection strategies are proposed. The research also described a risk management paradigm that is a continue process to recognizes risk management (Greanstein & Vasarhelyi 2002). It includes five stages such as planning, analyzing, identifying, controlling and monitoring.

Some characteristics for risk management controls such as redundancy, consistency, clearly written policies, fairness, and better communication are also defined in the article (Greanstein & Vasarhelyi 2002). Chelst & Bodily (2000) defined risk management as a set of actions that reduce the impact of less favorable outcomes associated with a strategy. The study exhibits that risk management focuses on to reduce downside risks. The decision tree analysis helps to establish risk management strategy (Chelst & Bodily, 2000). Mbuya (2009) defines risk management as a structured and disciplined approach that aligns strategy, process, people, technology and knowledge with the purpose of evaluating and managing the uncertainty in the organization. The risks are classified as financial & non financial risk, static & dynamic risk, fundamental & particular risk, pure & speculative risk (Mbuya, 2009). Main goal of risk management is to create, protect and enhance shareholder value by managing uncertainties that could influence to achievements of organizational objectives.

The study also describes the process of risk management into three distinct stages namely identification, analysis and management or response (Mbuya, 2009). Maguire (2002) described that many organizations are taking risks with the development of their information system. In information system area, risk is viewed as fire, fraud, computer failure and unauthorized access. The research also explains how the risk is managed in the development of information system such as use previously unused platform failure to deal with known and unknown bugs, develop qualified staff to deal with risk, provide limited access to users and use of system development methodology (Maguire, 2002). Frenkel, Hommel, Dufey & Rudolf (2005) says that risk management is a cure for market imperfections. These imperfections arise due to conflicts of interest among shareholders, distortions introduced by taxes, and transaction cost and legal system. Risk management reduces these imperfections as it is tied directly to the government issues such as how investors monitor, control and compensate to protect their investment in the company (Frenkel, Hommel, Dufey & Rudolf, 2005). According to Das (2006) risk management is the identification of risks (market, credit, liquidity, model and operational risk) and the quantification of risk for the financial loss from the specified risk. To make risk management effective, it is necessary to establish an appropriate risk management function. Risk management function is responsible for the development and implementation of risk policies, monitoring compliances in risk policies and reporting risk information to board of directors and other senior management.

According to Andresen (2007), risk management is the most important competency of the project manager. If project manager acts proactively and rapidly, actively monitor the process and build contingency plan then it will be significant to facilitate an effective project risk management. Risk management procedures: Kallman & Maric (2004) described in their research about a new risk management model. This model captures the important aspects of previous models and at the same time, it attains a flexible format for achieving new discoveries in management (Kallman & Maric 2004). This new model includes five steps such as program development, risk analysis, solution analysis, decision process, and system administration. First step in risk management process is to develop a risk management program. The main purpose of this program is to establish a management system that helps an organization to achieve its goals (Kallman & Maric 2004). This step includes three stages like planning, organizing and writing a risk management policy. In planning, stage risk management objectives are established and the success of this process is directly linked with this step (Kallman & Maric 2004). After planning, organizing stage is performed that deals with fitting the risk management department into the organizational structure, delegating authorities and responsibilities and deciding on allocation of cost. In last, a statement is prepared that describes the risk management process and its goals (Kallman & Maric 2004). Second step in this model is the risk analysis that includes different processes such as identifying, measuring and evaluating the organization’s risk.

Firstly, the risk is identified with the help of different methods and then data is collected on the basis of probability of loss, severity and timing. It helps managers to understand which risk are the most serious constraints to achieve the organization’s goal (Kallman & Maric 2004). Third step in risk management process is the solution analysis. The main purpose of this step is to analyze the possible options that are available to manage the risk. Next stage is the decision process that involves decision models to make decisions, getting the needed support for those decisions and implementing the portfolio of solutions that helps in eliminating the impact of risks (Kallman & Maric 2004). Final stage is system administration. Main purpose of this stage is to understand either the risk management activities are effective in helping the organization to achieve its goals or not. It includes three different stages monitoring, judging and communicating the success of whole program (Kallman & Maric 2004). According to Alexender (1992), risk management process includes a number of stages. First stage is the risk identification.

This stage involves a comprehensive analysis of all risks in the current business operations. These risks include both organizational and managerial risks. It also includes knowledge of the law and legal relationship, human factors and trade action union. A variety of techniques are used to identify the risk.

Second stage is the risk analysis in which identified risk and their impact on the organization is analyzed (Alexender 1992). This analysis is based on different factors such as qualitative and quantities factors. After analyzing the risk, the risk control step is performed. It includes proper response to the risk either by physical or by procedural measure. It also enhances ability of the organization to transfer and allocate risks through various resources. Different organizations use different approach to accept risks that make it essential to identify how much risk can be accepted by an organization. Such as some organization make risk management policies to prevent or cure risks and others seek to transfer or insure (Alexender 1992). The risk handling includes all management decisions to predict future and give response to the risks. Future prediction includes two factors such as knowledge and response.

Knowledge refers what the managers know about the situation and response refers how to give response to the situation in terms of speaking, acting or waiting for situation (Alexender 1992). The last step of risk management process includes the financing to the strategies and planning that are developed to eliminate the risk and to facilitate effective risk management framework. Alexender (1992) exhibited that it is not possible to eliminate the risk completely from the organization. A firm must plan for financing the losses that can occur due to a particular risk. Example of financing the risk is insurance and self funding. The risk management is the responsibility of every person in the business enterprise that helps the organizations to enhance their competitiveness (Alexender 1992). He also describes about contingency planning that encompasses the risk management process and written plans which help an organization to manage the risk. This planning process includes three phases such as pre-emergency, emergency and recovery. If a firm use an effective contingency plan it provides better advantage to the firm by providing protection against uncertainties of businesses (Alexender 1992). Barton & Hardigree, 1995 described in its research about the risk management policy. He says that risk management policy is necessary to guide risk managers.

Risk management policy is prepared with the interaction of both corporate risk manager and the senior management of the firm so that overall risk profile remains in the touch of management team. According to him risk management policy assists risk manager in making decisions regarding to the methods of treatments of loss exposure and levels of retention in the use of insurance policy (Barton & Hardigree, 1995). Enterprise Risk Management Committee, 2003 described in its research about the risk management process that is based on Australian/ New Zealand standard in risk management (AS/NZS, 4360). It describe seven steps process for risk management such as establish context, identify risks, analysis or quantify risk, integrate risk, assess risk and treat risk. These are as below: Establish Context- It starts with identify the relationship of the enterprise with its environment and also with its different stakeholders. It also identifies the SWOT analysis of an enterprise. It also identifies the overall objectives of the enterprise and strategies to achieve these objectives. At last it identifies the risk categories that are relevant to the enterprise (Enterprise Risk Management Committee 2003) Identify Risk- This step start with documenting the conditions and events that creates threats in the achievement of objectives of an organization (Enterprise Risk Management Committee 2003). Analysis and quantify risk- After identify risk it is necessary to analysis the risk by creating probability distribution of outcomes for each material risk. Different qualitative and quantitative techniques are used for this such as sensitivity analysis, scenario analysis and simulation analysis (Enterprise Risk Management Committee 2003). Integrate risk- In this step all risk distributions is aggregated, determine portfolio and correlation effects of risk and finally express the result (Enterprise Risk Management Committee 2003). Assess risk- In this step priority is given to the risk on the basis of contribution of each risk to the aggregate risk profile (Enterprise Risk Management Committee 2003). Treat risk- This step described about different strategies to treat risk such as decision as to avoid, retain, reduce, transfer and exploit risk. In last monitor and review is done in which continue gauging of the risk environment and the performance of risk management strategies are involved (Enterprise Risk Management Committee 2003). Risk management in financial institution According to Sensarm & Jayadev, 2009, risk management is a central activity of commercial bank.

Bank focuses risk management by their activities. Financial system use financial perspective rather than institutional perspective to analysis the risk management. In functional approach the activities of bank is linked with the function performed by them. Financial institutions believe in distributing risk amongst different participants. They found in their research that modern financial institutions are in the business of risk management by undertaking the function of bearing and managing risk on behalf of their customer. They manage risk by pooling risk and sale their services as a risk specialists. An effective risk management in banking system enhances the value of firm and shareholders wealth (Sensarm & Jayadev, 2009). They say that a commercial bank deals with five types of risk like credit risk, interest rate risk, liquidity risk, solvency risk and operational risk. He described risk management as a process that start with identifying risk then quantifying risk and control risk (Sensarm & Jayadev, 2009). According to Cumming & Hirtle, 2001, different financial institutions recently increased their emphasis on consolidated risk management that is some time called as enterprise risk management.

Consolidated risk management refers a coordinated process that measure and manage risk on firm’s perspective (Cumming & Hirtle, 2001). This process is quite different from other processes. This process includes different aspects such as coordinated risk assessment, management of different types of risk that are faced by a firm, an integrated risk evaluation process that links the different geographical locations, legal entities and business lines (Cumming & Hirtle, 2001). Consolidated risk management is not only use for quantify risk but also use in business decision making process that support management to make decisions that is related with risk taken by both individuals business line and firm as whole.

They also discriminate between the risk measurement and risk management (Cumming & Hirtle, 2001). According to them risk measurement is related with quantification of risk exposure that deals with variety of forms such as value-at-risk, earning-at-risk and stress scenario analysis. In contrast risk management refers the overall process in which financial institution follows different phase such as define business strategy, identify risk, quantify risk and control risk (Cumming & Hirtle, 2001). They further described in their research about principles that supervisors should follow to ensure the financial conglomerates that are adequate in identifying and managing risk. These principles are issued by an international forum of banking, securities and insurance supervisors (Cumming & Hirtle, 2001). Risk management in project developments that are related with construction Mills 2001 described about construction industry in their research. He described it as a dynamic, risky and challenging business. He says that risk management is an important part of construction industry in order to help in decision making process. Risk can be managed effectively as risk can affect productivity, performance, quality and the budget of a project. He further described about systematic risk management. Systematic risk management is a management tool that requires practical experience and training for the use of different techniques (Mills 2001). Construction industries face different type of risk such as size of the project, complexity, speed of construction, location of the project and familiarity with work. To manage these risk management process is used that includes different phases such as risk identification, risk analysis and risk response. He described risk identification as a first step. An early identification of risk is helpful for project managers as it provides different benefits such as provide attention of project management on the strategies of the controlling and allocating of risk, highlights area that need further design and development work (Mills 2001). Risk analysis is next step to manage risk.

Different techniques are used to evaluate risk such as code optimization, sensitivity analysis, probabilistic analysis, Monte Carlo simulation and kinetic tree analysis etc. He said in its research only few projects considered risk in a consistent and logical manner and other considered it as subjective. Last step in risk management is risk response. Mills described different way to give response to risk such as avoiding risk, reducing it, transferring it or absorbing it. According to him the best way of give response is to allocate the risk to the party that is interested to accept it. Mills find in its research that risk management does not remove all risk from a project but insures that risk is managed efficiently. It ensures the projects that are genuinely worthwhile are sanctioned (Mills 2001). As SSFS deals in IT sector there are some principles that deal with IT risk management. Isaca, 2009 described in its research about the principles that help in effective management of IT risk. These principles are based on ERM principles (Isaca, 2009). These principles provide a model to manage IT risk by enabling enterprise in establishing practice and benchmark for their performance. Some principles are described with the help of below diagram such as it is necessary to connect business activities to effectively manage the risk.

Combine the management of IT related risk and overall enterprise risk management. Establish balance between the cost and benefit of managing risk. Source: (Isaca, 2009). Establish proper communication system for managing risk and also establish process for IT risk management (Isaca, 2009).

Risk management for Financial Centre Services

Financial centers provide different type of service to different customers. By this reason different type of risk is considered by a financial center. These are as below- Interest Rate Risk- Financial centers face interest rate risk when the maturities of its assets and liabilities are mismatched. It is because the primary securities purchased by financial center have different maturity period then the secondary securities that are sold by these centers (Sounders & Cornett 2008). Market Risk- Market risk arises in financial centers due to the changes in interest rate, exchange rate and other prices that affect the assets and liabilities of these centers (Sounders & Cornett 2008). Credit Risk- It arises when customer of financial centre not paid their loan and securities that is promised by these centers (Sounders & Cornett 2008). Off-Balance-Sheet Risk- This Risk arises due to contingent assets and liabilities of these centers. Foreign Exchange Risk- This risk arises when the change in exchange rate affects the value of assets and liabilities that are used in foreign currencies (Sounders & Cornett 2008). Country and Sovereign Risk- This risk arises when the repayment to foreign investors are interrupted due to some intervention of foreign governments (Sounders & Cornett 2008). Technology Risk and Operational Risk- Technology risk arises when the technological investment of these centers not produce anticipated savings. Operational risk is arises when the existing technology and support system of these centers breakdown (Sounders & Cornett 2008). Liquidity Risk- Liquidity risk arises when liability holders of financial centers such as depositors and insurance policyholders immediately demand for cash (Sounders & Cornett 2008). Insolvency Risk- Insolvency risk is the outcome of a risk faced by an organization such as interest rate risk, market risk, credit risk, country risk etc. In this risk financial centers do not have enough capital to offset the values of its assets relative to its liabilities (value decline due to some type of risk) (Sounders & Cornett 2008).

Framework for measurement of risk

Measuring Interest Rate Risk

Cite this page