10 June 2010
Published in: Risk governance
Approach your risk with CARE
A CARE report is like an applied actuarial view of the ERM process, explain Andy White and Jeremy Waite who summarize the key features of a project on comprehensive actuarial risk evaluation undertaken by the IAA.
A working party of the International Actuarial Association recently undertook a project to consider what dimensions of risk should be considered in an enterprise risk management (ERM) assessment. The working group consisted of 15 actuaries and non-actuaries from five countries (including two Australian fellows).
The resultant report is a working paper. It's not intended as a standard of practice but rather to encourage discussion that might someday lead to the establishment of a standard for actuarial risk assessment. The report "Comprehensive Actuarial Risk Evaluation (CARE)" has recently been published by the IAA (under the Enterprise & Financial Risk Committee) and is posted on the association's website:
http://www.actuaries.org/CTTEES_FINRISKS/Documents/CARE_EN.pdf.
This article aims to give insight into the core ideas presented in the paper.
ERM background
ERM has moved up the agenda of many organizations, particularly as a result of the recent global financial crisis. The CARE paper considers the core elements of an enterprise-wide risk assessment from an actuarial perspective.
This is an area where actuaries can find a useful role for their expertise and experience because of their alternative risk perspective and unique skills that set them apart from many other professions in the ERM area. For example, the European Solvency II mission has explicitly stated the roles that it expects actuaries to fulfil in the new regulatory environment (article 48 - actuarial function, directive of the EU parliament (Solvency II), Strasbourg 25 November 2009).
The financial crisis revealed some significant gaps in risk management. The underlying cause was, in truth, a variety of contributory factors. One factor, often singled out as a root cause, is the reliance the banking industry placed on their mathematical models. There are two elements to this issue, firstly the extent and use of the models to make informed decisions, and secondly the models themselves.
Mathematical models are deductive by nature, and simplifications of real life. The problems with models can be the premise, the use or the validity/accuracy of the underlying process they try to represent. There is scope for fundamental misunderstandings between model creators (and their models) and management who make decisions based upon the outputs.
As the designers and owners of many risk models, actuaries are well positioned to understand precisely how much reliance should be placed on models and where additional judgment is needed. The failure of management to understand the nature of the models and any associated over-confidence in their decision-making ability can be addressed, at least in part, by having a CARE performed by an actuary.
The Committee of Sponsoring Organizations of the Treadway Commission (COSO) is a private sector initiative that has a well established ERM framework, as shown in figure 1. The sponsors are the five main accounting professions in the US.
The framework is useful as it clearly lays out the multi-dimensional nature of risk and places strategy as the first step of this framework. It is important to consider risk in a strategic context. For example, risk depends on the organizational frame of reference, i.e. the core competences of the firm; what is highly risky for one firm may be business as usual for another. The CARE can play a role in being objective and independent in the assessment of the risks for the firm, given their context, history, culture and strategic positioning, and works within this framework.
Figure 1: The COSO ERM framework
Risk assessment
As can be seen in figure 1, risk assessment is a key step in any ERM framework, and a CARE is primarily used to support risk management activities. While a CARE might be part of a process for determining accounting values or solvency values for risk, it is primarily intended to support the work of making decisions to treat or not treat risks. There are three broad categories of risk management uses for risk assessments:
- loss controlling,
- risk trading and
- risk steering
This is illustrated by the following graphic, and shows how risk management can be used with different levels of strategic linkage in any particular firm. One of the core goals of any company is to gain competitive advantage over its rivals, and choosing how to deal with risks is crucial to this strategic activity.
Figure 2: Uses of risk assessments
Within this article and the CARE paper the definition of risk used is the potential for an outcome with negative consequences. A negative consequence can be the failure to meet objectives, fulfill realistic expectations or take advantage of a positive (profitable) opportunity. To fully evaluate risk we must look at all potential negative outcomes. Narrowly defining risk can make evaluation more convenient -- but incorrect, like looking for your lost keys under the nearest lamp post because that's where the light is.
Common failings in risk assessment include:
- relying too heavily on historical data (e.g. assuming house prices will continue to rise);
- focusing on narrow measures;
- overlooking knowable risks;
- overlooking concealed risks; and
- failing to communicate (risk managers/actuaries not communicating the model error well enough)
A CARE report would provide a platform to discuss the issues of risk in a company-specific context, it can make recommendations and it would be a useful read for auditors and shareholders alike.
The CARE paper
A key component of the CARE paper is the multi-dimensional nature of risk. The dimensions selected in the paper are not intended to be exhaustive. The key dimensions to consider include:
- market-consistent value vs. fundamental value;
- accounting basis vs. economic basis;
- regulatory measure of risks;
- short -term vs. long-term risks;
- known risks vs. emerging risks;
- frequency risk (earnings volatility) vs. severity risk (solvency);
- stand-alone vs. full portfolio risk; and
- risk types
There is more detail in the full paper but the following covers briefly the core risks considered:
Market-consistent value vs. fundamental value
All businesses use fundamental analysis to make decisions. Without it there would be no trading and no market. Market- consistent analysis substitutes the analyst's own judgment for that of the market. Where a company has sufficient expertise to refine models and assumptions to reflect a risk to a company's individual profile better than using market assumptions, these should be documented and the difference between these and market assumptions should be identified. Market assumptions can also help to identify the view external stakeholders may take of a company's actions.
Accounting basis vs. economic basis
Accounting rules can never reflect all the specifics of a company's performance. The economic view attempts to do this, reflecting the true value creation within the company and reflecting the interplay between risk taken and reward achieved. The accounting basis is, however, the view of the company seen by shareholders (and other stakeholders) and ignoring this dimension could lead to deviations to the cost of capital and lost business opportunities.
Regulatory measures of risk
Regulatory measures of risk and capital are crucial to the ongoing operation of the company. If a firm views its risk level as lower than the regulator does and the firm follows what it believes to be the "true" value and cost of risk, this could lead to problems meeting regulatory standards. If a firm views its risk level as greater than the regulator does, then focusing only on regulatory requirements could miss any risks specific to the institution which are not covered in the regulator's approach.
Short-term vs. long-term risks
True value creation requires a view of the ultimate value (i.e. the long-term value). If the short term is ignored, though, the entity may not be in a position to recognize the long-term value created. Companies that become insolvent can rarely trade out of that insolvency; short-term volatility in share price and financing costs can have a material impact on a company's performance and cannot be ignored.
Known risks vs. emerging risks
There is a degree of Knightian uncertainty in all risks, rather than binary delineation of known and unknown. Allowing for risks that are unknown cannot be an exact science by definition. Consideration should be given to risks which may fall outside of experience to date and may be towards the unknown end of the continuum of degrees of uncertainty.
Frequency risk (earnings volatility) vs. severity risk (solvency)
Statistical techniques work well for quantifying high-frequency risks which are the risks which will be the most important in the short-term. They do not work as well for quantifying low-frequency/high-severity risks which are more important in the long-run. For these risks, other techniques are available such as scenario analysis. The use of judgement is essential for severity and/or unknown risks and the analyst needs to be appropriately sceptical towards model quantification.
Stand-alone vs. full portfolio risk
For risk control, it is usually more practical to set a limit for each risk on a stand-alone basis. For risk pricing, stand-alone risk levels are often indicative of market pricing. The interaction between risks is also crucial to a company, the difference between the sum of the individual risks and the portfolio view being the diversification benefit. Risk steering is primarily concerned with effective utilization and allocation of any diversification benefit. The diversified view allows management to direct the risk-taking of the firm.
Risk types
Liquidity risk is different from the accounting, economic or regulatory views of risk, and can be of critical importance (as recent history shows). It involves access to cash or cash equivalents when needed and may differ for different time frames.
A framework for communicating the outputs of a CARE can be seen in figure 3 below.
Figure 3: Description of a CARE report
Not every single aspect of risk can be considered in every evaluation, so the communication of the limitations of any analysis is crucial. This includes avoiding over-reliance on any particular model and abandonment of judgement.
Any situations of deficient data should be identified along with any significant assumptions (implicit or explicit) and any areas where the models used diverge from reality. It is just as important to consider what is not covered by a model or analysis as it is to understand what is.
It's worth recalling The Financial Modelers' Manifesto that Emanuel Derman and Paul Wilmot issued at the end of 2008: "I will never sacrifice reality for elegance without explaining why I have done so. Nor will I give the people who use my model false comfort about its accuracy. Instead, I will make explicit its assumptions and oversights."
Andy White is actuarial manager, QBE Australia Asia Pacific
Jeremy Waite is executive director - actuarial & financial modelling, Willis Re Australia
Comments
You need to be registered and signed in to post a comment