Risk weighting

A speci c aspect of FLEXIBLE REQUIREMENTS involves expressing a value for risk using RISK WEIGHTING. Requirements can be expressed as FLEXIBLE AGREEMENTS

and achieving them usually requires FLEXIBLE PLANS.

38 Risk weighting

Example: Large banks are now calculating the cost of operational risk in terms of expected losses and the cost of economic capital required to cover extreme losses from operational risk events. This means that if they can project the implications of action plans for operational risk then they can put a cost on that risk and include the cost along with other money amounts when making decisions.

RISK WEIGHTING is a way of expressing FLEXIBLE REQUIREMENTS about risk and can be used to guide people in any decision, including decisions about controls.

™™™

When decision-making under uncertainty is delegated it should be controlled.

In large organizations there is a need to delegate decision-making, including decision-making under risk and uncertainty. This doesn’’t always bring happy results. For example, when people are worried that their performance is poor (perhaps compared to targets they have been given) they tend to be more willing to take poor risks in the hope of getting lucky and seeing a sharp improvement in results. Usually this makes things worse.

This can be more dangerous if the system for deciding rewards and promotions does not recognize differences in the circumstances under which people work and severely punishes poor performance relative to others even though it is partly caused by those circumstances. For example, the performance of bank branch managers is not directly comparable because some branches have more favourable locations than others. Sales people are given territories or types of customer or

product, which again can be inherently different. Indeed it is dif cult to think of situations where conditions are not different in some way.

This means that managers working under less favourable conditions are faced with a stark choice:  nd a way to raise performance despite the circumstances or get the sack. This makes poor risk-taking rational from a manager’’s point of view because if the manager doesn’’t take the risk it’’s the sack anyway. This is thought to have been one of the risk factors at work in Enron.

Clearly, risk is an important factor in decisions and it helps to give it explicit consideration within sensible guidelines.

The control mechanism in RISK WEIGHTING, in its most sophisticated form, is to prescribe (at least partially) the way risk is to be calculated and the way that risk is to be weighted in decision-making. Other forms do not involve explicit consideration of risk but instead focus on limits for risk factors, including behaviour. This can be used in different ways:

By asking individuals and teams to follow the prescribed approach.

•

By applying the prescribed approach when giving approval for actions.

•

By measuring performance using the prescribed approach.

•

Situations where this is relevant include ongoing business activities whose risks and results  uctuate with changing conditions, activities that involve frequent but relatively small investment decisions (e.g. trading in securities), and investments in relatively larger projects where it is possible to give deeper consideration to each investment. It is commonly applied to decision-making about what controls are worthwhile.

There are many examples of weighting risks and they illustrate different approaches:

‘‘Risk appetite statements’’ often include many total bans on speci c activities.

•

In effect this is saying that a huge negative weight is attached to the risk arising from those activities.

‘‘Risk appetite statements’’ also contain statements saying that activities or,

•

alternatively, the risk arising from them must not go beyond certain levels. In effect, these say that any extent below the limit is  ne, but any extent above the limit has a massive negative weight. Sometimes the implied weighting below the limit is equal for all levels and sometimes it varies with extent of activity/risk.

Project business cases sometimes include a  nancial projection using discounted

•

cash  ow methods. The discount rate used can depend on risk, or the rate of return required of a project can be adjusted depending on the level of risk.

Some project business case methods use a risk scorecard of some kind and a

•

crude system of points to reach a risk score, which then feeds into the decision-making in some way.

A very simple approach is to ask people how much they would be willing to

•

pay for complete mitigation of a (downside) risk. This provides very useful guidance to controls design and Willing To Pay (WTP) protocols have a huge

scienti c literature which provides guidance on how to ask the questions and where people usually give good answers.

In  nancial services a very widely used approach at a high level is to calculate

•

risk adjusted performance measures, usually Risk Adjusted Return on Capital (RAROC) and sometimes Economic Value Added (EVA).²

Another approach is to charge for capital at a rate that varies with the amount

•

of capital according to a simple formula. The greater the amount of money at risk, the higher the charge rate, re ecting the impact on the risk position of the organization as a whole.

If alternative courses of action (e.g. investments or sets of investments) are

•

evaluated to give each an estimated return and an estimated risk level then these can be plotted on a scatter graph and most alternatives can usually be eliminated from consideration by very simple logic. A course of action can be taken out of consideration if there is another that offers the same rewards for lower risk, greater rewards for the same risk, or of course greater rewards for less risk. The alternatives that remain after doing this trace out the risk-ef cient frontier. Some further judgements are needed to decide between actions on the risk-ef cient frontier but this can be done by direct comparisons or by plotting risk-indifference lines i.e. lines that connect points on the scatter graph where combinations of risk and return are equally desirable.

Risk-weighting methods that link risk to weights smoothly are usually better than crude limits. People do not act within a limit just because it is set. They need to feel that more downside risk is worse, even before a very dangerous level is reached.

This discourages them from playing the game of spending their risk budget up to the limit on poor risks in the hope of rescuing poor performance. They also need to feel that even for risk levels beyond those their organization will approve, the further they go the worse it is. This again discourages the ‘‘What the heck, I’’m in trouble anyway’’ attitude.

In summary, RISK WEIGHTING gives guidance and/or instruction to people about how to weigh risk in decisions, encouraging effective delegation. If a smooth weighting function is used this encourages sensible decision-making. Therefore:

Devise, agree, and communicate appropriate policies on measuring and weighting risk in decision-making.

™™™

There are no subsidiary control patterns to this one in this book.