fbpixel Introduction to Risk Management | IFT World
IFT Notes for Level I CFA® Program

LM06 Introduction to Risk Management

Part 2


4. Risk Governance – An Enterprise View

4.1 An Enterprise View of Risk Governance

Risk governance is a top-down process that defines risk tolerance and provides guidance to align risk with enterprise goals. It includes guidance on unacceptable risks and worst losses that can be tolerated.

An enterprise risk management perspective deals with the whole organization. The governing body drives the risk framework in the following ways:

  • It determines the goals of the organization.
  • It is responsible for providing risk oversight to ensure that value is maximized.
  • It determines the risk tolerance level; which risks are acceptable, which risks to mitigate, and which risks are unacceptable. The process includes guidance on worst losses that can be tolerated for every scenario.

Elements of good risk governance are as follows:

  • To provide a forum where management can discuss the risk framework and key issues that come up during execution.
  • Form a risk governance committee to oversee the implementation of the framework at an operational level relative to the high level oversight by the governance body.
  • Appoint a chief risk officer (CRO) to build and implement the risk framework for the entire enterprise.

5. Risk Tolerance

Risk tolerance identifies the extent of losses an organization is willing to experience. Risk tolerance focuses on the appetite for risk of an organization in its pursuit of achieving goals and maximizing value. The process involves defining:

  • Which risks are acceptable and which risks are not acceptable?
  • How much risk can the entity be exposed to?

The risk tolerance decision begins with two different analyses:

  • Inside view: What shortfalls within the organization will cause it to fail or not achieve certain goals?
  • Outside view: What uncertain forces is the organization exposed to?

Using these two views in conjunction, the board will:

  • Define which risks to take and which risks not to take.
  • Determine the risk appetite: how much of these risks to take.
  • Communicate risk tolerance before a crisis.
  • Provide a high-level guidance to management in strategizing and choosing activities.

There are no standard formulas to determine the risk tolerance of a company. Some of the factors that will help a board determine its risk appetite are as follows:

  • Company’s areas of expertise and goals.
  • Ability to respond dynamically to adverse events: The higher the ability, the higher the level of risk tolerance.
  • The amount of loss a company can bear without impacting its status as a going concern.
  • The company’s position in the industry, and how it fares relative to its competitors.
  • Government and regulatory landscape where the company operates.
  • Quantitative analyses such as scenario analyses, macro analyses. etc.

Once risk tolerance is determined, the objective of the overall risk framework should be to align risk exposure with the enterprise’s risk appetite.

6. Risk Budgeting

Risk budgeting helps determine how or where risks are taken and quantifies tolerable risks by specific metrics; risk budgeting should drive hedging strategies (not the other way round).

Risk budgeting allocates investments or assets by their risk characteristics rather than by a common classification of asset class such as stocks, bonds, real estate, etc. For example, the risk view of a portfolio might be that it is driven 70% by global equity returns, 20% by domestic equity returns, and 10% by interest rates, or a portfolio that has 45% illiquid and 55% liquid securities.

How risk budget is measured

  • It can be a complex, multi-dimensional measure that evaluates risks based on their asset classes such as equity, commodities, and real estate and then allocates investment by their asset class.
  • It can also be a simple, one-dimensional risk measure such as standard deviation, beta, and value at risk and scenario loss.
  • Risk factor approaches are also used, in which exposure to various factors is used to determine risk premiums.
  • Example: portfolio beta is limited to 1.

One of the biggest benefits of the risk budgeting process is that it forces a firm to consider risk trade-offs. By adopting risk budgeting, it helps a business to:

  • Choose the project with the highest return per unit of risk.
  • Choose between doing less risky investments and more risky investments whose risks have been hedged.
  • Compare active versus passive strategies. This helps businesses make decisions to add active value while staying within the risk tolerance levels.

2025 CFA Exam Packages Now on Sale! See below.
This is default text for notification bar