Risk accounting

Last updated

Risk accounting is a method that quantifies granular exposures to non-financial risks, aggregates them, and accounts for these exposures through expected loss accounting provisions. [1] [2]

Contents

Background

Risk accounting is an extension of management accounting, aiming to enhance corporate reporting by measuring and documenting the potential future financial effects of various non-financial risks. [1] [3] [4] These include cyber, supply chain, operational, environmental, geopolitical, conduct, fraud, model, and other types of risks. [1]

Current accounting standards acknowledge that a business may face significant non-financial risks in one period, with the financial impacts of these risks reported in subsequent periods. [3] This practice of recognizing risks and potential profits in one period, followed by reporting financial losses in later periods, can undermine stakeholders' trust in reported accounting profits. [3] Moreover, these standards might allow some businesses and individuals to inadequately address risks concerning investors, customers, the environment, public health and safety, and community welfare. [3]

Risk accounting method

Risk accounting introduces the Risk Unit (RU) to measure non-financial risks, enabling their quantification, aggregation, and reporting. This approach uses three primary metrics: Inherent Risk, which quantifies the pre-mitigation level of non-financial risk in RUs; the Risk Mitigation Index (RMI), assessing the effectiveness of risk mitigation activities on a zero to 100 scale; and Residual Risk, representing the remaining non-financial risk after mitigation. [3] [5]

The methodology refines traditional risk assessments by using numeric weights and risk factors instead of the conventional red, amber, and green (RAG) metrics, allowing for a precise calculation of RMI for each assessed business component. [3]

The non-financial risk Calculation Engine works with accounting systems and enhanced assessments to estimate daily maximum and actual non-financial risk exposures in RUs, considering inherent risks and RMIs. [3]

Risk accounting provides daily non-financial risk analytics by business component, product, customer, and location, facilitating the monitoring of risk exposures against predefined RU-based limits. [3] These analytics allow for comparisons across different organizational levels and between entities, provided the methodology is consistently applied. [3]

Monetary value of an RU

Risk accounting aims to quantify the monetary value of a Risk Unit (RU), termed RUm, by analyzing non-financial risk-related loss data with a specific context, including the relevant RUs and Risk Mitigation Indices (RMIs) at the time of loss. [3] This enables the estimation of expected non-financial risk-related losses by multiplying residual RUs by RUm. [3]

Risk accounting provides daily non-financial risk analytics in RUs across business units, products, customers, and locations, allowing for the monitoring of risk exposures against set risk limits in RUs. [3] This facilitates consistent risk comparison across the organization. [3]

Using statistical models and back-testing to examine the relationship between product-specific non-financial risk exposures in residual RUs and historical loss data may allow for determining RUs' monetary value. [3] This could enhance the accuracy of estimating expected non-financial risk-related losses and potentially provides an alternative to the operational risk regulatory capital calculations specified in the Basel Accords. [3] [6]

AI-based enterprise data fabric for risk accounting

Semantic technologies, such as ontology-based knowledge bases, contribute to the development of enterprise data fabrics by facilitating data integration and improving artificial intelligence (AI) functionalities. [3] These functionalities include detecting and addressing potential cyber threats and conducting advanced risk analytics. [3] This integration forms a knowledge base When integrated with a graph database. [3]

In the context of data integration, a knowledge base acts as a foundational element for a data fabric. [3] The application of semantic technologies notably improves the capabilities of machine learning (ML) and natural language processing (NLP). [3] As a result, ontologies, along with ML and NLP technologies, form a set of tools for implementing a risk accounting framework. [3] This effectiveness stems from their capacity to tackle risk data aggregation challenges and utilize AI agents for enhanced risk and control assessments. [3]

Related Research Articles

<span class="mw-page-title-main">Risk management</span> Identification, evaluation and control of risks

Risk management is the identification, evaluation, and prioritization of risks followed by coordinated and economical application of resources to minimize, monitor, and control the probability or impact of unfortunate events or to maximize the realization of opportunities.

Security management is the identification of an organization's assets i.e. including people, buildings, machines, systems and information assets, followed by the development, documentation, and implementation of policies and procedures for protecting assets.

<span class="mw-page-title-main">Analytics</span> Discovery, interpretation, and communication of meaningful patterns in data

Analytics is the systematic computational analysis of data or statistics. It is used for the discovery, interpretation, and communication of meaningful patterns in data. It also entails applying data patterns toward effective decision-making. It can be valuable in areas rich with recorded information; analytics relies on the simultaneous application of statistics, computer programming, and operations research to quantify performance.

Operational risk is the risk of losses caused by flawed or failed processes, policies, systems or events that disrupt business operations. Employee errors, criminal activity such as fraud, and physical events are among the factors that can trigger operational risk. The process to manage operational risk is known as operational risk management. The definition of operational risk, adopted by the European Solvency II Directive for insurers, is a variation adopted from the Basel II regulations for banks: "The risk of a change in value caused by the fact that actual losses, incurred for inadequate or failed internal processes, people and systems, or from external events, differ from the expected losses". The scope of operational risk is then broad, and can also include other classes of risks, such as fraud, security, privacy protection, legal risks, physical or environmental risks. Operational risks similarly may impact broadly, in that they can affect client satisfaction, reputation and shareholder value, all while increasing business volatility.

Underwriting (UW) services are provided by some large financial institutions, such as banks, insurance companies and investment houses, whereby they guarantee payment in case of damage or financial loss and accept the financial risk for liability arising from such guarantee. An underwriting arrangement may be created in a number of situations including insurance, issues of security in a public offering, and bank lending, among others. The person or institution that agrees to sell a minimum number of securities of the company for commission is called the underwriter.

Basel II classified legal risk as a subset of operational risk in 2003. This conception is based on a business perspective, recognizing that there are threats entailed in the business operating environment. The idea is that businesses do not operate in a vacuum and in the exploitation of opportunities and their engagement with other businesses, their activities tend to become subjects of legal liabilities and obligations.

Basel II is the second of the Basel Accords, which are recommendations on banking laws and regulations issued by the Basel Committee on Banking Supervision. It is now extended and partially superseded by Basel III.

Financial risk management is the practice of protecting economic value in a firm by managing exposure to financial risk - principally operational risk, credit risk and market risk, with more specific variants as listed aside. As for risk management more generally, financial risk management requires identifying the sources of risk, measuring these, and crafting plans to mitigate them. See Finance § Risk management for an overview.

The chief risk officer (CRO), chief risk management officer (CRMO), or chief risk and compliance officer (CRCO) of a firm or corporation is the executive accountable for enabling the efficient and effective governance of significant risks, and related opportunities, to a business and its various segments. Risks are commonly categorized as strategic, reputational, operational, financial, or compliance-related. CROs are accountable to the Executive Committee and The Board for enabling the business to balance risk and reward. In more complex organizations, they are generally responsible for coordinating the organization's Enterprise Risk Management (ERM) approach. The CRO is responsible for assessing and mitigating significant competitive, regulatory, and technological threats to a firm's capital and earnings. The CRO roles and responsibilities vary depending on the size of the organization and industry. The CRO works to ensure that the firm is compliant with government regulations, such as Sarbanes–Oxley, and reviews factors that could negatively affect investments. Typically, the CRO is responsible for the firm's risk management operations, including managing, identifying, evaluating, reporting and overseeing the firm's risks externally and internally to the organization and works diligently with senior management such as chief executive officer and chief financial officer.

Enterprise risk management (ERM) in business includes the methods and processes used by organizations to manage risks and seize opportunities related to the achievement of their objectives. ERM provides a framework for risk management, which typically involves identifying particular events or circumstances relevant to the organization's objectives, assessing them in terms of likelihood and magnitude of impact, determining a response strategy, and monitoring process. By identifying and proactively addressing risks and opportunities, business enterprises protect and create value for their stakeholders, including owners, employees, customers, regulators, and society overall.

Financial risk is any of various types of risk associated with financing, including financial transactions that include company loans in risk of default. Often it is understood to include only downside risk, meaning the potential for financial loss and uncertainty about its extent.

Predictive analytics is a form of business analytics applying machine learning to generate a predictive model for certain business applications. As such, it encompasses a variety of statistical techniques from predictive modeling and machine learning that analyze current and historical facts to make predictions about future or otherwise unknown events. It represents a major subset of machine learning applications; in some contexts, it is synonymous with machine learning.

A risk management information system (RMIS) is an information system that assists in consolidating property values, claims, policy, and exposure information and providing the tracking and management reporting capabilities to enable the user to monitor and control the overall cost of risk management.

Customer attrition, also known as customer churn, customer turnover, or customer defection, is the loss of clients or customers.

Loss given default or LGD is the share of an asset that is lost if a borrower defaults.

Information Framework (IFW) is an enterprise architecture framework, populated with a comprehensive set of banking-specific business models. It was developed as an alternative to the Zachman Framework by Roger Evernden.

Collateral has been used for hundreds of years to provide security against the possibility of payment default by the opposing party in a trade. Collateral management began in the 1980s, with Bankers Trust and Salomon Brothers taking collateral against credit exposure. There were no legal standards, and most calculations were performed manually on spreadsheets. Collateralisation of derivatives exposures became widespread in the early 1990s. Standardisation began in 1994 via the first ISDA documentation.

Profit risk is a risk management tool that focuses on understanding concentrations within the income statement and assessing the risk associated with those concentrations from a net income perspective.

Under the Basel II guidelines, banks are allowed to use their own estimated risk parameters for the purpose of calculating regulatory capital. This is known as the internal ratings-based (IRB) approach to capital requirements for credit risk. Only banks meeting certain minimum conditions, disclosure requirements and approval from their national supervisor are allowed to use this approach in estimating capital for various exposures.

Currency analytics comprise the framework, technology and tools that enable global companies to manage the risk associated with currency volatility. Currency analytics often involve automation that helps companies access and validate currency exposure data and make decisions that mitigate currency risk.

References

  1. 1 2 3 Grody, Allan D.; Hughes, Peter J. (2016). "Risk Accounting: The Risk Data Aggregation and Risk Reporting (BCBS 239) Foundation of Enterprise Risk Management (ERM) and Risk Governance". SSRN Electronic Journal. doi:10.2139/ssrn.2726638.
  2. "Comments on Risk Accounting". Journal of Risk Management in Financial Institutions. 9 (4): 413–420. October 1, 2016 via IngentaConnect.
  3. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 Butler, Tom; Brooks, Robert (October 26, 2023). "Time for a paradigm change: Problems with the financial industry's approach to operational risk". Risk Analysis. doi: 10.1111/risa.14240 via CrossRef.
  4. "ESG, sustainability, and non-financial risks a call for action".
  5. Hughes 2023, p. 189.
  6. Hughes 2023, pp. 145–146.

Works cited

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.