Home > CFA Level 1 > Measuring and modifying risks

Measuring and modifying risks

Firms must take action to modify their exposure so as not to violate their risk tolerance. But this requires measurement of risk which requires an understanding of the basic elements that drive risk.

Risk drivers

Financial risks largely emanate from economic risks, which in turn emanate from uncertainties faced by economies, industries, and companies. When investors absorb new information, they make trades resulting in price fluctuations in financial markets. Economies are driven by the companies that operate within them, but also by the actions of government and government agencies, such as central banks. Taxes, regulations, laws, and monetary and fiscal policy establish a legal and economic environment that affect the level of economic activity in an economy and an industry. Sometimes these harmonize economic cycles while at other times, they may worsen those. Some industries are stable while others are cyclical.

Uncertainties of global and domestic macroeconomic and central bank policies create risks for economies and industries which is often considered systematic. But at the individual company level, risks are unsystematic or idiosyncratic. The basic principle of portfolio management is that the unsystematic risk should be diversified away and ignored. But this does not apply to a company’s management because they cannot diversify their way out of it.
While risk management can help reduce some of the risks, such as the likelihood of default of a company, it cannot control all risks, such as the risk of movement in interest rates, etc.

Risk metrics

The most basic metric associated with risk is probability, but it is an incomplete measure. Other measures include standard deviation, a measure of the dispersion in a probability distribution. It offers a range over which a certain percentage of the outcomes would be expected to occur. However, it does have significant limitations: (a) it is not appropriate for non-normal distributions, and (b) it overstates the risk of that asset’s returns in the context of a diversified portfolio. Hence, for a diversified portfolio, beta, a relative measure of risk is relevant. Beta is particularly useful for a portfolio of equities, but it is also not a complete measure of risk. For example, it does not reflect risks inherent in derivative instruments.

Measures of risks of derivatives

Even though derivatives are used to manage risk, they contain risks of their own. There are several specialized measures of derivatives risk (called the Greeks):

  • Delta: Measures sensitivity of the derivative price to a small change in value of the underlying. It is a first-order measure of risk.
  • Gamma: Measures the rate of change in delta. It is a second-order measure.
  • Vega: Measures sensitivity of derivatives to changes in volatility of the underlying.
  • Rho: Measures sensitivity of derivatives to changes in interest rates.


Duration is a specialized measure of interest rate risk, the principal risk inherent in bonds.

Value at risk

Value at risk (VaR) is a measure of risk that can be applied to all instruments. It measures the minimum loss sustained by a company during a period given a probability. It has three elements: an amount, a time period, and a probability. For example, a VaR of $1 million at 1% for one month means that the company can lose a minimum of $1 million during one month 1% of the time. It may be used to assess credit risk but since credit risk is asymmetric, calculation of VaR would be complex.

Weaknesses of VaR as a measure of risk

Even though VaR is a simple measure, it has its weaknesses. It is a measure of minimum loss and does not provide any information about the maximum loss. There are different ways in which VaR can be calculated each resulting in a different value. Further, its calculation depends on the assumption regarding the distribution of returns.

Despite its weakness, it is popular with banking regulators and accounting standard-setters. There are some other variants of VaR, such as the conditional VaR (CVaR), which is the weighted average of all loss outcomes in the statistical distribution that exceed the VaR loss. Another measure is the expected loss given default, which measures the average loss, if default is confirmed. VaR can understate the risk because it understates extreme negative returns. It is important to further analyze the extreme outcomes through the extreme value theory, which is concerned with the statistical characteristics of outcomes that occur in the tails of the distribution.

Scenario analysis and stress testing

VaR is often supplemented with scenario analysis and stress testing, which are what-if analyses. Scenario analysis is a process through which a set of changes are applied to a portfolio simultaneously, such as a decline in interest rate coupled with a decline in currency value. Stress testing, on the other hand, is concerned with extreme specific asset price moves that would occur only rarely but would be devastating. Even though they can provide information about a company’s risk, they are also subject to model risk.

Measures for credit risk

The measures mentioned above are more relevant for market risk. Credit risk is better assessed using credit ratings. But many lenders also conduct their own analysis of credit risk. which focuses on creditor’s liquidity, profitability, and leverage. Credit analysis is also concerned with the strength of cyclicality of the industry. Others measures include credit VaR, probability of default, expected loss given default, and the probability of a credit rating change.

The problem with credit analysis is that often organizations do not have any history of default, hence estimating the likelihood of default is difficult. Risk managers normally address this by aggregating companies with similar characteristics. Alternatively, they may imply from market pricing of derivatives, such as credit default swaps.

Measurement of operational risk

Operational risk is also difficult to measure. Just like with credit risk, there is no history of default. Hence, attempts to quantify such risks depend on the aggregation of operational risk events across numerous companies and publishing the statistics. Analysis of other risks, such as regulatory compliance risks, depends on subjective evaluation of the likelihood of such losses.

In summary, market-related risks are better quantified due to availability of data, but credit, operational, and other risks are somewhat rare events, hence a more subjective approach might be needed.

Methods of risk modification

Risk modification depends on determination of risk tolerance and risk measurement. It is not necessarily a risk reduction, but can involve an increase in risk, for example where the current risk level is too low given the return requirement. But generally, the focus of risk management is risk reduction. Major categories of risk modification include risk prevention and avoidance, risk acceptance, risk transfer, and risk shifting.

Risk prevention and avoidance

Risk prevention and avoidance is one extreme in risk management. It is extreme because the cost of totally eliminating risk might be too much, for example, it might yield extremely low returns, and in reality, companies must choose a trade-off between cost and benefits. The decision to avoid certain activities due to their risk is taken at the board level.

Insurance companies may engage in risk avoidance by offering lower premiums to drivers with safe driving records, or to people who don’t smoke.

If the risk exceeds the acceptable level, it can be managed using either self-insuring, risk transfer, and risk shifting.

Risk acceptance: self-insurance and diversification

Self-insurance is when an entity bears a risk without reducing it through external means but may create a reserve to cover losses. For example, a young person may choose not to have health insurance, but may set aside some money in the event he falls sick. Similarly, banks provide self-insurance by maintaining sufficient capital and loan loss reserves.

Good risk governance may allow self-insurance if the risks taken are in line with the enterprise’s risk tolerance. But if the risk is too high given the risk tolerance, self-insurance may effectively mean that the entity is ignoring the risk.

Another risk acceptance measure is diversification but it is usually not effective in isolation.

Risk transfer

Risk transfer is when a company passes on a risk to another party, often an insurer. The insurance business is based on diversification. An insurer sells many policies on risks that often have low correlations. It charges premiums based on expected costs of insurance plus its operating costs and profits.

But they too need to manage their risk by avoiding writing too many policies with similar risks and by selling some of the risks to another insurer, a practice known as reinsurance. Even some insurance companies have issued bonds whose principal and interest decrease when insurance claims are high. In this way, they can transfer some insurance risk to bondholders. Further, many insurance policies contain a provision called deductible, which is a monetary amount of the loss that will be covered by the insured before any claims are paid. However, some risks are such that diversification is not possible, for example extremely unusual risks.

Another means of risk transfer is a surety bond, an instrument that obligates an insurer to pay an insured a sum of money if a third party defaults on its obligation. Other similar instruments include fidelity bond (which covers against losses that result from employee dishonesty), indemnity clauses and hold-harmless arrangements.

Risk shifting

Risk shifting refers to actions that change the distribution of risk outcomes. It diverts some portion of the risk distribution to another market participant who either bears the risk or transfers it to yet another party. For example, an organization might curtail its upside if doing so would save it from heavy loss.

Derivatives are the tools used in risk-shifting. It is because they are efficient in that they can provide the same exposure as the underlying but at a lower cost and capital requirements. Derivatives are classified into two categories: forward commitments or contingent claims. Forward commitments include forward contracts, futures contracts, and swaps. A contingent claim, on the other hand, is also called an option. Derivatives are dealt either by dealers or on public exchanges.

Leave a Reply

Your email address will not be published. Required fields are marked *