A Guide to the Principles, Processes, and Practices of Managing Risk
Risk management is a continuous process by which an organization or individual defines their acceptable level of risk, measures the actual risk being taken, and adjusts their actions to align the two. The goal is not simply to minimize risk, but to manage the exposure to uncertainty in a way that maximizes value or utility.
Good risk management leads to fewer surprises, more disciplined decision-making, and a better understanding of which risks are worth taking to achieve desired outcomes.
Risk governance is the top-down framework that directs and guides risk management activities. It starts with the governing body (e.g., the board of directors) and focuses on three key areas:
Establishing responsibility for risk oversight.
Defining the organization's overall goals and priorities.
Determining the organization's risk toleranceβthe extent to which it is willing to experience losses in pursuit of its objectives.
An effective approach is Enterprise Risk Management (ERM), which considers the full spectrum of risks across the entire organization, not just in isolated silos.
Once risk tolerance is established, risk budgeting quantifies and allocates this tolerable risk across different business units or investment strategies using specific metrics. This forces trade-offs and ensures that risk is considered a key part of all major decisions.
Risks can be broadly divided into financial and non-financial categories.
Analysts use several quantitative metrics to measure risk exposure:
Measures the dispersion of returns around the mean.
Measures the sensitivity of a security's returns to the overall market.
Measures the interest rate sensitivity of a fixed-income instrument.
Measure the sensitivity of derivatives to changes in underlying price, volatility, and interest rates.
Estimates the minimum potential loss over a specific time period at a given confidence level.
Examines the potential impact of extreme, high-pressure scenarios on a portfolio or organization.
Once risk is measured, it can be modified. This is not strictly about risk reduction but about shaping the risk profile to align with the organization's objectives.
Taking steps to avoid a risk altogether.
Bearing a risk that is considered undesirable but too costly to eliminate externally. This is often done by setting aside capital to cover potential losses.
Passing a risk on to another party, typically through an insurance policy.
Altering the distribution of risk outcomes, often through the use of derivatives.
You have successfully completed all 6 chapters of the CFA Portfolio Management guide. You now have a comprehensive understanding of portfolio theory, risk management, and behavioral finance.