Tuesday, October 8, 2013

Definition of Risk Part 1

By Rick Nason, PhD, CFA
Partner, RSD Solutions Inc.

What is the definition of risk?  What a simple question – especially for a
question that is aimed at risk professionals!  However, in working with
clients – both financial institutions and corporate clients – I am
continually struck with how few Board Members, Executives and Risk Managers
have actually taken the time to ponder this very important and influential
question.  (The answer to this question is important and influential I hear
you ask?! – well read on and I shall attempt to explain.)

There are two polar answers to the question "What is the definition of
risk?"  The first answer is;

·        "Risk is the possibility of adverse events that prevent an
organization from achieving its goals". 

A second answer is;

·        "Risk is the possibility of events that prevent an
organization from achieving its expected outcomes".   

Now with a quick reading (I confess to practicing Speed Reading myself) these
two definitions appear to be pretty similar, but a little more thought shows
that they are in fact quite different with very different implications.  The
first definition looks at one way risk – namely downside risk.  The second
definition looks at two-way risk, namely upside and downside risk.  In a
simpler way, the second definition could be stated as:

·        "Risk is the possibility that bad or good things may
happen."

You may still be saying "so what!?"  Well let's examine a couple of
implications.  The first aspect to look at is how we generally measure
risk.  One common measure of risk is the standard deviation of possible
outcomes. 




The formula above says to take each result (Ri) and subtract from it the
average result, (Ravg), then square it, divide by the number of observations
(n) minus one, and then take that result and take the square root of it.

Notice that if the average expected result is 5, (for example $5 MM of
positive cash flow), then a realized result of "15" would be considered
riskier than a realized result of "4". Furthermore a realized result of
"15" would be considered riskier than a realized result of a "-2". 
This is obviously counter to the definition of risk as "the possibility of
adverse events that prevent an organization from achieving its goals". 
For this definition the appropriate measure of risk is actually semi-standard
deviation which is rarely used in practice simply due to the fact that the
measure is not as well known as standard deviation.  Semi-standard deviation
is given by the formula:



When calculating semi-standard deviation there are two differences with
conventional standard deviation.  The first difference is that instead of
using the average result as the central point of deviation, it is the
benchmark, or objective result that is used as the point to calculate
deviations.  The second difference is that only those realized results that
are below the benchmark factor into the calculation.  Good, or above
benchmark results are not used to calculate the risk.

Therefore if you use standard deviation (or equivalently variance) as one of
your risk measures then you are implicitly assuming the second definition of
risk – although explicitly it may be the first definition that is in the
mind of Board Members and Executives.

At this point – in part depending on how well you enjoyed high-school
statistics – you may think this is all mathematical quibbling.  However
there are even more important and direct implications of the choice for the
corporation's definition of risk.  One of the crucial implications is
whether the corporation uses options or forwards (and equivalently swaps) as
its instrument of choice for hedging.  That is the topic of the next
installment of this series "What is the Definition of Risk? Part 2".

No comments: