Enterprise Risk Management - Introduction and Overview
In this course, students will gain a holistic and globally relevant view of integrated risk management. Students will learn about modern risk metrics and their evident limitations when being applied to different types of risk events, including, for example, market crashes and pandemics; the students acquire an appreciation for the importance of low-probability high-impact events and correlation spikes; discuss practical alternatives to create effective, efficient, and robust risk-transfer structures; and analyze issues related to the implementation of risk management systems and compliance with key regulatory requirements in risk-sensitive industries. By the end of the course, students will be able to place all these issues in a conceptual framework that forms the backbone of the program.
Concepts in Risk Management: Statistical Models
In this course, students are introduced to statistical concepts and models that are crucial in Quantitative Risk Management. We will start with basic ideas from probability theory such as probability distributions, expected values, higher moments, skewness, and kurtosis and then cover more advanced topics such as nonlinear models, non-normal distributions, and tail index estimation, among others.
Risk and Decision Analytics
This hands-on course introduces the basic concepts, principles, and techniques of decision making under risk. Participants will learn how to model complex business problems that involve risk and uncertainty with the help of spreadsheet models. The course covers analytical tools such as monte carlo simulation, decision analysis, machine learning and optimization under uncertainty. The emphasis will be on model formulation and the interpretation of results rather than mathematical theory. We will focus on models that are widely used in diverse industries such as financial services, real estate, pharma, and energy. We analyze risks in financial securities, construction projects, R&D projects, supply chain, etc. Applications include: Risk quantification and prediction of investment opportunities; Risk diversification and portfolio management; and Risk mitigation and value of strategic flexibility.
Project Risk and Supply Chain Risk
A supply chain is comprised of all the parts involved in fulfilling a customer request. The integrated management of this network is a critical determinant of success in today’s competitive environment. With increasing competition around the globe, supply chain risk management presents both a challenge and an opportunity for companies. A strong understanding of supply chain risks and the ability to cope with such risks should be in the toolbox of any senior risk manager. In this course, students will learn several supply chain best practices, and how companies achieve competitive advantage by employing innovative project management strategies to cope with, and mitigate, supply chain risks that may be caused by natural disasters, pandemics, or other unforeseen events. Project management tools can help mitigate supply chain risk through the effective management of deliverables—from the planning through the execution and to the conclusion of projects. The primary challenge is to deliver consistently on time, on budget, and to specification.
Macroeconomic and Financial Risk
Macro and Country Risk
Students will examine macroeconomic diagnostics that link interest rates, growth rates, inflation rates and exchange rates and help identify macro shocks and policies that condition the risk environment of financial and nonfinancial firms worldwide. Topics include sources of variability in national macroeconomic performance across countries and over time, the role of government policy as a source (and dampener) of risk. From there, the course assesses the global macroeconomic context through the cross-border assessment of risk associated with international transactions across jurisdictions and currencies. Overall, this course provides an intensive view of country risk parameters and how they show up in markets ranging from risk spreads to sovereign ratings.
Operational Risk and Conduct Risk
The objective of this course is to provide a basic theoretical foundation for the analysis of operational risk in an organization and discuss the more applied aspects in the mitigation of operational risk. The application domains include finance as well as other service industries, such as travel and health care. The goal is for students to get acquainted with concepts and ideas that are useful in dealing with Operational Risk on a day-to-day basis in their work environment. This would include the basics, e.g., assessing frequency distributions of operational risk events happening as well as severity distributions of losses incurred in case such events happen. Students have to be able to make a distinction between thin-tailed distributions and fat-tailed distributions. The students also should be able to develop appropriate Key Risk Indicators (KRIs) for any given environment and be able to embed such KRIs in a general framework in order for a user to be able to assess the vulnerability of an organization with regard to operational risk.
Statistics and Financial Risk Applications (Market Risk and Value at Risk)
This course will provide the analytical and practical tools necessary to manage market risks. The course starts with the regulatory requirements of Basel II with respect to market risk, then continues with tools to measure market risk, including Value at Risk (VaR), RAROC (Risk-Adjusted Return on Capital), sensitivity tests, scenario analysis, stress testing, and back-testing of risk models. Students will also become familiar with the strategic issues of hedging policy through discussions that include the hedging impact of non-tradable risks and linkages between different types of risk.
Credit Risk and Derivatives
This class focuses on credit and counterparty risk management in financial institutions and nonfinancial firms. This includes analysis of the specialness of financial intermediaries and an overview of the types, operations, and regulatory structures that exist today. A key feature is their exposure to credit and counterparty risk. Consequently, the bulk of the course is devoted to analyzing the nature of these risk exposures and the instruments and strategies to manage those risks. A key part of the course covers the role of regulators in controlling such risks through mechanisms such as deposit insurance and capital requirements.
Information Systems Risk and Cyber Risk
Today’s tech and cyber risk managers (TCRM) are tasked with minimizing or obviating attacks on information systems in a complex and evolving digital environment. The burden of protecting enterprises against cyber-attacks falls largely on corporations since the regulatory environment is generally slower to close loopholes than criminals are to find new ones. This is a taxing and difficult undertaking because senior risk managers are tasked not only with averting such risks but also with preparing the organization to respond according in a fast-changing environment. Information systems are subject to risk factors that may originate in the system’s design, its maintenance, as well as its vulnerability to attack. Robust design depends on in-built redundancies, the implementation of firewalls, and so on. But vulnerability to intrusions or hacks makes systems less secure, and puts private and confidential information in danger of being stolen with significant potential liability consequences. In this course, we discuss the appropriate Key Risk Indicators and describe the procedures that can be put in place in order to mitigate IT and cyber risks.
Artificial Intelligence and Machine Learning in Risk Management
In this course, we will focus on methodologies and applications of artificial intelligence and machine learning to service industries, with a particular emphasis on applications to operational risk and financial risk. To enhance students’ knowledge, the course will discuss the following concepts: Statistical learning, out-of-sample validation, bias-variance tradeoff, training and test samples, type-I and type-II errors, and undersampling and oversampling. The course will then provide an empirical assessment of the aforementioned concepts by providing examples of their application to a variety of service industries.
Risk Management in Fintech (P2P Lending, Blockchains, and Crypto-currencies)
This course introduces students to broad trends in Fintech and to the emerging risks produced by technological innovation in financial services. In addition to an overview of advances in technologies and the financial system, the course will focus on various topics including P2P Lending, cryptocurrencies and other digital assets that have emerged since 2009. There will be an emphasis on the underlying blockchain technology that supports them. Cryptocurrencies rely on a new approach to risk management using distributed ledgers, decentralized consensus and cryptographic proof, without a trusted third party to mediate transactions. These assets have grown impressively, and blockchain technology is now being co-opted by major financial organizations, stock exchanges, and even central banks. The course will also consider other blockchain applications (beyond cryptocurrencies) in diverse areas such as property registration, accounting and auditing, voting, smart contracts, and financial derivatives.
Regulatory and Legal Risk
Economic Regulation, Conduct, and Risk Governance (Market Structures)
This course examines the basics of competition and regulation. Because of its importance to profitability, competition (and the risk posed by competitors) is top of mind for managers of organizations. Likewise, competition and market structure is of increasing relevance for regulators, who are entrusted with protecting consumers from monopolistic risk (a situation that arises when competitors are too few). The class starts by introducing conceptual frameworks from economics that underpin competition—e.g., perfect competition, oligopoly, monopoly, and variants thereof. From there, the course covers how regulation works, and the role of regulators in setting the rules of the game, and ensuring that competitors do not create too much risk in the system. We use case studies across industries such as banking, energy, technology, and telecommunications to illustrate the main features of risk that competition (and less-than-competitive markets) can generate for consumers, businesses, and the economy at large.
Bankruptcy Risk, Financial Regulation and Regulatory Risk
Every country has one or more institutions or agencies regulating financial services industries and the financial markets. In the US, such institutions include the Federal Reserve System, the SEC, the CFTC, and the OCC. The regulations imposed affect trading in many different markets as well as the capital reserve requirements of the banks. Such agencies, for example, also set guidelines with regard to safeguards that have to be put in place in order to prevent money laundering. Violations of regulations and the penalties imposed can have a significant impact on companies. This course will explain financial regulation, discuss cases that explore the consequences associated with violating financial regulations, and help participants understand how to effectively comply with existing financial regulations.
Data Privacy and Ethics, Regulatory Requirements and Legal Risk
The collection and dissemination of personal information and data is an increasingly important concern for individuals and companies alike. Private and sensitive information about individuals and entities (e.g., customers, suppliers, and employees) must be safeguarded, and may only be shared with, and transferred to, internal or external parties under specific circumstances. When personal or sensitive data are compromised, the companies that are entrusted with those data are subject to a variety of risks that create far more than economic liabilities. Indeed, under certain circumstances, breaches of data privacy may fundamentally threaten the firm’s existence. In this class, we will explore the rules that govern data privacy, discuss the ethical issues involved in the treatment of sensitive information, and review current best practices related to the collection and dissemination of individual data.
Corporate Strategic Risk
Medium term and long term decision making at the corporate level entails significant strategic risks that can affect the success or failure of a corporation. Such corporate level decision making involves the nature of competition (and how to compete) within an industry, developing and launching new products, the entry into new geographic markets, diversifying into new industries, and decisions to buy (or sell to) other companies. In this course we will use case and scenario analyses to introduce participants to a variety of corporate strategy risks, and the tools and frameworks that managers can use to effectively assess and manage those risks.
Organizational Change and Risk
Change or wither? We are living in a fast-changing and uncertain time—a disruptive age. Business organizations of all types face complex management problems that significantly challenge their existing business models and overall viability. Such problems emerge around designing organizations capable of coping with highly dynamic business environments, adopting newly-emerging digital business models, developing strategies and structures for hyper-competitive conditions, and mastering the great complexity of managing an ecosystem of interdependent collaborators. The characteristics and magnitude of the disruption we face, and its accelerating speed, demand a new approach to managing the risks associated with change. This course will focus on methodologies and tools that help executives plan and implement change more effectively, rapidly, and proactively. Participants will discuss concepts and best practices of change management, learn to diagnose the change needs of their company, and develop a change plan that leads to successful organizational transformation.
Strategic Human Resources and Human Capital Risk
Most of today’s CEOs recognize talent identification and retention as critically important strategic issues. At the same time, the area of human resources/talent management presents many forms of risk. Supply and demand of qualified human capital, hiring and training of employees, on-the-job performance, incentive and monitoring systems, promotion and retention, and ultimately, separation, may each present significant risk exposure to the enterprise. In this course, we will explore the human resource risks that companies must manage throughout the employee life cycle. Effectively managing human resource risks can help create a motivated workforce that contributes positively to the bottom line (over and above the salary paid to the employee). Failing to manage human resource risks appropriately can result in costs that threaten the performance of the company, and in the extreme, the operations of the firm as a whole. We will go beyond simple HR issues related to compliance with existing labor laws and regulations to explore how companies can unlock hidden potential and generate competitive advantage through the effective management of valuable human capital.
Climate and Sustainability Risk
Businesses operate in a constantly changing ecosystem that features fewer resources, a warmer climate, more engaged stakeholders, increased social inequality, and a need for greater transparency. Millennials and Gen Zs, the largest group of consumers today, view climate change as the greatest threat facing society. Business leaders need to understand how these changes present risks to their business, and how they can prepare for, manage, and ultimately, overcome those risks. In this course, we aim to help enterprise risk managers understand the climate and sustainability risks they face, embrace proactive and effective ways to deal with them, and develop innovative solutions to convert these risks into business opportunities.
Reputational Risk and Crisis Management
Every risk manager deals with crises of various kinds and various degrees. This course examines how companies plan and manage the organizational and reputational risks associated with crises. It examines the organization’s operational and reputational vulnerabilities; the stakeholders who stand to be influenced by those vulnerabilities; how crises and accidents, when they do occur, impact specific stakeholders; and especially, how communications strategies and the media can play a crucial role in shaping stakeholder responses to crises. This becomes even more pressing in the 24/7 social media era, as companies are forced to respond at hyper-speed when crisis events occur. When handled well, crisis management becomes a strong positive to the company’s reputation. When handled poorly, the cost to the company and to investors can mount into the billions of dollars. How should a senior risk manager respond to crises? How can he or she prepare their company and develop capacity within the firm to avert crises, or mitigate their impact when they occur? Working off current and classical cases, this course will help participants develop a crisis management plan and offer them a deeper understanding of communications challenges and best practices.
The Capstone is an integrative activity that requires students to create a meaningful project that demonstrates their ability to take an integrated view of risk management. Working in teams with a faculty mentor, students draw on their professional experience as well as the learnings of the program to write and present a substantial and actionable capstone project.
The project can take a number of forms:
- The enterprise risk implications of a specific risk management technique, instrument, or market
- The impact of risk management on the competitive positioning and strategic execution of firms (or a particular firm) in their specific market or market segment
- An in-house project to examine a key risk management issue of interest to a firm
- An assessment of probable future directions in the development of specific instruments, techniques, or markets associated with risk management
Previous Capstone Projects
Drivers of Economic Growth in Sub-Saharan Africa
The authors of this paper take a study the complex problem of economic and financial development in sub-Saharan Africa and focus on a single element – credit availability as evidenced by credit penetration – that contributes to slower than desired economic development in that region.
The team used a matched‐pair analysis comparing three Sub‐Saharan African countries with three Asian countries. The 5 of the 6 countries have a British colonial history and achieved independence around the same time in the early 1960s. The team documented the experience of the Asian countries with collateral registries, reporting on the extent of credit penetration (credit granted to businesses relative to GDP), the types of information collected, the costs of operating registries, and estimates of the contribution to GDP.
Risk Management within the Cannabis Industry
The authors of this paper developed a risk management framework for the cannabis industry. The industry faces a panoply of risks including standard market and pricing risks, but also various legal and supply chain risks as well as funding and finance‐related risks. What makes the cannabis story unique is that at the present time in the United States the industry operates as a legal entity for medical and/or recreational uses in most states but remains illegal under Federal law. This setting creates a complex amalgam of operational and risk management issues for business entities up and down the cannabis value chain.
Are Boards of Directors Ready for The Risks of Disruption?
This paper argued that the world is getting more disruptive and that the pace of disruption is accelerating, and that these stylized facts should be imbedded on the selection, retention and skillsets represented on boards of directors. The authors selected two sectors subject to disruption, banking and utilities and found that the boards in both sectors are remarkably similar and consistent through time. This suggests that other factors are more important in the execution of boardroom functions, that boardroom stability is highly desirable and that new skillsets may not be consistent with other board member attributes and can always be acquired through consultants and other sources of expertise. “Nimble” boards may not be “optimum boards.”
Climate Change and Developments in Investment & Corporate Strategy Activities
This paper examines the impact of climate change in primary and secondary markets, by reviewing the Environment, Social, and Governance (“ESG”) scores and investment & corporate strategy activities. With a focus on Environment score, the authors evaluate the multivariate regression results between Total Equity Returns vs. ESG scores and traditional valuation / financial metrics. The analysis showed that the impact of Environment score had comparably weaker impact on Global Total Equity Returns than that of traditional valuation / financial metrics. Among the eight coefficients chosen in the multivariate regression analysis, Price/Book ratio growth and (Consolidated) ESG score growth show the highest positive impact on Total Equity Returns. Environment score growth shows negative impact.
Does Risk Management Matter to Shareholders?
The authors of this paper pose a question that is central to any student devoting a year to studying risk management: Does it matter to shareholders? The authors develop a creative research design that allows them to test whether firms with more sophisticated risk management techniques have different characteristics (e.g. Tobin's Q, financial leverage, and stock return volatility) compared to firms with an unsophisticated approach to risk management. Their empirical analysis confirms that there are statistically significant differences between firms with sophisticated versus unsophisticated risk management practices as it pertains to Tobin's Q, financial leverage, and stock market volatility. Measured by these indicators, the authors conclude that risk management matters for certain operational parameters of the firm (leverage) and the resultant financial market outcomes (Tobin's Q and leverage).
A Framework for Operational Risk Mitigation
This paper attempts to develop a new framework, dubbed CRAM (Corporate Risk Adaptation Model) to identify firms likely to avoid or survive a catastrophic operational risk event. CRAM relies on 4 categories of data (People, Process, Governance, and External) and 12 key factors that populate the categories. The authors draw on 5 case studies (WorldCom, MT Global, Toyota, Enron, and Marsh & McLennan) to make an initial calibration of the model, but then include several other firms (Apple, Google, Starbucks, Mastercard) as a way to check whether the model classifies these successful companies as “good.”
Systemic Risk Safeguards for Central Clearing Counterparties
The authors of this project have tackled a large and complex issue that stands at the forefront of the Dodd-Frank policy agenda. Dodd-Frank mandates a much larger role for central counterparties (CCPs) to handle the clearing and settlement of derivative transactions that historically were largely traded and cleared on a bilateral basis. Putting many eggs in a single basket clearly elevates the need to watch the basket. The authors of this project dissect various sources of capital that underlay a generic CCP, and then run a series of simulations subjecting the CCP to stress conditions in order to assess how many layers of the risk waterfall are impacted under different stress scenarios.
Read more about the Capstone here