Project Risk Management
Dissertation submitted in partial fulfilment for the of Degree of Master of Science in Msc
University of Warwick
Submitted month, year
For completion by Moderators:
QA procedures complete; passed to Exam Board
I have read and understood the rules on cheating, plagiarism and appropriate referencing as outlined in my handbook and I declare that the work contained in this assignment is my own, unless otherwise acknowledged.
No substantial part of the work submitted here has also been submitted by me in other assessments for this or previous degree courses, and I acknowledge that if this has been done an appropriate reduction in the mark I might otherwise have received will be made.
Signed candidate YIN-CHIA HUNG
You are required to justify your submitted thesis against the degree definition for which you are registered. This needs to be downloaded and pasted into the box below.
|Project definition for my degree
A suitable project should relate to, or be applicable to, the management of projects or programmes. Topics can include methods, methodologies, tools, processes, human factors, multi-project scenarios, collaborative projects, in-company applications, or new product or service introduction. The application or research can be in any industry, including but not restricted to, engineering, service industry or IT
My project relates to this definition in the following way:
This section should also be deleted before submission:
Below are some approaches that you could take to do this but others may be equally acceptable.
- indicate how this project will help if you gained employment in the area covered by the definition
- Show how the thesis contributes to the general understanding of the area covered by the above definition
- Show how the outcomes of your work would help others gain a deeper or new understanding in the area show in the definition.
In most cases referring to other people’s published material would not be sufficient to justify your work. You should concentrate on what you have contributed or achieved
This declaration should be limited to no more than ONE page
Project Submission Pro-Forma
(to be bound in front of the submitted Dissertation)
NAME: YIN- CHIA HUNG
Student ID: 1157552
I wish the dissertation to be considered for (tick one only)
MSc in Cybersecurity & Management q
MSc in e-Business Management q
MSc in Engineering Business Management q
MSc in Engineering Business Management for Defence & Security q
MSc in Enterprise Integration Management q
MSc in Innovation & Entrepreneurship q
MSc in International Technology Management q
MSc in Management for Business Excellence q
MSc in Manufacturing Systems Engineering q
MSc in Process Business Management q
MSc in Programme & Project Management þ
MSc in Supply Chain & Logistics Management q
I have checked that my modules meet the requirements of the above award q
I confirm that I have included in my dissertation:
An abstract of the work completed þ
A declaration of my contribution to the work and its suitability for the degree þ
A table of contents þ
A list of figures & tables (if applicable) q
A glossary of terms (where appropriate) q
A clear statement of my project objectives þ
A full reference list þ
I am willing for my marked dissertation to be used for staff training purposes q
Signed: YIN- CHIA HUNG Date: ………………..
The recent financial crisis has evoked interest in regulation of bank risks in general and of market risks in particular. Heavy losses on trading portfolios incurred by some of the largest banks in Taiwan and across the globe have elicited deficiencies in their internal models and processes for managing market risks. Currently, in Taiwan and other nations, banks are searching for new ways of expanding their underwriting capacities and managing their risk exposures.
Project risk management is the art of and science of recognising, analysing and responding to risk all through a project’s life cycle and in the best interest of meeting project objectives. A frequently overlooked aspect of project management, risk management can often result in a significant contribution to the success of projects. Risk management can have a positive effect on selecting projects, identifying the projects’ scope, and making practical schedules and costs estimates. It helps project stakeholders appreciate the form of the project, engages team members in defining strengths and weaknesses. Project risk management also helps to integrate the other project management knowledge areas. When risk management is effective, it results in fewer problems, and for the few problems that exist, it results in more expeditious resolutions.
Other features associated with the risk appetite include the thought that an appetite will normally relate to a range of possible outcomes. Therefore, around the risk appetite there is normally a given zone of risk exposure or level for the risk that is within appetite. This may be referred to as risk tolerance range for exposure to that risk. The aim of developing risk management strategy is to establish a framework on the basis of which effective risk management procedures can be set. The other aim is to determine how risk management can be embedded in regular project management activities.
While assessing the impacts of Project Risk Management and Risk Appetite in E.Sun and SinoPac Banks, two research questions were formed to act as a guide. The first objective was to carry out a critical assessment of the benefits of a formal risk management in the Banking Industry taking E.Sun and SinoPac Banks as case studies. The second objective was to determine the impact of risk appetite on business conduct under the current economic circumstances taking the two banks as case studies. The research objective was to understand how risk appetite and tolerance influence decision making in Banking Industry. This was achieved by contrasting and comparing regular delivery projects with financial investment projects. Referring to the nature of research topic and the ease in getting information, the researcher considered it crucial to approach the research from a qualitative research paradigm. In that case, the research was conducted in an inductive approach using E.Sun and SinoPac Bank as case studies and data was collected from various sources. Data was collected mainly from secondary sources.
Nonetheless, the research outcomes make it possible to deduce effective project risk management strategies that have assisted E.Sun Bank and SinoPac Bank in their risk management.
Table of Contents
- Chapter One: Introduction
- Chapter Two: Literature Review
2.1 Project Risk
2.1.1 Risk Appetite
2.1.2 Project Risk Management
2.2 Importance of Risk Management
2.3 Project Risk Management Process:
2.3.1 Risk identification
2.3.2 Risk assessment
2.3.3 Risk quantification
2.3.4 Risk response planning
2.3.5 Risk monitoring and control
2.4 Why it is necessary for risk management iteration in the project life cycle
2.5 Enterprise Risk Management
2.5.1 Office of Government Commerce
- Chapter Three: Research Methodology
3.1 Research Philosophy
3.2 Research Approach
3.3 Data Collection
3.4 Qualitative vs. Quantitative
3.5 Research Strategy
3.6 Research Method
3.7 Validity and Reliability of Results
3.8 Research Plan
3.8.1 Research Plan and Time Frame
- Case Studies Analysis E.Sun Bank &SinoPac Bank (approx. 3200 Words)
4.1 Research Question 1: What are the benefits of a formal risk management in the Banking Industry?
4.1.1 Results& Findings
4.2 Research Question2: What is the impact of risk appetite on business conduct under the current economic circumstances?
4.2.1 Results& Findings
- Summary, Conclusion& Recommendations
- Chapter One Introduction
Due to complexities intrinsic in the global business environment and the competitive environment in the Banking industry, most financial organisations and banks are exposed to various risks. Some of the risks are controllable by Banks, and there are others which are behold the control of the financial institutions. These risks and uncertainty are believed to have a significant effect on the operations of the financial institutions. Claessens 2004 asserts that the efficiency of a bank’s project risk management is directly proportional to the maturity of its risk management practices. He further emphasises the extent to which the risks have been efficiently integrated into the projects it implements (Claessens, 2004). In Claessens (2004) definition, integration means whether risk management activities are well defined and described in the project life cycle. It additionally refers to whether the activities happen regularly, as an element of project management processes.
Dent (2009) defines Project risk management as a process that ought to commence from project inception, and go on until the project is finished and its anticipated benefits realised. Basri (2008) and Dent (2009) further states that project risk management provides a holistic view of project risks identifies potential problems. Project risk management also builds processes to assist the service provider monitor and manage the risks.
Risk appetite is the level of risk that a company chooses to take based on the company-specific capability and assets available to absorb the risk (Basri, 2008 and Dent, 2009). Graham (2008) states that companies are well advised to consider what risks are acceptable to the company, and a suitable guidance to be followed throughout the organisation. There is no single correct way to fix the level of risk appetite or risk tolerance of a company (Graham, 2008). Grace and Robert (2003) state that smaller companies or organisations have less risk appetites compared to larger organisations or companies. This is because larger organisations are able to absorb the downside consequences of taking extra risks compared to smaller organisations (Claessens 2004). The level of risk appetite for a bank depends on how the bank operates the chosen strategy and the organisational culture; all interlinked (Graham, 2008).
As a subject of considerable concern, as emphasised by Yildirim and Philippatos (2007), risk management entails the identification process, evaluation and risks prioritisation and then successively followed by coordination and economical application of the existing resources so as to reduce, monitor and control the outcomes of the unfortunate events.
Research findings reveal that E.Sun and SinoPac Banks’ risk management strategies have been improving since the onset of the global financial crisis (Hoggarth et al., 2005). However, the possibility for a national bank crises and bank failure appear to be real over the short term. This situation as stated by Grace and Robert (2003) can be devastating not only to Taiwan but also to European economy in particular and global economy in general. This view is true despite the turn that the current financial crisis takes in some major economies like the US and therefore, the evaluation of the Taiwan banks’ risk management techniques is significant (Hoggarth et al., 2005).
In the short term, the Taiwan banking sector’s raising of the interest rates by the prime banks is received with mixed signal as a mitigation measure for the poor performance and creditworthiness (Lepetit and Tarazi, 2008). With the shock posed by the presence of other risks, the banking sector is prone to be forced out of its strong operational position as a result of the many structural adjustments that have been effected over the last few years (Baltensperger, 2002).
Claessens (2004) asserts that the Taiwan banking industry is concerned about risk management. All banks are searching for ways to control risk so that they can provide better services to their customers and decrease their risk exposures. Traditionally risk management has been the area where underwriters, lawyers and quantitative analysts have been employed (Lepetit and Tarazi, 2008). Their jobs were to put in place and implement policies that would protect investors, customers and business. As the banks look for new ways to increase their profits, they have to modify their risk policies. This dissertation seeks to identify the risks in the banking sector in Taiwan and establish risk management techniques that will ensure that possibilities of occurrence of such a crisis are minimised.
Research Aim and Objectives
The main aim of this research is to determine how risk appetite and tolerance influence the organisation when it comes up to decision making taking E.Sun and SinoPac Banks as case studies. The research further compares and contrasts risk appetite in regular delivery projects with financial investment projects. To achieve the research aims, the scenario in Taiwan’s banking sector was closely scrutinised to explore the risk management techniques used in E.Sun Bank.
The objectives of the paper are the following:
- To determine how risk appetite and tolerance influences the banking Industry when it comes to decision making taking E.Sun and SinoPac Banks both in Taiwan as case studies. The risk-preferences of managers were investigated to measure bank risk efficiency and its components. Examining managerial risk-preferences lead to a determination of whether the bank is risk-neutral, risk-averse, or risk-loving. The vital role of financial capital is highlighted as a tool employed by bank managers in managing and controlling their banks’ risk of failure.
- To contrast and compare risk appetite in regular delivery projects with financial investment projects. In addition, liquidity regulatory measures and supervision was examined closely, and its significance emphasised as it is the case with the capital regulation. This will then encourage more focused regular, supervision of both E.Sun and SinoPac Banks’ liquidity status and test of their risk management techniques. Establishment of a core funding ratio that will create assurance of sustained funding of the individual banks’ was considered.
- The research further seeks to identify the benefits of formal risk management in the Banking Industry. In so doing, the research seeks to analyse the impact of risk appetite on business conduct under the current economic circumstances.
Significance of the Study
As stated by Blue and Jeremy (2009), the Banking industry is characterised as one that looks to maximise profitability and minimise financial risk. Banks are not in the business to lose money. Banks are by nature exposed to a number of risks: credit risk, interest rate risk, liquidity risk, foreign exchange risk and general market risk. Risk management is a central issue for banks (Aliber, 2005).
- The paper is meant to pave the way in providing alternative ways in which the E.Sun and SinoPac Banks and other Taiwan banks can take to tackle the challenges posed by the financial instability and risks.
- This research assists in identifying the risk and management techniques will provide practical ways in which banks can take advantage of the powers availed.
- The research further helps in identifying the use of the special powers to assist the banks out of the distressed status in a manner that mitigates the effect on the nations’ economy and the functioning of the entire financial system. In doing so, the dissertation will draw the banks’ attention to the prevalent risks identified in the research and challenge their management to implement the recommendations made so as to avoid their recurrence.
- Recurrent studies in the area of risk management in E.Sun and SinoPac Banks offer a chance for intensive assessment of risks by banks inducing informed measures and initiatives for risk reduction and avoidance. In addition, the study will actively assist in strengthening the operation of the financial intermediary operators by having them understand the perceived risks and learn how to work with the banks in managing them. Further, the paper will be a means to remind the other financial institutions to maintain due diligence in their daily operations, particularly in the core payments, lending and in the basic systems that support their precise existence. This would initiate a sustainable system within Taiwan and other nation’s banking sectors that would in effect support the international financial system (Blue et al, 2009).
For bank managers, the results of achieving these objectives will improve their performance by identifying “best practices” and “worst practices” associated with high and low measures efficiency and risks. Best practice risk management tools in attaining bank efficiency will be outlined (Santomero, 1995). The research is thus essential for both banks in Taiwan and other nations.
Organisation of the Research
This analysis begins with a statement of the aims and objectives. A review of related literature is presented in chapter two. The available literature in the Taiwan banking industry has dealt with the issue of rapid growth while the question of risk exposure and response to it has been looked on fleetingly. Different types of risks faced by both E.Sun and SinoPac Banks are discussed. The section also discusses the initial conditions and the quality of banking institutions. Conclusion summarised the literature review.
Chapter three details the methodology used in data collection. The research heavily relies on secondary materials.
The fourth chapter describes the result and discussion of the findings.
Chapter five presents a summary of data and the results, conclusions, and policy recommendations.
- Chapter Two: Literature Review
This section spells out the findings of the secondary research that was carried out for this study. The findings are drawn from different scholarly works and are presented as facts. It is significant to note that this section covers different general subtopics that pertain to project risk management. Also, it is essential to note that this section will look into project risk management from the context of the banking industry because the entire study is based on a case study of a bank.
2.1 Project risk
According to Cooper et al. (2005), the term risk is the chance of something happening that will have an impact upon objectives, which is measured in terms of consequences and likelihood. Rescher (1983) stated that project risk exist in three different categories that include; unstated yet incorrect assumptions, unknown things and omissions and errors. Unstated yet incorrect assumptions is a risk category that is potentially devastating, for example developing a software on a platform of a single language and later in the project development it is noted that to achieve maximum performance it is important to include other languages into the software. In the risk category of errors and omissions, these occur because of incorrect specifications, estimation mistakes and overlooked features. These risks are at times considered mundane but they have a high propensity of negatively affecting the outcome of a project.
Hillson (2007) notes that in the basic description of project risk; there are two key elements, which are usually factored in; they include condition i.e. the situation, circumstance or a set up that causes uncertainty. The second element is consequence i.e. what is/are the possible outcome of the current condition.
Summarily, Heldman (2005) argues that project risk has numerous definitions based on the different context or practice area that it may be applied, while Risk management is part of everyday life and it is practiced in managing major construction projects, organisations or simply whilst a pedestrian is crossing the road. It is however, important to acknowledge that risk management practitioners, consultants and even scholarly work mainly specify or specialize on a certain set of practice areas of risk, which include; economic risk, human factors risk, financial risk, health risk, security risk, environmental risk, societal risk, business risk and information and communication technology risk.
Each of these risk practice areas is widely discussed and broad in their individual context. Since this present dissertation will include the banking industry as its case example, it is pertinent to discuss financial risk. Financial investments are also perceived as projects and Cokelyet al. (2012) notes that they are seen as projects because they involve works that are organised carefully and designed to achieve a particular aim which vary depending on the field of the financial investment. For example the banking business is a project that involves provision of various products and services that aim at protecting customers’ deposits, offering loans and other additional services such as safe custody. Secondly, investment banking business is a project that involves buying and selling shares and stocks with the main aim of generating a substantial return for the customer.
Specifically, Hopkin (2012) notes that in the financial market there exist three different types of risks that include; operational risk, credit risk or market risk.
Market risk has been described by Saunders (1999) as the possibility of an investor incurring loss in his or her trading operations at the financial market due to moves in market factors. There are mainly four market risk factors that include; currency risk i.e. risk that foreign exchanges rates will fall. Equity risk is a risk in the fall of stock prices while commodity risk is the risk of a fall in prices of commodities such as gold or oil. Lastly interest rate risk which is the risk that interest rates will change and erode returns (Siems, 1996).
According to Tysiac (2012) credit risk also known as risk of default on the repayment of debt, is in the financial markets described as risk that affects trading operations when an investor fails to take up securities he or she had initially bought or takes up the delivery and fails to pay at settlement of a derivative contract.
Operational risks in the financial market are described by Scholes (1972) as the risks that originate from players in the market and the entire process at the financial market. Mistakes by brokers and even fraudulent activities by them amount to operational risk, in addition factors such as technological, failures, poor management, errors in financial reporting, rogue trading i.e. brokers making personal gains from funds of investors and lack of control and accountability all amount to operational risk in the financial market.
2.1.1 Risk appetite
Kendrick (2003) in his studies described risk appetite as the willingness of a project manager or organisation to take on risk. A high risk appetite infers that the project manager or the business organisation is ready to take on more risk in pursuit of the set goals, and low risk appetite infers that the project manager or the business organisation is not ready to take on big risks. It is critical to consider the concept of risk appetite before commencing risk management since it is vital in the effective setting and implementation of risk management measures.
The concept of risk appetite is analysed from different angles, for example when looking at the concept from a threats angle it considers the extent of exposure that is perceived as justifiable should the threat become a reality. From a threat angle, risk appetite compares the cost of risk prevention to the cost of exposure should the threat become a reality and finding a justifiable balance (Dirk, 2008).
While looking at the concept of risk appetite from an opportunities angle; risk appetite considers to what extent a project manager is willing to risk so as to attain the maximum potential/ benefit of the project. From this angle, risk appetite compares the actual value of the returns of the project to the losses which might have been accrued (Wideman, 1992).
In construction projects a constructor will be deemed to have high risk appetite if he/ she undertake a construction project along a coastline that is prone to various threats such as rise of water/ sea level, earthquakes or flooding. However, such a project offers high return since properties along the coastline are considered attractive and they fetch high market prices. In financial investment, investors with high risk appetite usually take up shares and equities that are highly risky but are usually deemed to be highly rewarding. However, it is important to note that some risks are unavoidable and at times an organisation cannot effectively manage to reduce the risk to a tolerable level, an example of such a risk is terrorism (Dirk, 2008).
2.1.2 Project risk management
Referring to the studies conducted by Van et al (2004) project risk management has been defined as a process of identifying, assessing and prioritising risk, this is the process of identifying, assessing and prioritising risk, this is then subsequently followed by coordinating and economically applying resources in a bid to reduce, supervise and manage the probability or the effect of unforeseen occurrences.
In the financial management context, risk management has been defined by Tapiero (2004) as the understanding and communicating of the identified risk, so as to ensure that the identified risk is given the wide attention it deserves.
Project risk management adopts different strategies that mainly aim at reducing the impact of an identified risk or reducing the probability of a certain risk occurring; eliminating the identified risk; transferring the risk to another party within the project or, even some avoidable consequences of an identified risk.
In the banking context, credit risk is the most common, because of high number of cases of loan defaults by customers that lead to ‘bad debts’ being written off; this subsequently has the potential of making the entire bank collapse due to inability to honour customers’ right of payment on demand. This can lead to a spiral effect, which has the potential of crippling the entire banking system of a country. Usually the risk management strategy that is commonly applicable in the banking system is setting of a minimum capital requirement which will control and limit a bank’s lending and credit creation ability (James, 2003).
It is critical to note that the International Organisation for Standardisation (ISO) has set principles and guidelines that all risk management mechanisms should follow. These principles and mechanisms include; transparency; flexibility; inclusiveness; responsive to changes within; form the decision making process of an organisation; capacity to deliver continued enhancement and improvement within an organisation; periodically readjusted; factor in human issues; ability to create value for the organisation and also form an integral part of organisational processes (Keller et al., 2006). These principles and guidelines are reflected in all properly structured and developed risk management plans.
2.2 Importance of risk management
Referring to the studies conducted by Hillson and Murray-Webster (2007) risk appetite and tolerance are usually high among ambitious individuals and aggressive business organisations, these traits among this set of people is backed up by their “go-get” attitude. This is due to the common phenomenon that the higher the risk the more returns or rewards a venture is supposed to generate. This, therefore, means that individuals, as well as business organisations, will always be ready to undertake high levels of risk with the expectation of remarkable outcomes or handsome returns (Hallenbeck, 2006). However, in the likelihood of unforeseen circumstances the aforesaid individual or business organisation may suffer massive losses in the case that the venture is marred with unavoidable circumstances or events that hinder the realisation of the expected outcomes. It is due to this fact that James (2003) wrote that a wise investor will always factor in the risk factor in any venture that he or she undertakes and adopts necessary measures or strategies that will foresee the investments made are less impaired or totally safe from the identified risk. Thus, the main importance of risk management is to safeguard against unnecessary losses that can be accrued due to lack of implementation of mitigation measures.
Secondly, in any business undertaking or project there are usually numerous stakeholders who have pulled together their individual resources so as to invest in the single project and in order to get the investors’ confidence it is usually critical to implement a risk management mechanism, which will guarantee the capital security of the investing parties. Siems (1996) stated that as a part of any business plan it is usually crucial to spell out the potential risk of the project and how well the proposing party is ready to handle the risk identified. This is usually meant to gain the trust of the prospective investor by making an assurance that the money invested into the project is safe, and chances of making losses are minimal.
The process of risk management can be used to evaluate different investment options, so as to establish the best option that offers a considerable degree of risk with a highly excessive return (Hallenbeck, 2006). Through analysis, investors can look into different options gauging them on their level of risk, mitigation tactics and the likely outcomes, the result of this analysis will then influence the investment decision (Moteff, 2005).
Implementation of a proper risk management mechanism will ensure the attainment of projected sales level or successful completion of a project. This further guarantees that the project will generate adequate cash flow throughout the entire period thus enabling the attainment of the stipulated short term and long-term objectives.
Proper risk management strategies can identify to a business organisation when to invest in a particular line of business, which has less risk at the time and high returns, and also when to pull out or reduce investments in that particular line of business. This gives the business organisation an opportunity to take advantage of a seasonal business environment, which can at times have a high risk and low returns in a particular period, and vice versa (Hutto, 2009). For example through a proper risk management strategy a hotel business will be able to know when to pump in more capital into the business (during tourism peak season), and when to reduce investment by lowering the staff number or other operational expenses. This prevents the hotel from incurring losses during the low peak seasons.
Mostly in building construction projects and financial investments, risk management influences the decision-making process and also how different stages of the projects can be approached. This is because risk management will highlight on certain settings, conditions or environment which have high propensity of creating uncertainty or negative outcome. Relying on this information decision makers change how they normally approach things so as to avoid triggering situations that generate a negative outcome for the project.
According to the writings by Gorrod (2004) it is vital to note that among the significance of implementing risk management strategies in projects or in business ventures is to satisfy the set criteria which are required before certain undertakings are adopted; the potential risks should have been identified as well as their mitigation tactics. At times, risk management is adopted so as to ensure a project or a business venture does not in any way violate certain rules or standards that can jeopardize the position of the project (Borodzicz, 2005). For example, for banking institutions they have to establish risk management strategies that will ensure their clients are able to honour their loan repayment schedule on time, which will further guarantee them a steady cash flow that will enable them to pay for the normal operational costs and also honour customers’ cheques, as well as payment demands for their deposits (Hallenbeck, 2006). By securing a steady cash flow, the banks are able to maintain the minimum capital requirement that is stipulated by the Central Bank. In case, a bank ignores to set a comprehensive risk management strategy, it exposes itself to various disadvantages such as loan defaults by the customer and in order to cover for the shortfall they will have to lower their minimal capital requirement at the central bank, which is a violation of the minimal capital requirement law and also an infringement of the agreement of the Basel Committee that prescribed on the minimal capital requirements for all banks internationally.
Lam (2003) lauded that the Basel regulations have aided in customer protection and in order to ensure strict compliance of these regulations, the UK government ensures that banks provide evidence of strict compliance to these requirements so as to get government tenders and also to participate in major businesses. The Sarbox regulations (derived from the United States’ Sarbanes-Oxley Act of 2002) which require that public companies, their management and also accounting firms adopt enhanced reporting standards for financial statements has also helped increase investors’ confidence in corporate financial statements. The UK government highly emphasise on the implementation of these key regulations in all major commercial enterprises because they are highly effective risk management measures that accrue a lot of benefits to the firms as well as the customers.
2.3 Project Risk Management Process
Referring to the studies conducted by Tapiero (2004), project risk management is a process that follows five distinct steps that begin with identification of risks then assessment of the risk, quantification of the risk identified, followed by risk response planning and lastly, monitoring and controlling the identified risk.
2.3.1 Risk identification
This is the initial stage of risk management, and events are identified, which if triggered, will lead to considerable damage or loss. The identification process is two ways it can either identify the problem itself or the source of the problem. When identifying a risk from the source point, it is critical to acknowledge that the source can either be internal or external to the organisation and these may include; the surrounding climatic condition, the organisation’s workforce or stakeholders of the organisation or project. When identifying risk as the problem itself, this entails identifying the underlying threats such as loss of capital investment, mishandling of vital and confidential information or threats arising from opposing groups or legal actions (Van et al. 2004).
In reference to the studies completed by Rendlemen, (1999) there are various methods of risk identification and key among them include; common risk checking in a particular industry, which is identifying list of a business organisation from a list that is already available and contains risks common in the pertinent industry. The second methodology of identifying risk is through taxonomy-based risk identification whereby risks are identified from feedback of filled questionnaires (Hillson and Murray-Webster, 2007). In the taxonomy-based risk identification methodology, similar questionnaires are distributed to numerous participants and they are each asked to classify risks in all the different practice areas. The classified risks in each questionnaire are then compiled to identify the most common risks in all the practice areas of the financial sector. Thirdly, there is scenario-based risk identification whereby different scenarios are created, and in case a certain event leads to unintended scenario, than that event is identified as risk (Hillson and Murray-Webster, 2007). Fourthly, there is the brainstorming methodology, which is mostly used by start-ups or in scenarios that are new and do not have already identified set of risks. Through brainstorming workshops, participants bring forth likely risks, which are then debated upon by others and if they jointly agreed upon then it is listed as a risk. The fifth and also the most common methodology of risk identification is objective-based risk identification which denote an event as risk if hinders the attainment of the set project or organisational goals.
Stoneburner et al. (2002) stated that the methodology of risk charting is the most comprehensive and reliable since it integrates all of the above methods. Risk charting can be done using different approaches, but commonly it is done by listing resources that are at risks then the threats to the resources and factors that can either catapult or lower the risk levels. Alternatively, the threats can be assessed first and then resources that are likely to be affected and the consequence of each identified risk. For example in financial investment; the customer or fund manager may identify risk through risk charting by first enlisting possible scenarios that may cause a drop in value of share price such as bankruptcy law suit against a bank, death of a key management official and enactment of government regulations that is unfavourable for the normal operations of the bank (Hillson and Murray-Webster, 2007). After enlisting the threat and possible scenarios that may cause, the next step is to identify the impact of the fall in the value of share price, which might be the bank going under receivership, customers clearing their accounts or investors dropping their share holdings of the bank.
2.3.2 Risk assessment
Once risks are identified they are analysed to establish the extent of their impact and the chances of occurring. The extent of the impact of the risk can be easily measured in the case of a collapsed building or loss arising from the exchange rate, but in other instances, it is usually impossible to measure.
Risk assessment is usually conducted to ascertain the viability of a particular investment option; for example, a more risky investment is not advisable for a risk averse investor. In projects such as building construction, risk assessment mainly entails evaluating whether the construction projects can be successfully completed, whether the building can withstand harsh conditions such as flooding or earthquakes and also if they are likely to be a high number of interested tenants of occupants of the building under construction. However, it is pertinent to note that the riskier an investment is the more returns or rewards it is likely to gain in the markets, this according to Moteff (2005).
Risk assessment is also used by the management team to predict on a company’s future performance. For example, if the levels of risk pertaining to liquidity, operational or credit, are minimal the management will be right to assume that the business will survive even in the future.
Lenders whom are referred to as buyers in the financial market do use risk assessment reports before investing in listed companies, so as to evaluate whether the company is likely to repay their investment or not. According to Gorrod (2004), risk assessment is also another way through which companies can carry out stock valuation and predict price movements in the future. Through risk assessment, companies can implement necessary measures to mitigate the effects of such risks and in the long run lure more investors to invest in the company’s stocks and shares.
However, according to the studies conducted by Flyvbjerg (2006) it is rather difficult to assess risks such as geopolitical risk or economic risk as these risks are out of the control of the financial market and hence neither can they be controlled or measured. Political and economic risks happen at unexpected times, which could be due to various reasons that include natural calamity like the floods or earthquakes, terrorism scare or attacks and even economic meltdown or recessions. Consequently such risks are hard to measure, but necessary steps have to be adopted to mitigate their effects.
2.3.3 Risk quantification
Altemeyer (2004) stated that risk quantification is a process whereby risk is measured or described as a quantity, and currently there are various theories and formulas that try to quantify risk but the most commonly applied is the composite risk index, which is obtained by multiplying the probability of risk occurrence and the impact of risk event. Both variables are presented on a scale of 1 to 5, and a smaller number represents either low chances of occurrence or low severity of the impact of the risk occurring and a higher number on the scale represents either higher chances of occurrence or maximum severity of the impact of the event. It is, however, of the essence to note that quantification of risk is limited and usually different techniques of quantification apply in different fields or contexts.
For example, Borodzicz (2005) stated that there are two generally applied and comprehensive techniques for measuring risks at the stock market that can also be applied at the general business field, and they include; the standard deviation method and the co-efficient variation method. The standard deviation method measures the dispersion from the mean or expected cash flow; it is always prudent to incorporate the risk premium rate to arrive at the rate that it is to be used i.e. risk premium rate will be added to the risk free rate to get a composite rate that can be used to discount future cash flows, significant to note is that the higher the standard deviation the riskier the stock is assumed to be. The co-efficient of variation is a relative measure of risk because it considers the risk against the expected cash flow it is used to compare stocks of unequal values, the higher the co-efficient of variation the higher risk of the project.
With regards to the stock market, Jensen (2009) stated that investors can use the historical volatility of interest rates to measure its risk, and there is also other comprehensive ways of which this can be measured, and it involves using mathematical models to forecast interest rates scenarios. Credit risk is easily measured from the credit rating agencies that give credit rates to companies and their stocks. Liquidity risk can be assessed using the bid-offer spread, the less the spread is the less risky the stock is and when the spread is long the more risky the stock is (Lintner, 2005).
Operational risk can be calculated using three different approaches that include; standardized approach, basic indicator approach and the advanced measurement approach. Both the standardised and basic approach assesses capital requirements based on revenues while the advanced measurement technique uses risk measurement techniques which have been established by the industry.
Other example of risk quantification in project management are given by Kruger et al. (2012) who stated that in a construction project the risk of a building falling or a fence falling is quantified by adding up the total amount used to put up the fence or the building i.e. material used plus the labour fee for workers contracted. In health, risk is quantified by adding up the total number of people who will be affected, the total cost of treating each of them, and also the productive hours lost by the patients while they were suffering from the health risk. Security risk such as burglary is quantified by adding up the value of the goods that will be stolen, value of the damage to property, cost of re-constructing the damaged property and harm or loss of any human life during the burglary.
The key element of risk-based frameworks for allocating resources is that starting point is risk not rules. Risk-based frameworks require regulators to begin by identifying the risk that it is seeking to manage, not the rules it has to enforce. It is the business’s risk appetite that determines which risks to treat or tolerate. Based on the identified risk universe, the organization then determines its risk appetite through input from senior management, the board, and the business owners. Tolerance levels must be defined for a period of time that takes into account the loss of funds, functions, or the ability to deliver services to the market. It is from here that the company determines whether the risk is significant in terms of its appetite or not.
2.3.4 Risk response planning
After performing the three steps, the next stage is drawing up a mitigation plan for the risk so as to reduce its chances of occurring, the impact of the risk and if possible total elimination of the identified risk. Alternatively, Alexander and Sheedy (2005) stated the if the three options are not viable then the risk can be transferred to another party through outsourcing the affected business process or the organisation can as well acknowledge the chances of occurrence and the impact of the risk and the factor it on its budget or future plans.
In the writings by Bent et al. (2003) they are quoted saying that risk avoidance is the most effective solutions for all risks but without taking any risk then, an investor or business organisation should not expect any profit. Risk avoidance is usually done by not carrying out certain activities that might trigger risk from occurring. According to BebchTaiwan 2008, risk reduction is done through adopting certain strategies that reduce the impact and probability of occurrence of risk. For example, performing proper electrical wiring and installing fire extinguishers within a building will reduce the chances of fire outbreak and also the extent of damage in case a fire outbreak occurs. With regards, to risk sharing Roehrig (2006) stated that risk can be shared through outsourcing or insurance whereby the third parties, which are business process outsourcing centres and insurance companies, will both share in gains as well as a burden of loss with the business organisation. With regards to risks that cannot be shared or transferred; they are simply retained and at times, it could be because of cost of insurance against the risk which is much higher than possible losses that can be accrued in the event of risk occurring.
2.3.5 Risk monitoring and control
After the implementation, of the risk response plan; the subsequent step monitors the efficiency and performance of the risk management mechanism. This stage will actually check whether the response plan that has been implemented lowers the probability of the risk occurring and also whether if the risk occurs the severity of the impact will be much lower or not. If inefficiencies are noted within the response plan, then control measures are undertaken so as to obtain maximum performance of the risk response plan.
Covello and Allen (1988) noted that the initial risk response and planning is usually never adequate for risks being faced and more so risk that will be faced in the future. Therefore, risk monitoring and control should be frequently reviewed so as to ascertain whether the initially implemented risk control measures are achieving the desired results or not. Secondly, to examine any changes of risk level within the environment and this is usually common with information risk whose level changes immediately there is new information.
2.4 Why it is necessary for risk management iteration in the project life cycle
In an ever evolving environment where nothing seems to stay constant, and there are always new trends cropping up it is totally unconventional to maintain a risk management strategy for more than a year or two without reviewing the plan and making necessary amendments. Specifically, in project management there are different cycles which call for different risk management strategies, and hence in project life cycle, risk management strategies are usually reviewed and updated regularly. Considering different contexts, the review of risk management plan may be facilitated by; a) introduction of new laws, b) amendments of existing laws, c) introduction of new products and services, d) difference in the way work is done i.e. from manual to use of information technology, e) climate change, f) introduction of new personnel into the project, g) change of the objectives of a project and h) change of source of finance or amount of resources allocated or required for the project. These new issues cropping up according to Hillson and Murray-Webster (2007) will undoubtedly influence or change the source of the problem, as well as the problem itself, and expectedly the strategies of risk mitigations will have to be reviewed in order to factor in the new severity of the risk and well as the probability of occurrence.
Keller et al., (2006) in their studies documented on iterative risk management framework to articulate options in a project that are bound to be affected by climate change. In their studies, they presented the below illustrative figure which demonstrates on the iterative nature of the climate policy process. The figure shows two quarters where decisions are made, and the other two quarters represent the decrease in severity of the impact of the risk and reduction in the probability of occurrence for the risk. The arrows around the circle represent a range of outcomes and decisions that undertaken during a project life cycle.
From the figure, it can well be summarized that the iterative risk management framework has two key stages in each project life cycle whereby the existing environment is observed to identify changes and their impact on the project. The change could be on the surrounding weather pattern or the demographics of the pertinent population. The second stage after learning environment is to act on the risk management plan and then implement the changes learnt to the measures that had earlier been adopted for managing risks. This process as stated by Gorrod (2004) is repetitive, and it is usually conducted in intervals that depend on the type of the project and also the concerned environment for example social, political, technological or economic environment Gorrod (2004). The iterative risk management plan is beneficial from the sense that new sources of problems, as well as problems, are factored into the plan, and even new ways of risk mitigation are factored into the ever evolving plan. Additionally, with an iterative risk management plan the risk mitigation measures are always up-to-date and ready to tackle any new challenge arising (Cooper, 2010).
Referring to the studies conducted by Bent et al. (2003) they gave case based examples of iterative risk management plan in projects of different fields. For example in a construction project, there is usually a risk management plan pertaining to the health and safety of the workers, and in regards to this plan usually recommends that all workers within the site to wear gloves and a construction helmet. However, in case there is change in construction equipment/ materials or the existing laws that govern construction projects that now require all workers to be issued with protective eye glasses, the iterative risk management plan will have to factor in these changes. The adoption of this measure will protect workers against any harmful danger on their eyes that may arise as a mishap of the material used or the equipment. Alternatively, as stated by Gorrod (2004), the issuance of the protective eye glasses to the work force will be to protect the project from being shut down by the authorities due to failure of implementing the new law that requires all workers in a construction site to be issued with protective eye glasses.
According to Dorfman (2007) the most iterative risk management plan is in farming projects, which is necessitated by the ever changing and unpredictable weather patterns. For example, an iterative risk management plan against heavy rainfall is usually revised when weather forecast predicts low rainfall levels in the future, the measure adopted in this case is a reduction in the insurance premium paid periodically (Grace and Robert, 2003). Alternatively, an iterative risk management plan against drought will also be revised incase the weather forecast predicts adequate future rainfalls, and in this regard, the farmer may even scrap off the insurance against crop failure due to drought.
With regard to the banking industry; banks are always faced with credit risk that can eventually lead to bankruptcy and closure of the entire bank, which can as well affect the financial market and the economy at large (Hillson, 2007). It is for this reason that the central government through the central bank always implements measures such as the minimal capital requirement to protect against such risk. The establishment of the minimal capital requirement is usually determined by the prevailing economic situation. Grace and Robert 2003 state that during robust economic times, the minimal capital requirement is usually lowered, and during harsh economic times, the minimal capital requirement is usually increased so as to further cushion banks against credit risks. Banks also reflect this in their iterative risk management plan (Grace and Robert, 2003). For example, when the minimal capital requirement has been lowered the probability of occurrence as well as the impact of the severity of the risk, is usually lower and hence banks lessen the conditions of borrowing to their clients. However, when the prevailing economic condition is rather harsh, banks revise their iterative risk management plan by introducing tougher conditions for borrowing customers; this measure is undertaken so as to protect the banks against customer defaults on loans borrowed (Bollerslev et al. 2008).
2.5 Enterprise Risk Management
Referring to the studies conducted by Tysiac (2012), Committee of Sponsoring Organisations of the Treadway Commission (COSO) has been described as a voluntary organisation in the private sector that is predominant in the United States, which was established in 1985 to investigate and issue out recommendations on fraudulent corporate financial reporting. Its key mission is providing professional guidance to the management of enterprises and state authorities on vital functions pertaining to financial reporting, fraud, enterprise risk management, internal control, business ethics and organisational governance (BebchTaiwan, 2008). In respect of its mission, COSO has established an internal control framework that can be used as a reference point by government bodies and business organisations when conducting an assessment of their own internal systems.
In respect to enterprise risk management, COSO developed a model which can be applied by the management of an organisation when they are trying to assess and improve their enterprise risk management. In this model, Hopkin (2012) noted that risk has described as scenario or event that has potentially negative impact in the aforesaid enterprise. The severity of the risk can be either felt by the enterprise as a whole, the capital and human resources, services and products offered by the enterprise or the end-users of the enterprise products and/ or services. Moreover, the impact can even affect the external environment, market or the surrounding community (BebchTaiwan, 2008).
With regards to the banking industry, Nicholson et al. (2005) stated that enterprise risk management considers collective risk in this industry, which include operational risk, market risk, interest rate risk and credit risk. Consequently, the COSO enterprise risk management model prescribe that every identifiable risk can have a pre-established plan to tackle the possible consequences that may arise as a result of the risk occurring.
Alberts et al. (2008) noted that, in 2001, COSO devised an integrated framework for enterprise risk management after cases of numerous failures and business scandal of giant corporations, which heightened the advocacy for effective corporate governance and comprehensive risk management. These efforts led to the enactment of the Sarbanes-Oxley act that emphasised to public enterprises on the establishment of internal systems of control that are not only certified by the enterprise’s management but also an independent auditor who confirms the effectiveness of the internal control system (Hillson, 2007). The latest edition of the COSO enterprise risk management includes an integrated framework that is broader and seeks to ensure that the established internal control system that can provide reasonable assurance to the enterprise on compliance with relevant laws and regulations, reliability and validity of its financial reporting, efficiency and effectiveness of its operations and attainment of its overall mission and goals (Cooper, 2010).
Crockford (1986) stated that the enterprise risk management-integrated framework has eight key components that aim at addressing the ever increasing demand for risk management in enterprises. The components include;
- The internal environment, – this in the banking institutions sets the tone how risk is perceived, and the risk appetite.
- Objectives setting-this prescribe that the enterprise should first establish its main objectives before potential events can be identified as risks;
- Event identification- this component guide on risk identification both in the internal and external environment;
- Risk assessment- risks are assessed to determine the impact as well as the probability of occurring;
- Risk response-the management will devise appropriate measures and mitigation tactics so as to lower the impact or eliminate the chances of the risk occurring;
- Control activities-procedures and policies are developed and enforced so as to ensure the risk response achieve its objectives;
- Information and communication- the integrated framework prescribe for information to be identified and relayed to all concerned parties.
- The monitoring component in the integrative frameworks requires periodical appraisal of the risk response plan and modification to areas that are perceived outdated by events or ineffective.
It is beneficial to note that the COSO enterprise risk management-integrated framework totally relies on human judgment and, therefore, it is prone to human errors that can be as a result of bias and lack of informative information. However, the extent of human errors on the decision making process regarding risk management is minimized by the roles played by internal and external auditors who collectively assess the effectiveness of the control system established within the framework (Hubbard, 2009).
2.5.1 Office of Government Commerce (OGC)
The Office of Government Commerce is a department under UK’s central government and it is aligned to the Efficiency and Reform Group which is part of the Cabinet office and it mainly operates through the executive agency of the central government procurement service. The main mandate of the department is to offer support through negotiation of efficient services and provision framework, and also through policy and process guidance for the procurement and acquisition process of government enterprises. The primary goal of the department is to gain value for taxpayers’ money and also guarantee the taxpayers optimum delivery of services (Porteous and Pradip, 2005).
The OGC has models that support best practice of programme and project risk and service management. One of these models is Management of Risk (MoR), through which the department offers best practice guidance to all UK organisations on risk management. The best practice guidance covers the key concept of risk, risk identification, ownership of risk, risk assessment, risk appetite, response to risk, review and reporting of the risk management (Wideman, 1992).
Summary of the chapter
This chapter has presented a review of different scholarly works that touch on various subjects relating to the objectives as well as the topic of this dissertation. From the review, presented above among the notable facts is that the best method of responding to a risk is by avoiding the risk; however, this is not possible in a situation whereby either the individual or business organisation wishes to generate a substantial amount of profit. In the case of projects be it financial investment projects or building construction projects, some certain risks are taken up by the project managers because they have already being identified and equal measures have also been implemented to reduce their likelihood of occurrence and severity of impact. Secondly, in the risk identification process it is indispensable to acknowledge the difference of what can be termed as uncertainty and what can be termed as risk. Thirdly overemphasis on the risk management process can hinder the successful completion of a project or even kick starting of the project. For example, when undertaking a building construction project along a coastline the risk level are usually high because of likelihood of unforeseen natural calamities such as earthquakes, tsunamis and tornadoes, among others, and if the project manager overemphasis on putting up necessary safeguards against such calamities it might end up delaying the entire project and consumer more resources reducing even the expected return of the project. In financial investment projects, overemphasis on risk management process may lead to increase in capital requirement, which will translate to higher interest rates and low uptake of loans and generally minimal return on financial investment projects.
- Chapter Three: Research Methodology
This chapter details the research methodology employed in this study. It is widely noted that most researches are usually carried out through primary and secondary research. However, in this research only the secondary research method will be applied because of abundant and reliable information that is available on numerous scholarly literatures, articles and internet sources. In secondary research or research based on literature, information is usually gathered from multiple academic sources such a valid websites, textbooks and journals usually from sources such as Business Premier and Emerald. The choice of secondary research for this paper was informed by the fact that the topic was initially finalised after a thorough secondary research, which helped in devising the research objectives, and aim of the entire study. The first part of the secondary research has been displayed in the literature review section. Saunders et al. (2007) cite that secondary research is advantageous because the data that are sought after already exist and the researcher can evaluate its validity before using them.
3.1 Research Philosophy
This piece of research will be from a positivist point of view. This philosophy has been selected as it encompasses building bridges between risk appetite/ tolerance alongside risk management in the banking industry and the investment banking industry. Previous studies, research and theories, are also to be used in order to acquire further knowledge, ‘As knowledge that is arrived at through the gathering of facts provide the basis for laws’ (Robson, C., (2002). The purpose of this perspective is to establish ideologies and ensure the objectives of the project are achieved.
Additionally the research will apply the use of epistemology Interpretivism (analysis of the meaning of peoples’ action as well as others) and critical realism. The philosophy of interpretivism is beneficial since it advocates for equal consideration of divergent opinions from various scholarly works, rather than perceiving such divergent opinions to be inaccurate data. In the adoption of the philosophy of critical realism, the researcher will ride on the fact that reality is a creation of social factors that are surrounding him, which cannot be understood independently from the surrounding social factors (O’Leary, 2004).
3.2 Research Approach
The researcher collected various materials having information of risk appetite and risk management from various Taiwan scholars. The materials that were not relevant to Taiwan were eliminated. The online databases from various Taiwan financial institutions and banks were collected. The materials that touched on the two banks were given priority.
The inductive approach aims to condense extensive and varied raw text data into a brief, summary format. Secondly, to establish clear links between the research objectives and the research findings.
3.3 Data Collection
In relation to the data retrieval methods, the use of scholarly works, journals and other literature will be the only means of gathering data, which will help in answering the research questions and also attaining research objectives. Data collection will only be limited to a source of literatures that have been used in the module or which are particularly related to risk management, project management, practices in the banking industry and also in the investment banking industry.
This form of data collection will require less time compared to when both secondary and primary data collection processes are conducted. The reason is that the researcher will only limit his data collection to libraries, cyber cafes or on personal computers unlike when carrying out primary research, which would require the researcher to conduct actual field research.
3.4 Qualitative vs. Quantitative Approaches
There is a distinct difference in the use of qualitative and quantitative research approaches as both methods are used for entirely different purposes. Quantitative research uses mathematical and statistical methods to interpret and evaluate the results of data collected using tools, such as questionnaires. This suits the belief of Fred Kerlinger who stated “There’s no such thing as qualitative data everything is either 1 or 0” (Creswell, 2002), this can be perceived to be true as quantitative research involves the analysis of numerical data. It is significant to note that the quantitative approach will be applied in this study. Noor (2008) stated that quantitative analysis of data is a process that is based on the amount of data collected from the identified materials such as financial statements of banks and investment banks. This information is often accurate and not prone to human manipulations.
Qualitative research seeks out the why, not the how of its topic through the analysis of unstructured information (Ereaut, 2007). It is an approach, which one could say, takes insight into human behaviour, as human behaviour is significantly influenced by the setting in which they operate or occupy in; thus one must study that behaviour in those situations. Research must be conducted in the setting where all the contextual variables are operating (Marshall, 1980). Under qualitative analysis Neil (2007) states that qualitative data analysis is the analysis of data which is based on meanings spoken through words or personal expressions from the respondents. Qualitative analysis of data is one of the major methods for data compilation and interpersonal interviews.
3.5 Research Strategy
It is pertinent to note that, in a dissertation, the research methodology is particularly significant since it validates that the secondary research performed is valid and trustworthy. The research strategy adopted for this study as already noted in this project will primarily seek to gather information from articles, magazines, journals and previous research that were carried out on the research topic (Valenzuela and Shrivastava, 2009).
Only quantitative data collection techniques were exploited to benefit from strategy strengths and weaknesses (Wilson, 2004). Hence, the combined implementation of techniques helped to test assumptions in literature about the impact risk appetite/ tolerance and also risk management in projects as well as in the banking and investment banking industry.
3.6 Research method
Another aspect that is of immense significance in this research methodology is the research method, which shows methods that the researcher will adopt to answer the research objectives or questions. There are types of research strategies that can be employed in conducting a research study. These include experiments, case studies, survey, theoretical perspectives, cross-sectional and longitudinal studies. It is imperative to examine the case study method and the sampling method that will be applied in this research. SinoPac and E.Sun Banks were used as case studies.
The research entailed investigating risk management and risk appetite from various journals and articles. More elaborate explanation on the nature of the case study as a research strategy was given by Miles and Huberman (1994) in whose view case study represents a way of collecting, organising, and analyzing data’. Secondary method which involves collecting the secondary information regarding a give phenomenon was selected.
In this research, the research will use a case study of a bank and also of an investment bank that majorly deals with the selling and purchase of stocks and securities in the stock exchange market. Through the case studies, the research will investigate the level of risk appetite and tolerance within each firm and also investigate measures in place for risk management. After conducting individual investigation on the two institutions chosen as the case examples, the research will embark on making a comparison and contrasting the findings from the two sides so as to establish the similarities and differences. It is pertinent to note that the institutions financial records and also management will be used as sources of data for the research purpose.
Secondly, the research will employ the sampling method so as to validate some of the data collected. For example, it will not be sufficient to rely on the data collected from the two institutions chosen as case examples without confirming or validating the information. This is because the two institutions are capable of manipulating data and misrepresenting information to suit their own needs or meet certain conditions (Neil, 2007). Thus, the research will sample a few individuals such as banking consultants, an auditing expert, an independent stock analyst and project management consultants. Because of the high number of such individuals in the Taiwan, the research will use the sampling method to select them without any specifications.
The sampling method of choice in this case is simple random that considers a certain size. All the subsets in the sample have an opportunity of being given an equal chance of participation. This, therefore, implies that every one element in the frame is given equal probability in participation. There is no subdivision or partitioning of the frame. Pairs and also triples if they exist are also accorded equal opportunities. This leads to the minimization of bias, in addition to the simplification of, the result analysis process. The variance that may exist between results on an individual capacity in the context of the telephone conversation can be the best indicator of the variance in the entire population. This, therefore, also leads to the simplicity in the estimation of accuracy that the results may have.
There is, however, a high possibility of vulnerability to sampling errors in the use of this Sampling method. This is attributed to the randomness in the process of selection that may lead to a sample that may not reflect the actual make up that is evident, in the two industries. There is also an aspect of awkwardness? That is associated with this sampling method, as it might also be tedious if sampling is intended at populations that are unusually large.
3.7 Validity and Reliability of Results
A debate about the findings of the preceding literatures on risk tolerance/ appetite and risk management in the banking industry, as well as the investment banking industry, inevitably includes a discussion of research, normally referring to the way in which the data were collected”. This research being a phenomenological, all questions are related to theoretical characteristics discussed in the literature review carried out. The process would, therefore, be accurate in collecting, analyzing and sampling data; hence the validity of result would be quite high. In addition, through the sampling method the researcher will identify appropriate external parties to call so as to confirm some of the date presented from different sources (Smith, 1975).
3.8 Research plan
The plan involved with carrying out this research will be comprehensible. This is because it will be only conducted through secondary research meaning that the information required is already there. What will be required from the research are; adequate preparation with regards to collection of the required information, analysis of the information gathered and documentation of final findings. The documentation of the final findings will be presented in a manner that answers the research questions already enlisted in the first chapter.
3.8.1 Research plan and time frame
|Developing research plan
||By July 2012
||Proposal has been approved
|Developing sources of data
||By July 2012
||Expected sources of data have been gathered
|Reviewing sources of data
||By July 2012
||Data sources developed in time
|Developing analysing strategy
||By July 2012
|Collecting data or reading through secondary sources
||By July 2012
||Data was correctly gathered
|Analysing data and interpretation
||By July 2012
|Data has been collected
|Writing the key findings and answering research questions
||By July 2012
||Complete chapter four and five of the dissertation
||Analysis and interpretation was done correctly
|Submitting final report in hard and soft copies
||By August 2012
||Hard and soft copies of dissertation
||The dissertation had been defended
- Chapter Four: Case Study Analysis
The secondary research was conducted with the different tools described in methodology that helped in revealing the influences of risk appetite and tolerance on E.Sun Bank, SinoPac Banks and other Taiwan banks. The findings of the research, based on the articles and other materials presented are as follows.
Restating statement of the Problem
Risk is faced by Taiwan banks, as with most businesses, because of their ability to anticipate the future correctly. Bank behaviour is based on given and expected perceptions of some key variables. Specifically, the researcher needed to take into account the considerable forms of risk to which Taiwan banks are exposed. Risks were classified as Interest rate risk, Exchange Rate Risk, Credit Risk and Spillover Risk for easy assessment. This was to explore the following research objectives and questions.
Objective: To understand how risk appetite and tolerance influence decisions making in organisations taking E.Sun and SinoPac Banks as a case study.
Research Question 1: What are the benefits of a formal risk management in Taiwan Banking Industry?
Research Question 2: What is the impact of risk appetite on business conduct under the current economic circumstances?
These research questions are not mutually exclusive and so the importance of analysing each separately. A Taiwan bank faces an interdependent risk function. For example, a risk dimension in the area of interest rates might also have implications for exchange and credit risks, and the latter risks might influence the former. For each of these risk categories, the key determinants involved can be identified and for expository reasons, therefore, it is convenient to proceed as if these risks were independent of each other.
The data was collected from various articles and journal having information of risk management and risk appetite. Online dataset of the two banks and other secondary materials relevant to the study were also collected. Among the materials were also information that were outdate or irrelevant to the study. This resulted to a voluminous information and hence its reduction to manageable levels.
Initial coding and data reduction
Secondary materials and information available from scholarly works, journals and other literature were collected. There was a need to reduce data to manageable levels and relevance (Camilla, 2003). Initial coding was significant in the process of analysis since it provided names for pieces of data. These codes comprised of words, expressions or other portions of data relevant to the study (Caldwell, 2003). The initial coding helped in classifying the risks under Interest rate risk, Exchange Rate Risk, Credit Risk and Spillover Risks. All materials containing or having more information on each risk were grouped together. The key words were: risk appetite, tolerance, decisions making and banking (Michael et al, 2005).
The researcher began with a collection of volumes of information from articles and other secondary materials on each risk and gradually reduced them until each of them represented a specific concept. These concepts were essentially units of meaning (Kabala, 2005). Once an understated coding had been finished then researchers grouped up the codes with common meanings that are linked to risk appetite and tolerance in Taiwan Banks with E.Sun Bank, SinoPac Banks on consideration. When varying terms were used to the same concept, the most appropriate label was used as a name for the concept (Donald, 2005). Instead of coding line-by-line or sentence-by-sentence, several researches code following paragraph-by- paragraph while there are those who search for meaningful statements in the text (Camilla, 2003).
Even though open coding looked straight forward, at the start, it was overwhelming. Its aim was to generate as many codes as possible which will fit the data. As the coding was be in the process, the study made comparisons of various incidences, and it was essential to note that some codes were likely to recur more than others (Camilla, 2003). There are also other codes that collapsed that gave room for the development of categories. The study expected to code and record data during this substantive level, especially from the articles and other journals (Caldwell, 2003).
During selection of words for coding in open coding, it was essential to stay close to the research topic as possible. Picking words that were reflective of what was happening in E.Sun Bank was crucial. Hence such words were avoided since they tend to drive the analysis, more like a theoretical framework (Donald, 2005). As the open coding continued, codes were compared constantly and grouped gradually and systematically into more abstract categories (Caldwell, 2003).
With the support of other related banks and materials, each bank was analysed separately using the secondary materials. All the information pertaining to risk appetite and tolerance and decision making in each bank was examined.
Analysis of E.Sun and SinoPac Banks
Project risk management according to Robert (2009) is to plan, identify, analyse, respond, and control risk factors throughout the risk management process. This is done by planning, identification, qualitative risk analysis, quantitative risk analysis, risk response planning, and risk monitoring and controlling. According to Shanks (2003), many scholars argue that these risk management core competency skills are most salient in their job as bank Risk Manager. All of these are beneficial to succeed in any bank risks that they are facing.
In the analysis, it was essential to identify the top five risks managers perceive most salient in SinoPac and other banks and affect decisions-making in any bank. According to Hallenbeck and Lerche(2006), most of the banks consider credit, interest rate, foreign exchange and liquidity risk as the most significant risks that must be controlled. The risks mostly affect decisions making in the bank.
After reducing the available information and restricting it to risk appetite and tolerance and decision making in E.Sun and SinoPac Banks, four general conclusions can be drawn from this research:
- Risk management in E.Sun and SinoPac Banks
E.Sun and SinoPac Banks managers believe that it is necessary to form a correct risk management concept, by learning risk management concept of world. The two Bank managers consider risk management as an important part of their job. However, they have some misleading ideas of risk management in the past which make it take a long time’s effort to lay advanced and correct risk management concept in the minds of bank staff (Michael et al, 2005). Despite that many Taiwan Bank managers have realised the importance of bank risk management theoretically in mind, many banks in practice and operation still pass on the ideas. First that operation scale is too much emphasised so risk management is put on the opposite side of business development mistakenly, with the thought that risk management is to make business staff in trouble, and without considering risk control same material with profit creation (Robert, 2009). While some risk, managers simply think that risk control means less business and avoids risk bearing by denying business, which cause the failure of many available business and the decrease of anti-risk ability of banks. In recent years, both E.Sun and SinoPac Banks and other Taiwan banks are trying to set up correct risk management concepts. These efforts will predictably last till the scientific risk management concept is rooted in every staff’s mind of banks.
- Credit risk management and how the two banks deal with it
- Sun Bank
In the aspect of credit risk management mechanism, the bank managers is unanimous in realising that credit bank risk management is a systematic strategy, which needs the coordination of many factors, in order to reach the goal of lowering the bank risk (Donald, 2008). The two banks under study have certain risk management mechanism, but it is a basic mechanism of one stage, or a mechanism targeting at individual peculiar risk as credit risk. Therefore, from the macro angel, E.Sun Bank still have the problem of missing risk management mechanism, which is indicated by incomplete risk management system, improper system implementation and imperfect monitoring mechanism among others (Michael et al, 2005). The missing of this system will cause the lack of basic structure in effective operation of enterprise-wide risk management, and stand in the way of risk management system formation.
The managers emphasised the enterprise-wide risk management. Being different from traditional risk management that focused on credit risk, modern bank risk management also pays attention to other risks, such as market risk, liquidity risk, operational risk and legal risk (Robert, 2009). It not only treats possible capital loss as a risk, but also deems bank reputation and personnel loss as risk, for which the concept of reputation risk and personnel risk are put forward.
In the aspect of risk management culture, the respondents’ banks already have certain risk management culture consciousness, and realise that they need to create a significant risk management culture, to promote the risk management work of whole banks. However, at present, the banks still have not formed advanced risk management culture (Donald, 2008). Risk management departments and business departments seldom eliminate the culture differences by communication, and the conflicts between foreground and background are always solved passively instead of being solved by communication.
- SinoPac Bank
For SinoPac Bank, it has been suggested earlier that reserve holdings are negligible. This means that they exploit income producing avenues to the maximum at least in the short run. Presumably, the deficit costs of inadequate reserves must not be high during normal times given easy access to the interbank market and parent institutions, while the opportunity costs of incomes foregone is rather high. The need for an adequate capital is of crucial importance over the longer term (Lerche, 2006). To protect against this risk it, the banks would be operating with high capital to asset ratios. In recent years, however, observers of the Taiwan currency market have been alarmed at the decline in these ratios for most banks. This decline indicates a greater willingness by banks to take the risk and an acceptance of reduced protection against it (Michael et al, 2005). The problem is further compounded if we were to account for the erosion of capital resulting from inflation since most of the bank’s equity consists of monetary assets. This erosion of the real value of the SinoPac Banks capital puts on added pressure to be fully loaned out so as to generate increased earnings to cover for inflation (Graham, 2008). The observation that SinoPac Banks has resorted to operating with lower capital to asset ratios can be theoretically justified, if, even for the longer term horizon, the expected opportunity cost of holding inventories of capital exceeds the deficits cost of portfolio adjustments to a general collapse (Lerche, 2006).
- Loan risks in the two banks and their management in relation to decision making
This risk arises for the bank from the possibility that due to circumstances special to the borrower, there will be a delay in loan repayment or default on the loan. This risk is faced by any commercial bank and is not peculiar to the Taiwan currency operation. This risk takes on an added dimension for an E.Sun Bank because loans are generally of large denominations, and unsecured. The lack of collateral for loans granted is attributable to the intensity of competition among banks and the high standing of borrowers. In recent years, the usage of formal collateral and guarantees has increased as banks have sought some security on loans granted to oil deficit countries (Donald, 2008). During normal circumstances when banks use floating rate loans, match deposits to loans in terms of currency and maturity of the roll-over period, the only risk that they still face is the credit risk (Lepetit and Tarazi, 2008). This risk is, therefore, most significant, and least in the banks power to control.
The impact of loan losses can be felt on the level of cash reserves held by E.Sun Bank and its capital account. Changes in cash reserves are a consequence of granting and repayment of loans. When loans are granted cash reserves decline while repayment increases these reserves. Default (or delay) by a borrower on a loan due means that an expected repayment or inflow of cash did not materialise. A bank’s cash reserves are subject to this uncertainty. Losses in the capital account are likely over the longer term, most obviously, because of insolvency of the debtor. A bank has information on the ability of respective debtors to repay their obligations in a probabilistic sense only (Robert, 2009). These losses can also stem from short-term losses on cash reserves (due to insolvency or delay by debtors to repay obligations) which force bank portfolio rearrangement such as borrowing of deficits at unfavourable rates, incurring of losses in selling of assets and transaction cost (Michael et al, 2005).
According to Robert (2009), it has already been alleged that Taiwan banks operate in perfectly competitive markets. This means that an individual bank is a price taker and adjusts the volume of its activity in accordance with the interest rate which is beyond its power of control. This free market determined interest rate is known to fluctuate a vast deal in Taiwan’s Banking Industry. Since Taiwan banks, liabilities with definite maturity dates during the “normal times”, when confidence in the market remains supreme, banks do not run the risk of unexpected withdrawals (Michael et al, 2005). They face interest rate uncertainty rather than uncertainty in the maturity of deposits. Interest rates on assets and liabilities fluctuate freely from day to day, and there is no credit rationing in Taiwan. Furthermore, it has been observed that long-term interest rates do not diverge a vast deal from short-term rates which mean that Taiwan banks have an expectation of remarkably little deviation of the term structure of interest rates from parity (Donald, 2008). Since most banks are risk averters, a high degree of uncertainty about future interest rates, and term structure of interest rates close to parity, will result in balance sheets being closely matched (Lepetit and Tarazi, 2008). There will be remarkably little asset transformation and the distribution function of financial intermediation will dominate.
- Exchange Rate Risk and how the banks deal with it
With an inalterably fixed exchange rate, there would be no exchange rate uncertainty and maintenance of open positions in a currency or exchange rate speculation would be relatively safe. With a floating exchange rate system, exchange rate uncertainty has been contented with (Donald, 2008). To limit exposure to expected exchange rate volatility, a bank’s response is likely to be in terms of greater attention to the currency composition of its assets and liabilities. To avoid interest rate risk there is matching of the maturity of the deposit to that of the loan and to avoid exchange rate risk on transactions there is a matching of the currency denomination of the two. If SinoPac Banks balances assets and liabilities by currency class, there would be no net exposure to foreign exchange risk (Robert, 2009). Currency transformation or the buying of “loans in one currency as a result of having sold deposits in some other currencies” would be effected “whenever the difference in interest rates on deposits or on loans differs by more than the transaction costs and risks” (Lerche, 2006). Although pure exchange risk can be hedged away through purchase of forward cover, a residual exchanged risk, associated with premature repatriation, remains (Lerche, 2006). By purchasing a forward contract in dollars, the bank fixes the dollar value of the asset at the time of maturity. If the bank is forced, because of need or external circumstances, to repatriate funds prior to maturity, a net loss or gain is likely depending upon the then prevailing exchange and interest rates.
Spillover Risk and Decision making in both SinoPac Banks and E.Sun Bank
Important changes in Risk Management Practices at the managerial level have occurred after devastating effects of the global financial crisis (Graham, 2008). Using the two banks’ past records and journals, it appears that the bank managers risk management strategies evolved from the maintenance stage, to a growth stage; where the focus is on offering more diversified risk management strategies (Lepetit and Tarazi, 2008). In a few instances, banks moved to a mature stage where the focus is on ensuring that recently added techniques and strategies are making a significant contribution to the banks overall success.
All the bank managers believe that it is necessary to form a correct risk management concept, by learning risk management concept of world. These bank managers consider risk management as an important part of their job (Donald, 2008). However, they have some misleading ideas of risk management in the past which make it take a long time’s effort to lay advanced and correct risk management concept in the minds of bank staff. Despite that many bank managers have realised the importance of bank risk management theoretically in mind, many banks in practice and operation still pass on the ideas that: operation scale is too much emphasised so risk management is put on the opposite side of business development mistakenly, with the thought that risk management is to make business staff in trouble, and without considering risk control same material with profit creation (Robert, 2009).
While some risk, managers simply think that risk control means less business and avoids risk bearing by denying business, which cause the failure of many available business and the decrease of anti-risk ability of banks (Claessens, 2004). In recent years, banks of the country are trying to set up correct risk management concepts. These efforts will predictably last till the scientific risk management concept is rooted in every staff’s mind of banks.
In the aspect of credit risk management mechanism, the bank managers is unanimous in realising that credit bank risk management is a systematic strategy, which needs the coordination of many factors, in order to reach the goal of lowering the bank risk. The banks of in the study have a certain risk management mechanism, but it is a basic mechanism of one stage, or a mechanism targeting at individual particular risk as credit risk (Michael et al, 2005). Therefore, from the macro angel, the banks still have the problem of missing risk management mechanism, which is indicated by incomplete risk management system, improper system implementation and imperfect monitoring mechanism and the likes (Claessens, 2004). The missing of this system will cause the lack of basic structure in effective operation of enterprise-wide risk management, and stand in the way of risk management system formation.
The managers emphasised the enterprise-wide risk management. Being different from traditional risk management that focused on credit risk, modern bank risk management also pays attention to other risks, such as market risk, liquidity risk, operational risk and legal risk. It not only treats possible capital loss as a risk, but also deems bank reputation and personnel loss as risk, for which the concept of reputation risk and personnel risk are put forward (Robert, 2009). Besides, with the trend of more and more internationalised operation, commercial banks pay more attention to the integrative measurement and management of the risk bearing in global range, to prevent all possible adverse events from happening anywhere in the world (Claessens, 2004).
At present, the banks still haven’t formed advanced risk management culture (Donald, 2008). Risk management departments and business departments seldom eliminate the culture differences by communication, and the conflicts between foreground and background are always solved passively instead of being solved by communication (Graham, 2008).
Conclusion of Analysis
From the analysis, it is evident that the two banks and other Taiwan banks are using various strategies to manage their risk exposures and manage their risks. Risk management has various advantages in the management of the two banks and Taiwan Banking Industry (first objective). Risk appetite is high for bigger organisations compared to smaller organisations in Taiwan.
- Summary, Conclusions, & Recommendations
The following is the final section of the dissertation that summarises what has been found in this study, conclusions from the findings, and recommendations for future research.
There is a long development history of risk management among Taiwan banks taking a close reference to E.Sun and SinoPac Banks. As emphasised by Basri (2008), through decades of development and practices, they have developed many advanced concepts and methods. These banks pay more attention to the management of all risks in the global range, emphasising that risk management should be throughout the whole process of banking operation (Aliber, 2005). They also nurture positive risk management culture and apply mathematic models for quantitative analysis on risk to measure the bank’s risk bearing capacity as a whole (Basri, 2008). According to Bebch2008, inside the banks, risk management is becoming the self-consciousness and activity of all staff from profound theory.
Risk is faced by Taiwan banks, as with most business, because of their ability to anticipate the future correctly. This uncertainty about the future influences bank portfolio decisions today. Bank behaviour is based on given and expected perceptions of some key variables (Dent, 2009). Specifically, we need to take into account the main forms of risk to which Taiwan banks are exposed because of changes in interest rates, exchange rates and behaviour of borrowers and lenders (John, 2004). The risks emanating from these variables can be classified as being interest rate, exchange rate and credit risks.
It is concluded that, along with the expansion and enriching of economic development, advanced bank risk management has been developed from single risk management development into the enterprise-wide risk management of all kinds of risks. The risk management technology is developing from quantitative method into more precise and advance quantitative direction (Berger, 2007). The risk management content is richer and richer, and its technology is more and more complicated. E.Sun Bank will introduce advanced risk management concept and technology step by step, to establish enterprise-wide risk management system.
For bank managers, the results of the study may improve their performance by identifying “best practices” and “worst practices” associated with risk management. Best practice risk management techniques/strategies were discussed by these bank managers. The research results also provide information about the effects of using these risk management techniques on bank efficiency. Knowledge of this information will further assist bank managers in their future risk management.
Limitations of the research
The study was limited to secondary information collected from the data sources. The data findings were limited to the secondary data collected from articles and online databases. It is believed that the findings would be different if the sample demographics were different.
Risk Management Policies
The first and substantial attempt to investigate the role of risk management policies in banking crises was made by John 2004. John 2004 focuses more on the choice between an accommodating and strict risk management policy. Both studies of E.Sun and SinoPac Banks show that certain risk management policies, namely unlimited deposit guarantees, open-ended liquidity support, repeated recapitalization, debtor bail-outs, and regulatory forbearance tend to increase fiscal costs. Furthermore, in order to prevent loss of confidence that could trigger a bank run and a more harmful crisis, an explicit guarantee to depositors and creditors should be enforced. Forbearance, repeated recapitalization, asset management companies, and public debt relief are examples of resolution policies that are often adopted in this phase. Forbearance and repeated recapitalization policies allow banks that are technically insolvent to continue its operation with the intention of avoiding widespread suspensions and bank closures and restoring solvency (Lepetit and Tarazi, 2008). Asset management companies and public debt relief program are established with the purpose of allowing banks to focus on their core business activity by letting governments or other agency manage their nonperforming loans.
There is the risk that capital controls (such as exchange controls) might be imposed in the centre where a bank’s assets are held. Exchange regulations will interfere with movements of funds out of a financial centre (Robert, 2009). Movement of funds between the Taiwan markets is not likely to be disturbed. This risk can be counteracted by granting loans to a potentially feared country in that country’s currency. Another practice that has become widespread in light of currency instabilities is the denominating of loans in several currencies (Hinton, 2004). Taiwan banks also protect themselves against the inadequacy of a particular currency on a loan rollover date. If exchange restrictions are such that are desired currency ceases to be available in sufficient quantity to affect a roll-over, the amount drawn under the loan agreement is due immediately. This should limit the liability of a bank in the event that some currency crisis in the market made roll-over on outstanding loans difficult (Graham, 2008). On the other hand, in the event that during a crisis a majority of the borrowers are unable to repay loans draw down, the credit risk remains.
In Taiwan and other markets, since the market is international in nature, the cost of such information gathering on borrower credit worthiness and their usage of funds can be extremely high. A bank, customarily, does not know how much a borrower has obtained from other sources and questions of country risk compound the difficulties of obtaining useful information. E.Sun and SinoPac Banks have tried to keep informed of tendencies in the overall market by active involvement the interbank market. Here, a typical bank acts both as a lender and borrower of interbank funds at the same time (John, 2004). By churning out deposits of a cosmetic kind, this market provides traders “with information both about demand and supply, and it allows traders to stay in close touch with the market’s ‘feel’ for the ability and soundness of individual traders and banks. Trading deposits may in a sense be an efficient way of trading information about individual banks and their techniques” (Claessens, 2004). The costs of this information should be negligible, as indicated by the spread between bids and offer rates on interbank placements. During times of crisis, these costs are likely to increase because of general erosion of confidence. The observed “tiering” of banks in terms of size, credit worthiness, stockholder support and recourse to external assistance reflects the increased cost of seeking information needed to reduce the heightened credit risk during panic conditions of interbank placements. Baltensperger 2002 also suggests that banks cushion the possibility of credit by holding reserves of cash and capital. It is because of uncertainty that a bank holds inventories of reserves and capital accounts. Was it not for these reserves a bank would have to incur deficit costs of borrowing needed amounts at favourable rates, selling of assets at capital losses and transaction costs. The holding of inventories also entails an opportunity cost for the bank in terms of income foregone in not being fully loaned up (Claessens, 2004). If the expected opportunity costs exceed deficit costs, it pays to hold a smaller inventory of excess funds. The optimal inventory size would be one where the marginal deficit cost is equated to the marginal opportunity cost.
For E.Sun and SinoPac Banks, it has been suggested earlier that reserve holdings are negligible. This means that they exploit income-producing avenues to the maximum at least in the short run. Presumably, the deficit costs of inadequate reserves must not be high during normal times given easy access to the interbank market and parent institutions, while the opportunity costs of incomes foregone is rather high.
The need for an adequate capital is of crucial importance over the longer term. We are interested, because of credit risk considerations, in the protection a bank has against the risk of general collapse due to widespread debtor default (John, 2004). To protect against this risk it would be expected that banks would be operating with high capital to asset ratios. In recent years, however, observers of the Taiwan currency market have been alarmed at the decline in these ratios for most banks (Claessens, 2004). This decline indicates a greater willingness by banks to take the risk and an acceptance of reduced protection against it. The problem is further compounded if we were to account for the erosion of capital resulting from inflation since most of the E.Sun bank’s equity consists of monetary assets. This erosion of the real value of the bank capital puts on added pressure to be fully loaned out so as to generate increased earnings to cover for inflation.
The observation that Taiwan banks have resorted to operating with lower capital to asset ratios can be theoretically justified, if, even for the longer term horizon, the expected opportunity cost of holding inventories of capital exceeds the deficits cost of portfolio adjustments to a general collapse (John, 2004).
The bank managers which are the main contributors to this study with ideas and suggestions will receive a report of the findings from the study. Since the data collection came from the bank managers’ risk management skills, the findings from the study should have an added relevance, not only to the participating banks but also to the other banks as well, operating, not just in Taiwan but also in other places. Since the manager participants were offered a free report of the findings, a variety of requests from the participants have been received. Several of those requests were for more detailed and substantive information, which will also be fulfilled. Therefore, the knowledge gained from this study can flow on to those who find it applicable and advantageous.
Because of inherent difficulties of generalizing the findings of the study to all banks, further research is suggested in the following areas:
- Examine all the real options to understand the value of each one to the bank risk decision- maker and why.
- Using a case-study methodology, research those banks that have recently managed their bank risks and ascertain why. Further, real options could be discussed with participants from the perspective of preventing failure to manage risks. The case-study approach is suggested because locating sufficient number of banks to collect data using a survey instrument would be tenuous at best or impossible at worst (Lepetit and Tarazi, 2008).
- Identify the applicability of real options to the wide variety of banks not used in this study.
Alberts, C., Audrey D., and Lisa M., 2008. Mission Diagnostic Protocol, Version 1.0: A Risk-Based Approach for Assessing the Potential for Success. Software Engineering Institute, [online]. Available at: www.sei.cmu.edu/reports/08tr005.pdf [Accessed 15 July 2012].
Alexander, C., and Sheedy E., 2005. The Professional Risk Managers’ Handbook: A Comprehensive Guide to Current Theory and Best Practices. PRMIA Publications
Aliber, R. 2005. Exchange Risk, Political Risk and Investor Demand for External Currency Deposits. Journal of Money, Credit, and Banking, 7(2) Available through: JSTOR [Accessed 21 July 2012].
Altemeyer, L., 2004. An Assessment of Texas State Government: Implementation of Enterprise Risk Management, Applied Research Project, [online]. Available at: https://digital.library.txstate.edu/bitstream/handle/10877/3593/fulltext.pdf?sequence=1 [Accessed 15 July 2012].
Baltensperger, E., 2002. Costs of Banking: Interactions Between Risk and OperatingCosts. Journal of Money, Credit, and Banking, 4(3) Available through: JSTOR [Accessed 21 July 2012].
Bams, D., Lehnert, T. and Wolff, C., 2005. An Evaluation Framework for Alternative VaR Models.Journal of International Money and Finance, [online]. Available at: http://arno.unimaas.nl/show.cgi?fid=10654 [Accessed 15 July 2012].
Basri, Carole L. 2008. The Global Suprime Crisis: Issues You Need to Know. Corporate Law and Practice Course Handbook Series. New York: Practicing Law Institute.
BebchTaiwan, Lucian A. 2008. A Plan for Addressing the Financial Crisis.Discussion Paper620. Cambridge, MA: Harvard Law and Economics.
Bent, F., Nils, B., and Werner, R., 2003. Megaprojects and Risk: An Anatomy of Ambition; Cambridge University Press.
Berger, A., 2007. International Comparisons of Banking Efficiency.Financial Markets, Institutions and Instruments 16(3), pp.119–144.
Blue, R. and Jeremy, W., 2009. Surviving Financial Meltdown: Confident Decisions in an Uncertain World. Carol Stream, IL: Tyndale House Publishers.
Bollerslev, T., Engle, R. F. and Wooldbridge, J. 2008. A Capital Asset Pricing Model with Time-Varying Covariance. Journal of Political Economy, Available through: JSTOR [Accessed 21 July 2012].
Borodzicz, E., 2005. Risk, Crisis and Security Management. New York: Wiley.
Caldwell, E., 2003. Research Designs and their applications.Connecticut, USA: Engage Learning.
Camilla, M., 2003.Textbook of basic Research Methods. New York, USA: Lippincott Williams & Wilkins.
Claessens, S., 2004. How does foreign banking entry affect domestic banking markets,Journal of Banking and Finance, [online] Available at: http://siteresources.worldbank.org/DEC/Resources/84797-1114437274304/final.pdf [Accessed 15 July 2012].
Cokely, E. T., Galesic, M., Schulz, E., Ghazal, S. and Garcia-Retamero, R., 2012. Measuring risk literacy: The Berlin Numeracy Test. Judgment and Decision Making, Available at: http://journal.sjdm.org/11/11808/jdm11808.html [Accessed 15 July 2012].
Cooper, D., 2010. Leadership Risk: A Guide for Private Equity and Strategic Investors. John Wiley & Sons.
Covello, V. T. and Allen F. H., 1988. Seven Cardinal Rules of Risk Communication. Washington, DC: U.S. Environmental Protection Agency.
Creswell, J. W., 2002. Research design: Qualitative, quantitative, and mixed methods Approaches. 2nded. Beverly Hills, CA: Sage.
Crockford, N., 1986. An Introduction to Risk Management.2nd ed. Cambridge, UK: Woodhead-Faulkner.
Crouhy, M., Galai, D. and Mark, R., 2000. Risk Management. New York: McGraw Hill.
Dent, S., 2009. The Great Depression Ahead: How to Prosper in the Crash Following the Greatest Boom in History. New York: Free Press.
Dirk, P., 2008. Catalogue of risks – Natural, Technical, Social and Health Risks. Germany: Springer
Donald, S., 2005. Integrated Research Designs (IRD): Journal of research, 33(5), pp. 42-60.
Donald, H., 2008.Corporate risk management. Columbia: Columbia University Press
Dorfman, M. S., 2007. Introduction to Risk Management and Insurance.9th ed. Englewood Cliffs, N.J: Prentice Hall
Easterby-Smith, M., Thorpe, R., and Lowe, A., 2002.Management Research: An Introduction. 2nd ed. UK: Sage
Ereaut, G., 2007.What is Qualitative Research?[online] Available at:http://www.qsrinternational.com/what-is-qualitative-research.aspx
[Accessed: 09 July 2012].
Flyvbjerg, B., 2006. From Nobel Prize to Project Management: Getting Risks Right. Project Management Journal, [e-journal] 37(3), Available at: http://flyvbjerg.plan.aau.dk/Publications2006/Nobel-PMJ2006.pdf [Accessed: 09 July 2012].
Gorrod, M., 2004.Risk Management Systems: Technology Trends; Finance and Capital Markets. Basingstoke: Palgrave Macmillan
Grace, F., and Robert. W., 2003. Risk-Based Capital and Solvency Screening in Property-Liability Insurance, Journal of Risk and Insurance,65(2),pp.213–243.
Graham, T., 2008. The Credit Crunch: Housing Bubbles, Globalization and the Worldwide Economic Crisis. London: Pluto Press.
Hallenbeck, H., 2006 . Quantitative risk assessment for environmental and occupational health. Chelsea, Mich.: Lewis Publishers.
Hillson, D., and Murray-Webster, R., 2007. Understanding and Managing Risk Attitude. Gower Publishing, Ltd.
Hillson D., 2007. Practical Project Risk Management: The Atom Methodology. Management Concepts.
Hinton, P., 2004.Business Statistics Explained; Routledge.pp.200 – 266.
Hoggarth, G., Jackson, P. and Nier, E., 2005. Banking Crises and the Design of Safety Nier. Journal of Banking & Finance, 29, pp. 143-159.
Hopkin, P., 2012. Fundamentals of Risk Management. 2nd ed. Kogan-Page.
Hubbard, D., 2009. The Failure of Risk Management: Why It’s Broken and How to Fix It. John Wiley & Sons. pp. 46.
Hutto, J., 2009. Risk Management in Law Enforcement, Applied Research Project. Texas State University.
James L., 2003. Enterprise Risk Management: From Incentives to Controls. John Wiley.
Jensen, M.C., 2009. Risk, the pricing of capital assets and the evaluation of investments portfolios” Journal of Business, pp, 62, 162-247.
John, B., 2004. Project risk analysis and management, New York: APM Publishing Limited.
Kabala, M., 2005.Modern Research Methods and Techniques. New York, USA: Lippincott Williams & Wilkins.
Keller et al., 2006. An iterative risk-management framework to articulate options: Climate change Working Group III: Mitigation of Climate Change
Kendrick, T., 2003. Identifying and Managing Project Risk: Essential Tools for Failure-Proofing Your Project. AMACOM/American Management Association
Kruger, D.J., Wang, X.T., and Wilke, A., 2007. Towards the development of an evolutionarily valid domain-specific risk-taking scale” Evolutionary Psychology
Lam, J., 2003. Enterprise Risk Management: From Incentives to Controls. Wiley
Lehner, M. and Schnitzer M., 2008. Entry of Foreign Banks and Their Impact on Host Countries.Journal of Comparative Economics,36(3), pp.430–452.
Lepetit, L., and Tarazi A., 2008. Bank Income Structure and Risk: An Empirical Analysis of European Banks. Journal of Banking and Finance,32,pp. 1452–1467.
Lerche, I., 2006. Environmental risk assessment: quantitative measures, anthropogenic influences, human impact. Berlin: Springer.
Lintner, J., 2005. The Valuation of Risk Assets and the Selection of Risky Investments in Stock Portfolios and Capital Budgets.Review of Economics and Statistics, 4, pp.13-37.
Marshall, C. and Rossman, G., 1980. Designing qualitative research. Sage Publications
Michael, F.,Hommel, U.,Dufey, G. and Rudolf, M., 2005.Risk Management: Challenge and Opportunity:Berlin: Springer, pp. 276.
Miles, M. B., and Huberman, M., 1994.Qualitative Data Analysis.2nd ed.Sage Publications
Moteff, J., 2005.Risk Management and Critical Infrastructure Protection: Assessing, Integrating, and Managing Threats, Vulnerabilities and Consequences. Washington DC: Congressional Research Service.
Neil, J., 2007. Qualitative vs. Quantitative Research: Key Points in a Classic Debate. Available at: http://wilderdom.com/research/QualitativeVersusQuantitativeResearch.html
[Accessed: 9 July 2012]
Nicholson, N.,Soane, E., Fenton-O’Creevy, M. and Willman, P. 2005.Personality and domain specific risk taking.Journal of Risk Research,8(2), pp.157–176.
Noor, K.B.M., 2008. Case Study: A strategic Research Methodology. Science Publications, American Journal of Applied Sciences, 5(11), pp. 1602-1604.
O’Leary, Z., 2004. The essential guide to doing research pp.23-26
Porteous, B. T., and Pradip T., 2005. Economic Capital and Financial Risk Management for Financial Services Firms and Conglomerates. Palgrave Macmillan.
Rendlemen, R., 1999. First Derivatives National Bank: A case problem in the management of interest rate risk, The Journal of Risk
Rescher, N., 1983.A Philosophical Introduction to the Theory of Risk Evaluation and Measurement. University Press of America
Robson, C., 2002.Real World Research pp. 54-57
Robert, M., 2009.Brinks Modern Internal Auditing: A Common Body of Knowledge. John Wiley&Sons Publication.
Roehrig, P., 2006.Bet On Governance To Manage Outsourcing Risk.Business Trends Quarterly
Saunders, M., Lewis, P., and Thornhill, A., 2007.Research Methods for Business Students
Saunders, A., 1999. Credit Risk Measurement: New Approaches to Value-at-Risk and Other Paradigms. New York: John Wiley & Son.
Shanks, G. 2003. Second-wave enterprise resource planning systems: implementing for effectiveness. Cambridge University Press.
Siems, T., 1996.Risk Management: Turning Volatility into Profitability; Derivatives Quartely
Stoneburner, G., Goguen, A., and Feringa, A., 2002. Risk Management Guide for Information Technology Systems. Gaithersburg, MD: National Institute of Standards and Technology.
Tapiero, C., 2004. Risk and Financial Management: Mathematical and Computational Methods. John Wiley & Son.
Tysiac, K., 2012. Internal Control, Revisited. Journal of Accountancy (American Institute of Certified Public Accountants. 213(3), pp.24-29
Van, D., Kenji Imai, D., and Mesler, M., 2004. Advanced Financial Risk Management: Tools and Techniques for Integrated Credit Risk and Interest Rate Risk Management; John Wiley
Valenzuela, D., and Shrivastava, P., 2009. Interview as a method of qualitative research
Wideman, R.M., 1992. Project and Program Risk Management; Newtown Square, PA: Project Management Institute
Wilson, A., 2004.Marketing Research an integrated approach
Wong, W. K., and Tang, H. Y., 2004. Support and Service Differentiation in Wireless Networks: International Journal of Communication Systems, 17(6), pp. 591 – 614.
Yildirim, H. andPhilippatos G., 2007. Efficiency of Banks: Recent Evidence from the Transition Economies of Europe, 1993-2000. European Journal of Finance31, pp.123–143.