外文翻译---商业银行的风险管理：一个分析的过程

银行风险管理流程中的四个步骤
银行风险管理流程中的四个步骤是风险识别、风险分析与评价、风险控制和风险决策。

具体如下：
1. 风险识别：这是风险管理的第一步，涉及到识别可能对银行造成意外损失或额外收益的风险因素。

风险识别包括感知风险和分析风险两个环节，通过系统化的方法发现商业银行所面临的风险种类和性质，并制作风险清单来深入理解和分析这些风险。

2. 风险分析与评价：在识别了潜在的风险因素之后，银行需要对这些风险进行分析和评价，预计风险因素发生的可能性和可能造成的影响。

这一步骤是全面风险管理、资本监管和经济资本配置得以有效实施的基础。

3. 风险控制：基于风险分析与评价的结果，银行将制定相应的风险控制措施，以减轻或避免风险的潜在影响。

这可能包括制定政策、程序和限额，以及确保内部控制系统的有效性。

4. 风险决策：最后一步是根据风险评估和控制措施的结果做出决策。

这可能涉及到是否承担某项风险、如何分配经济资本以及如何响应外部变化等战略选择。

综上所述，银行风险管理是一个动态的过程，需要不断地进行风险监测和调整风险管理策略，以适应市场和环境的变化。

通过有效的风险管理，银行可以保护自身免受不必要的损失，并确保其长期的稳
定和可持续发展。

外文文献翻译译文一、外文原文原文：Risk ManagementThis chapter reviews and discusses the basic issues and principles of risk management, including: risk acceptability (tolerability); risk reduction and the ALARP principle; cautionary and precautionary principles. And presents a case study showing the importance of these issues and principles in a practical management context. Before we take a closer look, let us briefly address some basic features of risk management.The purpose of risk management is to ensure that adequate measures are taken to protect people, the environment, and assets from possible harmful consequences of the activities being undertaken, as well as to balance different concerns, in particular risks and costs. Risk management includes measures both to avoid the hazards and to reduce their potential harm. Traditionally, in industries such as nuclear, oil, and gas, risk management was based on a prescriptive regulating regime, in which detailed requirements were set with regard to the design and operation of the arrangements. This regime has gradually been replaced by a more goal-oriented regime, putting emphasis on what to achieve rather than on the means of achieving it.Risk management is an integral aspect of a goal-oriented regime. It is acknowledged that risk cannot be eliminated but must be managed. There is nowadays an enormous drive and enthusiasm in various industries and in society as a whole to implement risk management in organizations. There are high expectations that risk management is the proper framework through which to achieve high levels of performance.Risk management involves achieving an appropriate balance between realizing opportunities for gain and minimizing losses. It is an integral part of good management practice and an essential element of good corporate governance. It is aniterative process consisting of steps that, when undertaken in sequence, can lead to a continuous improvement in decision-making and facilitate a continuous improvement in performance.To support decision-making regarding design and operation, risk analyses are carried out. They include the identification of hazards and threats, cause analyses, consequence analyses, and risk descriptions. The results are then evaluated. The totality of the analyses and the evaluations are referred to as risk assessments. Risk assessment is followed by risk treatment, which is a process involving the development and implementation of measures to modify the risk, including measures designed to avoid, reduce (“optimize”), transfe r, or retain the risk. Risk transfer means sharing with another party the benefit or loss associated with a risk. It is typically affected through insurance. Risk management covers all coordinated activities in the direction and control of an organization with regard to risk.In many enterprises, the risk management tasks are divided into three main categories: strategic risk, financial risk, and operational risk. Strategic risk includes aspects and factors that are important for the enterprise’s long-term strategy and plans, for example mergers and acquisitions, technology, competition, political conditions, legislation and regulations, and labor market. Financial risk includes the enterprise’s financial situation, and includes: Market risk, associated with the costs of goods and services, foreign exchange rates and securities (shares, bonds, etc.). Credit risk, associated with a debtor’s failure to meet its obligations in accordance with agreed terms. Liquidity risk, reflecting lack of access to cash; the difficulty of selling an asset in a timely manner. Operational risk is related to conditions affecting the normal operating situation: Accidental events, including failures and defects, quality deviations, natural disasters. Intended acts; sabotage, disgruntled employees, etc. Loss of competence, key personnel. Legal circumstances, associated for instance, with defective contracts and liability insurance.For an enterprise to become successful in its implementation of risk management, top management needs to be involved, and activities must be put into effect on many levels. Some important points to ensure success are: the establishment of a strategyfor risk management, i.e., the principles of how the enterprise defines and implements risk management. Should one simply follow the regulatory requirements (minimal requirements), or should one be the “best in the class”? The establishment of a risk management process for the enterprise, i.e. formal processes and routines that the enterprise is to follow. The establishment of management structures, with roles and responsibilities, such that the risk analysis process becomes integrated into the organization. The implementation of analyses and support systems, such as risk analysis tools, recording systems for occurrences of various types of events, etc. The communication, training, and development of a risk management culture, so that the competence, understanding, and motivation level within the organization is enhanced. Given the above fundamentals of risk management, the next step is to develop principles and a methodology that can be used in practical decision-making. This is not, however, straightforward. There are a number of challenges and here we address some of these: establishing an informative risk picture for the various decision alternatives, using this risk picture in a decision-making context. Establishing an informative risk picture means identifying appropriate risk indices and assessments of uncertainties. Using the risk picture in a decision making context means the definition and application of risk acceptance criteria, cost benefit analyses and the ALARP principle, which states that risk should be reduced to a level which is as low as is reasonably practicable.It is common to define and describe risks in terms of probabilities and expected values. This has, however, been challenged, since the probabilities and expected values can camouflage uncertainties; the assigned probabilities are conditional on a number of assumptions and suppositions, and they depend on the background knowledge. Uncertainties are often hidden in this background knowledge, and restricting attention to the assigned probabilities can camouflage factors that could produce surprising outcomes. By jumping directly into probabilities, important uncertainty aspects are easily truncated, and potential surprises may be left unconsidered.Let us, as an example, consider the risks, seen through the eyes of a risk analystin the 1970s, associated with future health problems for divers working on offshore petroleum projects. The analyst assigns a value to the probability that a diver would experience health problems (properly defined) during the coming 30 years due to the diving activities. Let us assume that a value of 1 % was assigned, a number based on the knowledge available at that time. There are no strong indications that the divers will experience health problems, but we know today that these probabilities led to poor predictions. Many divers have experienced severe health problems (Avon and Vine, 2007). By restricting risk to the probability assignments alone, important aspects of uncertainty and risk are hidden. There is a lack of understanding about the underlying phenomena, but the probability assignments alone are not able to fully describe this status.Several risk perspectives and definitions have been proposed in line with this realization. For example, Avon (2007a, 2008a) defines risk as the two-dimensional combination of events/consequences and associated uncertainties (will the events occur, what the consequences will be). A closely related perspective is suggested by Avon and Renan (2008a), who define risk associated with an activity as uncertainty about and severity of the consequences of the activity, where severity refers to intensity, size, extension, scope and other potential measures of magnitude with respect to something that humans value (lives, the environment, money, etc.). Losses and gains, expressed for example in monetary terms or as the number of fatalities, are ways of defining the severity of the consequences. See also Avon and Christensen (2005).In the case of large uncertainties, risk assessments can support decision-making, but other principles, measures, and instruments are also required, such as the cautionary/precautionary principles as well as robustness and resilience strategies. An informative decision basis is needed, but it should be far more nuanced than can be obtained by a probabilistic analysis alone. This has been stressed by many researchers, e.g. Apostolicism (1990) and Apostolicism and Lemon (2005): qualitative risk analysis (QRA) results are never the sole basis for decision-making. Safety- and security-related decision-making is risk-informed, not risk-based. This conclusion isnot, however, justified merely by referring to the need for addressing uncertainties beyond probabilities and expected values. The main issue here is the fact that risks need to be balanced with other concerns.When various solutions and measures are to be compared and a decision is to be made, the analysis and assessments that have been conducted provide a basis for such a decision. In many cases, established design principles and standards provide clear guidance. Compliance with such principles and standards must be among the first reference points when assessing risks. It is common thinking that risk management processes, and especially ALARP processes, require formal guidelines or criteria (e.g., risk acceptance criteria and cost-effectiveness indices) to simplify the decision-making. Care must; however, be shown when using this type of formal decision-making criteria, as they easily result in a mechanization of the decision-making process. Such mechanization is unfortunate because: Decision-making criteria based on risk-related numbers alone (probabilities and expected values) do not capture all the aspects of risk, costs, and benefits, no method has a precision that justifies a mechanical decision based on whether the result is over or below a numerical criterion. It is a managerial responsibility to make decisions under uncertainty, and management should be aware of the relevant risks and uncertainties.Apostolicism and Lemon (2005) adopt a pragmatic approach to risk analysis and risk management, acknowledging the difficulties of determining the probabilities of an attack. Ideally, they would like to implement a risk-informed procedure, based on expected values. However, since such an approach would require the use of probabilities that have not been “rigorously derived”, they see themselves forced to resort to a more pragmatic approach.This is one possible approach when facing problems of large uncertainties. The risk analyses simply do not provide a sufficiently solid basis for the decision-making process. We argue along the same lines. There is a need for a management review and judgment process. It is necessary to see beyond the computed risk picture in the form of the probabilities and expected values. Traditional quantitative risk analyses fail inthis respect. We acknowledge the need for analyzing risk, but question the value added by performing traditional quantitative risk analyses in the case of large uncertainties. The arbitrariness in the numbers produced can be significant, due to the uncertainties in the estimates or as a result of the uncertainty assessments being strongly dependent on the analysts.It should be acknowledged that risk cannot be accurately expressed using probabilities and expected values. A quantitative risk analysis is in many cases better replaced by a more qualitative approach, as shown in the examples above; an approach which may be referred to as a semi-quantitative approach. Quantifying risk using risk indices such as the expected number of fatalities gives an impression that risk can be expressed in a very precise way. However, in most cases, the arbitrariness is large. In a semi-quantitative approach this is acknowledged by providing a more nuanced risk picture, which includes factors that can cause “surprises” relative to the probabilities and the expected values. Quantification often requires strong simplifications and assumptions and, as a result, important factors could be ignored or given too little (or too much) weight. In a qualitative or semi-quantitative analysis, a more comprehensive risk picture can be established, taking into account underlying factors influencing risk. In contrast to the prevailing use of quantitative risk analyses, the precision level of the risk description is in line with the accuracy of the risk analysis tools. In addition, risk quantification is very resource demanding. One needs to ask whether the resources are used in the best way. We conclude that in many cases more is gained by opening up the way to a broader, more qualitative approach, which allows for considerations beyond the probabilities and expected values.The traditional quantitative risk assessments as seen for example in the nuclear and the oil & gas industries provide a rather narrow risk picture, through calculated probabilities and expected values, and we conclude that this approach should be used with care for problems with large uncertainties. Alternative approaches highlighting the qualitative aspects are more appropriate in such cases. A broad risk description is required. This is also the case in the normative ambiguity situations, as the risk characterizations provide a basis for the risk evaluation processes. The main concernis the value judgments, but they should be supported by solid scientific assessments, showing a broad risk picture. If one tries to demonstrate that it is rational to accept risk, on a scientific basis, too narrow an approach to risk has been adopted. Recognizing uncertainty as a main component of risk is essential to successfully implement risk management, for cases of large uncertainties and normative ambiguity.A risk description should cover computed probabilities and expected values, as well as: Sensitivities showing how the risk indices depend on the background knowledge (assumptions and suppositions); Uncertainty assessments; Description of the background knowledge, including models and data used.The uncertainty assessments should not be restricted to standard probabilistic analysis, as this analysis could hide important uncertainty factors. The search for quantitative, explicit approaches for expressing the uncertainties, even beyond the subjective probabilities, may seem to be a possible way forward. However, such an approach is not recommended. Trying to be precise and to accurately express what is extremely uncertain does not make sense. Instead we recommend a more open qualitative approach to reveal such uncertainties. Some might consider this to be less attractive from a methodological and scientific point of view. Perhaps it is, but it would be more suited for solving the problem at hand, which is about the analysis and management of risk and uncertainties.Source: Terje Aven. 2010. “Risk Management”. Risk in Technological Systems, Oct, p175-198.二、翻译文章译文：风险管理本章回顾和讨论风险管理的基本问题和原则，包括：风险可接受性（耐受性）、风险削减和安全风险管理原则、警示和预防原则，并提出了一个研究案例，说明在实际管理环境中这些问题和原则的重要性。

中英文对照外文翻译文献(文档含英文原文和中文翻译)估计技术和规模的希腊商业银行效率：信用风险、资产负债表的活动和国际业务的影响11.介绍希腊银行业经历了近几年重大的结构调整。

重要的结构性、政策和环境的变化经常强调的学者和从业人员有欧盟单一市场的建立，欧元的介绍，国际化的竞争、利率自由化、放松管制和最近的兼并和收购浪潮。

希腊的银行业也经历了相当大的改善，通信和计算技术，因为银行有扩张和现代化其分销网络，其中除了传统的分支机构和自动取款机，现在包括网上银行等替代分销渠道。

作为希腊银行（2004 年）的年度报告的重点，希腊银行亦在升级其信用风险测量与管理系统，通过引入信用评分和概率默认模型近年来采取的主要步骤。

此外，他们扩展他们的产品/服务组合，包括保险、经纪业务和资产管理等活动，同时也增加了他们的资产负债表操作和非利息收入。

最后，专注于巴尔干地区（如阿尔巴尼亚、保加利亚、前南斯拉夫马其顿共和国、罗马尼亚、塞尔维亚）的更广泛市场的全球化增加的趋势已添加到希腊银行在塞浦路斯和美国以前有限的国际活动。

在国外经营的子公司的业绩预计将有父的银行，从而对未来的决定为进一步国际化的尝试对性能的影响。

本研究的目的是要运用数据包络分析（DEA）和重新效率的希腊银行部门，同时考虑到几个以上讨论的问题进行调查。

我们因此区分我们的论文从以前的希腊银行产业重点并在几个方面，下面讨论添加的见解。

首先，我们第一次对效率的希腊银行的信用风险的影响通过检查其中包括贷款损失准备金作为附加输入Charnes et al.(1990 年)、德雷克（2001 年）、德雷克和大厅(2003 年)，和德雷克等人（2006 年）。

作为美斯特(1996) 点出"除非质量和风险控制的一个人也许会很容易误判一家银行的水平的低效；例如精打细算的银行信用评价或生产过高风险的贷款可能会被贴上标签一样高效，当相比银行花资源，以确保它们的贷款有较高的质量"(p.1026)。

“RISK MANAGEMENT IN COMMERCIAL BANKS”(A CASE STUDY OF PUBLIC AND PRIVATE SECTOR BANKS) - ABSTRACT ONLY1. PREAMBLE:1.1 Risk Management:The future of banking will undoubtedly rest on risk management dynamics. Only those banks thathave efficient risk management system will survive in the market in the long run. The effective management of credit risk is a critical component of comprehensive risk management essential for long-term success of a banking institution. Credit risk is the oldest and biggest risk that bank, by virtueof its very nature of business, inherits. This has however, acquired a greater significance in the recentpast for various reasons. Foremost among them is the wind of economic liberalization that is blowing across the globe. India is no exception to this swing towards market driven economy. Competition from within and outside the country has intensified. This has resulted in multiplicity of risks both in numberand volume resulting in volatile markets. A precursor to successful management of credit risk is a clear understanding about risks involved in lending, quantifications of risks within each item of the portfolioand reaching a conclusion as to the likely composite credit risk profile of a bank.The corner stone of credit risk management is the establishment of a framework that defines corporate priorities, loan approval process, credit risk rating system, risk-adjusted pricing system, loan-review mechanism and comprehensive reporting system.1.2 Significance of the study:The fundamental business of lending has brought trouble to individual banks and entire banking system. It is, therefore, imperative that the banks are adequate systems for credit assessment of individual projects and evaluating risk associated therewith as well as the industry as a whole. Generally, Banks in India evaluate a proposal through the traditional tools of project financing, computing maximum permissible limits, assessing management capabilities and prescribing a ceilingfor an industry exposure. As banks move in to a new high powered world of financial operations and trading, with new risks, the need is felt for more sophisticated and versatile instruments for risk assessment, monitoring and controlling risk exposures. It is, therefore, time that banks managements equip themselves fully to grapple with the demands of creating tools and systems capable of assessing, monitoring and controlling risk exposures in a more scientific manner.Credit Risk, that is, default by the borrower to repay lent money, remains the most important riskto manage till date. The predominance of credit risk is even reflected in the composition of economic capital, which banks are required to keep a side for protection against various risks. According to one estimate, Credit Risk takes about 70% and 30%remaining is shared between the other two primary risks, namely Market risk (change in the market price and operational risk i.e., failure of internal controls, etc.). Quality borrowers (Tier-I borrowers) were able to access the capital market directly without going through the debt route. Hence, the credit route is now more open to lesser mortals (Tier-II borrowers).With margin levels going down, banks are unable to absorb the level of loan losses. There has been very little effort to develop a method where risks could be identified and measured. Most of the banks have developed internal rating systems for their borrowers, but there hasbeen verylittle study to compare such ratings with the final asset classification and also to fine-tune the rating system. Also risks peculiar to each industry are not identified and evaluated openly. Data collection is regular driven. Data on industry-wise, region-wise lending, industry-wise rehabilitated loan, can provide an insight into the future course to be adopted.Better and effective strategic credit risk management process is a better way to Manage portfolio credit risk. The process provides a framework to ensure consistency between strategy and implementation that reduces potential volatility in earnings and maximize shareholders wealth. Beyondand over riding the specifics of risk modeling issues, the challenge is moving towards improved creditrisk management lies in addressing banks’readiness and openness to accept change to a more transparent system, to rapidly metamorphosing markets, to more effective and efficient ways of operating and to meet market requirements and increased answerability to stake holders.There is a need for Strategic approach to Credit Risk Management (CRM) in Indian Commercial Banks, particularly in view of;(1) Higher NPAs level in comparison with global benchmark(2) RBI’ s stipulation about dividend distribution by the banks(3) Revised NPAs level and CAR norms(4) New Basel Capital Accord (Basel –II) revolutionAccording to the study conducted by ICRA Limited, the gross NPAs as a proportion of total advances for Indian Banks was 9.40 percent for financial year 2003 and 10.60 percent for financial year 20021. The value of the gross NPAs as ratio for financial year 2003 for the global benchmark banks was as low as 2.26 percent. Net NPAs as a proportion of net advances of Indian banks was 4.33 percent for financial year 2003 and 5.39 percent for financial year 2002. As against this, the value ofnet NPAs ratio for financial year 2003 for the global benchmark banks was 0.37 percent. Further, it was found that, the total advances of the banking sector to the commercial and agricultural sectors stood at Rs.8,00,000 crore. Of this, Rs.75,000 crore, or 9.40 percent of the total advances is bad and doubtful debt. The size of the NPAs portfolio in the Indian banking industry is close to Rs.1,00,000crore which is around 6 percent of India’ s GDP2.The RBI has recently announced that the banks should not pay dividends at more than 33.33 percent of their net profit. It has further provided that the banks having NPA levels less than 3 percentand having Capital Adequacy Reserve Ratio (CARR) of more than 11 percent for the last two years will only be eligible to declare dividends without the permission from RBI3. This step is for strengthening the balance sheet of all the banks in the country. The banks should provide sufficient provisions from their profits so as to bring down the net NPAs level to 3 percent of their advances.NPAs are the primary indicators of credit risk. Capital Adequacy Ratio (CAR) is another measureof credit risk. CAR is supposed to act as a buffer against credit loss, which isset at 9 percent under theRBI stipulation4. With a view to moving towards International best practices and to ensure greaterdue’ norm for identification of NPAs transparency, it has been decided to adopt the ’ 90 days’‘ overfrom the year ending March 31, 2004.The New Basel Capital Accord is scheduled to be implemented by the end of 2006. All the banking supervisors may have to join the Accord. Even the domestic banks in addition to internationally active banks may have to conform to the Accord principles in the coming decades. The RBI as the regulatorof the Indian banking industry has shown keen interest in strengthening the system, and the individual banks have responded in good measure in orienting themselves towards global best practices.1.3 Credit Risk Management(CRM) dynamics:The world over, credit risk has proved to be the most critical of all risks faced by a banking institution. A study of bank failures in New England found that, of the 62 banks in existence before 1984, which failed from 1989 to 1992, in 58 cases it was observed that loans and advances were notbeing repaid in time 5 . This signifies the role of credit risk management and therefore it forms the basisof present research analysis.Researchers and risk management practitioners have constantly tried to improve on current techniques and in recent years, enormous strides have been made in the art and science of credit risk measurement and management6. Much of the progress in this field has resulted form the limitations of traditional approaches to credit risk management and with the current Bank for International (BIS) regulatory model. Even in banks which regularly fine-tune credit policies and Settlement’　streamline credit processes, it is a real challenge for credit risk managers to correctly identify pocketsof risk concentration, quantify extent of risk carried, identify opportunities for diversification and balance the risk-return trade-off in their credit portfolio.The two distinct dimensions of credit risk management can readily be identified as preventive measures and curative measures. Preventive measures include risk assessment, risk measurement andrisk pricing, early warning system to pick early signals of future defaults and better credit portfolio diversification. The curative measures, on the other hand, aim at minimizing post-sanction loan losses through such steps as securitization, derivative trading, risk sharing, legal enforcement etc. It is widely believed that an ounce of prevention is worth a pound of cure. Therefore, the focus of the study is on preventive measures in tune with the norms prescribed by New Basel Capital Accord.The study also intends to throw some light on the two most significant developments impacting the fundamentals of credit risk management practices of banking industry – New Basel Capital Accord and Risk Based Supervision. Apart from highlighting the salient features of credit risk management prescriptions under New Basel Accord, attempts are made to codify the response of Indian banking professionals to various proposals under the accord. Similarly, RBI proposed Risk Based Supervision (RBS) is examined to capture its direction and implementation problems。

商业银行信用卡风险管理外文文献翻译最新译文This article discusses the importance of credit risk management for commercial banks。

Credit risk is a major concern for banks as it can lead to XXX methods used by banks to manage credit risk。

including credit scoring。

credit limits。

and loanXXX to credit risk management。

The article XXX of credit risk to ensure the long-term XXXCredit risk management is a XXX to manage credit risk XXX。

it is essential for banks to adopt us methods to manage credit risk。

These methods include credit scoring。

credit limits。

and loanXXX are used to limit the amount of credit XXXXXX credit risk management。

The credit risk management department should work XXX departments。

such as lending and complianceXXX。

XXX that they are aware of the latest developments in credit risk management。

XXX of credit risk are critical for the long-term XXX that they are effective and up-to-date。

商业银行风险管理流程一、引言商业银行作为金融体系的重要组成部分，面临着多种风险。

为了确保银行的稳健运营和资金安全，商业银行需要建立一套科学的风险管理流程。

本文将从风险管理的定义和意义、商业银行风险管理的目标、主要流程和方法以及风险管理的挑战等方面进行探讨。

二、风险管理的定义和意义2.1 风险管理的定义风险管理是对潜在风险进行识别、评估、监测和控制的过程。

它旨在帮助组织有效应对风险，最大程度地保护组织的利益和财务安全。

2.2 风险管理的意义风险管理在商业银行中具有重要的意义。

首先，它可以帮助银行降低潜在的损失，保护银行的资金和利益。

其次，风险管理可以提升银行的信誉和声誉，增强投资者和客户的信心。

最后，风险管理可以帮助银行遵守法律法规，规避潜在的法律风险和罚款。

三、商业银行风险管理的目标商业银行风险管理的目标是确保银行在经营过程中的风险控制在可接受范围内，保障银行的资本安全和持续盈利能力。

具体而言，商业银行风险管理的目标包括以下几个方面：3.1 风险防范和控制商业银行需要通过制定和执行风险管理政策与措施，对风险进行防范和控制，确保风险水平在可控范围内。

3.2 资本充足银行需要保持足够的资本金以抵御可能的损失，确保银行在面临风险时有足够的资金支持。

3.3 合规经营商业银行需要严格遵守国家法律法规和监管政策，确保合规经营，规避潜在的法律风险和罚款。

3.4 提高效益商业银行风险管理的目标还包括提高效益，通过科学的风险管理，实现风险和回报的平衡，最大程度地实现银行的盈利能力。

四、商业银行风险管理的主要流程和方法商业银行风险管理的主要流程包括风险识别、风险评估、风险监测和风险控制。

下面我们将详细介绍每一个环节的具体方法：4.1 风险识别风险识别是商业银行风险管理的第一步。

银行需要对可能存在的风险进行全面的识别和分析。

常用的风险识别方法包括风险审查、风险调查和风险预警等。

4.2 风险评估风险评估是商业银行风险管理的核心环节。

中英文对照外文翻译文献(文档含英文原文和中文翻译)原文：Project Risk AnalysisChapter 1 Introduction1.1 About this compendiumThis course compendium is to be used in the course “Risikostyring is projector”. The focus will be on the following topics:• R isk identification• Risk structuring• Risk modeling in the light of a time schedule and a cost model• Risk follows upWe will also discuss elements related to decision analysis where risk is involved, and use of life cycle cost and life cycle profit models. The course compendium comprises a large number of exercises, and it is recommended to do most of the exercises in order to get a good understanding of the topics and methods described. A separate MS Excel program, pRisk.xls has been developed in order to assist numerical calculations and to conduct Monte Carlo simulation.1.2 DefinitionsAleatory uncertaintyVariation of quantities in a population. We sometimes use the word variability rather than aleatory uncertainty.Epistemic uncertaintyLack of knowledge about the “world”, and observable quantities in particular. DependencyThe relation between the sequences of the activities in a project.Observable quantityA quantity expressing a state of the “world”, i.e. a quantity of the p hysical reality or nature, that is unknown at the time of the analysis but will, if the system being analyzed is actually implemented, take some value in the future, and possibly become known. ParameterWe use the term parameter in two ways in this report. The main use of a parameter is that it is a quantity that is a part of the risk analysis models, and for which we assign numerical values. The more academic definition of a parameter used in a probabilitystatement about an observable quantity, X, is that a parameter is a construct where the value of the parameter is the limiting value where we are not able to saturate our understanding about the observable quantity X whatsoever new information we could get hold of. Parameter estimateThe numeric value we assess to a parameter.ProbabilityA measure of uncertainty of an event.RiskRisk is defined as the answer to the three questions [14]: i) what can go wrong? ii) How likely is it? And if it goes wrong, iii) what are the consequences? To describe the risk is a scenarioRisk acceptanceA decision to accept a risk.Risk acceptance criterionA reference by which risk is assessed to be acceptable or unacceptable.ScheduleA plan which specifies the start and finalization point of times for the activities in a project.Stochastic dependencyTwo or more stochastic variables are (stochastically) dependent if the expectation of one stochastic variable depends on the value of one or more of the other stochastic variables. Stochastic variableA stochastic variable, or random quantity, is a quantity for which we do not know the value it will take. However, we could state statistical properties of the variable or make probability statement about the value of the quantity.1.3 DEFINITIONSUncertaintyLack of knowledge about the performance of a system, and observable quantities in particular.Chapter 2Risk ManagementGenerally, risk management is defined (IEC 60300-3-9) as a “systematic application ofmanagement policies, procedures and practices to the tasks of analyzing, evaluating and controlling risk”. It will comprise (IEC definitions in parentheses):• Risk assessment, i.e.–Risk analysis (“Systematic use of available information to identify hazards and to estimate the r isk to individuals or populations, property or the environment”)–Risk evaluation (“Process in which judgments are made on the tolerability of the risk on the basis of risk analysis and taking into account factors such as socio-economic and environmental aspects”)• Risk reduction/control (Decision making, implementation and risk monitoring).There exists no common definition of risk, but for instance IEC 60300-3-9 defines risk as a “combination of the frequency, or probability, of occurrence and the consequence of a specified hazardous events”. Most definitions comprise the elements of probabilities and consequences. However, some as Klinke and Renn suggest a very wide definition, stating: “Risk refers to the possibility that human actions or events lead to consequences that affect aspects of what humans value”. So the total risk comprises the possibility of number (“all”)unwanted/hazardous events. It is part of the risk analysis to delimit which hazards to include. Further, risk usually refers to threats in the future, involving a (high) degree of uncertainty. In the following we will present the basic elements of risk management as it is proposed to be an integral part of project management.2.1 Project objectives and criteriaIn classical risk analysis of industrial systems the use of so-called risk acceptance criteria has played a central role in the last two or tree decades. Basically use of risk acceptance criteria means that some severe consequences are defined, e.g. accident with fatalities. Then we try to set an upper limit for the probability of these consequences that could be accepted, i.e. we could not accept higher probabilities in any situations. Further these probabilities could only be accepted if risk reduction is not possible, or the cost of risk reduction is very high.In recent years it has been a discussion in the risk analysis society whether it is fruitful or not to use risk acceptance criteria according to the principles above. It is argued that very often risk acceptance criteria are set arbitrary, and these do not necessarily support the overall best solutions. Therefore, it could be more fruitful to use some kind of risk evaluation criteria, rather than strict acceptance criteria. In project risk management we could establish acceptance criteria related to two types of events:• Events with severe consequences related to health, environment and safety.• Events with severe consequences related to project costs, project quality, project duration, oreven termination of the project. In this course we will have main focus on the project costs and the duration of the project. Note that both project cost and project duration are stochastic variables and not events. Thus it is not possible to establish acceptance criteria to project cost or duration directly. Basically, there are three types of numeric values we could introducein relation to such stochastic variables describing the project:1. Target. The target expresses our ambitions in the project. The target shall be something we are striving at, and it should be possible to reach the target. It is possible to introduce (internal) bonuses, or other rewards in order to reach the targets in a project.2. Expectation. The expectations are the value the stochastic variables will achieve in the long run, or our expectation about the outcome. The expectation is less ambitious than the target. The expectation will in a realistic way account for hazards, and threats and conditions which often contribute to the fact that the targets are not met.3. Commitment. The commitments are values related to the stochastic variables which are regulated in agreements and contracts. For example it could be stated in the contract that a new bridge shall be completed within a given date. If we are not able to fulfill the commitments, this will usually result in economical consequences, for example penalties for defaults, or in the worst case canceling of the contract.2.2 Risk identificationA scenario is a description of a imagined sequence or chain of events, e.g. we have a water leakage, and we are not able to stop this leakage with ordinary tightening medium due to the possible environmental aspects which is not clarified at the moment. Further the green movement is also likely to enter the scene in this case. A hazard is typically related to energies, poisonous media etc, and if they are released this will result in an accident or a severe event. A threat is a wider term than hazard, and we include also aspects as “wrong” method applied, “lack of competence and experience”. The term threat is also very often used in connection with security problems, e.g. sabotage, terrorism, and vandalism.2.3 Structuring and modeling of riskIn Section 2.2 we have identified methods to identify events and threats. We now want to relate these events and threats to the explicit models we have for project costs and project duration.2.3.1 Model for project execution time/schedule modelingWhen analyzing the execution time for a project we will have a project plan and typicallya Gantt diagram as a starting point. The Gantt diagram is transformed into a so-called flow network where the connections between the activities are explicitly described. Such a flow network also comprises description of duration of the activities in terms of probability statements. The duration of each activity is stochasticVariables, which we denote Ti for activity in a flow network we might also have uncertain activities which will be carried out only under special conditions. These conditions could be described in terms of events, and we need to describe the probability of occurrence of such events. Thus, there is a set of quantities, i.e. time variables and events in the model. The objective is now to link the undesired events and threats discussed in Section 2.2 to these time variables and events. Time variables are described by a probability distribution function. Such a distribution function comprises parameters that characterize the time variable. Often a parametric probability distribution is described by the three quantities L (low), M (most likely) and H high. If an undesired event occur, it is likely that the values of L, M and H will be higher than in case this event does not occur. A way to include the result from the risk identification process is then to express the different values of L, M and H depending on whether the critical event occurs or not. If we in addition are able to assess the probability of occurrence of the critical event, the knowledge about this critical event has been completely included into the risk model. Based on such an explicit modeling of the critical event, we could also easily update the model in case of new information about the critical event is obtained, for example new information could be available at a later stage in the process and changes of the plan could still be possible in light of the new information.2.3.2 Cost modelingThe cost model is usually based on the cost breakdown structure, and the cost elements will again be functions of labor cost, overtime cost, purchase price, hour cost of renting equipment, material cost, amount of material etc. The probabilistic modeling of cost is usually easier than for modeling project execution time. The principle is just to add a lot of cost terms, where each cost term is the product of the unit price and the number of units. We introduce price and volume as stochastic variables to describe the unit price and the number of units. The price and volume variables should also be linked to the undesired events and threats we have identified in Section 2.2. Often it is necessary to link the cost model to the schedule model. For example in case of delays it might be necessary to put more effort into the project to catch up with the problems, and these efforts could be very costly. Also, if the project is delayed we may need to pay extra cost to sub-contractors that have to postpone their support into the project.2.3.3 Uncertainty in schedule and cost modelingAs indicated above we will establish probabilistic models to describe the duration and cost of a project. The result of such a probabilistic modeling is that we treat the duration and cost as stochastic variables. Since duration and costs are stochastic variables, this means that there is uncertainty regarding the values they will take in the real project we are evaluating. Sometimes we split this uncertainty into three different categories, i) Aleatory uncertainty (variability due to e.g. weather conditions, labor conflicts, breakdown of machines etc.), ii) para meter or epistemic uncertainty due to lack of knowledge about “true” parameter values, and iii) model uncertainty due to lack of detailed, or wrong modeling. Under such thinking, the aleatory uncertainty could not be reduced; it is believed to be the result of the variability in the world which we cannot control. Uncertainty in the parameters is, however, believed to be reducible by collecting more information. Also uncertainty in the models is believed to be reducible by more detailed modeling, and decomposition of the various elements that go into the model. It is appealing to have a mental model where the uncertainty could be split into one part which we might not reduce (variability), and one part which we might reduce by thorough analysis and more investigation (increased knowledge). If we are able to demonstrate that the part of the uncertainty related to lack of knowledge and understanding has been reduced to a sufficient degree, we could then claim high confidence in the analysis. In some situation the owner or the authorities put forward requirements. Which could be interpreted as confidence regarding the quality of the analysis? It is though not always clear what is meant by such a confidence level. As an example, let E(C) be the expected cost of ap roject. A confidence statement could now be formulated as “The probability that the actual project cost is within an interval E(C) ± 10% should at least be 70%”. It is, however, not straight forward to document such a confidence level in a real analysis. T he “Successive process (trinnvisprosessen)” [4] is an attempt to demonstrate how to reduce the “uncertainty” in the result to a certain level of confidence.We also mention that Even [12] has recently questioned such an approach where there exist model uncertainty and parameter uncertainty, and emphasizes that we in the analysis should focus on the observable quantities which will become evident for us if the project is executed, e.g. the costs, and that uncertainty in these quantities represent the lack of knowledge about which values they will take in the future. This discussion is not pursuit any more in this presentation.2.4 Risk elements for follow up: Risk and opportunity registerAs risk elements and threats are identified in Section 2.2 these have to be controlled as far as possible. It is not sufficient to identify these conditions and model them in the schedule and cost models, we also have to mitigate the risk elements and threats. In order to ensure a systematic follow up of risk elements and threats it is recommended to establish a so-called threat log. The terms ‟Risk Register…and ‟Risk & Opportunity Register…(R&OR) is sometimes used rather than the term ‟threat log.… A R&OR is best managed by a database solution, for example an MS-Access Database. Each row in the database represents one risk element or threat. The fields in such a database could vary, but the following fields seems reasonable: • ID. An identifier is required in order to keep track of the threat in relation to the quantitative risk models, to follow up actions ET.• Description. A description of the threat is necessary in order to understand the content of the problem. It could be necessary to state the immediate consequences (e.g. occupational accident), but also consequences in terms of the main objectives of the project, e.g. time and costs.• Likelihood or probability. A judgment regarding how probable it is that the threat or the risk condition will be released in terms of e.g. undesired or critical events.• Impact. If possible, give a direct impact on cost and schedule if the event occurs, either by an expected impact, or by L, M and H values.• References to cost and schedule. In order to update the schedule and cost models it is convenient to give an explicit reference from the R&OR into the schedule and cost models. • Manageability. Here it is descried how the threat could be influenced, either by implementing measures to eliminate the threat prior to it reveals it self, or measures in orderto reduce the consequences in case of the threat will materialize.• Alert information. It is important to be aware of information that could indicate the development of the threat before it eventually will materialize. If such information is available we could implement relevant measures if necessary. For example it could be possible to take ground samples at a certain cost, but utilizing the information from such samples could enable us to choose appropriate methods for tunnel penetration.• Measures. List of measures that could be implemented to reduce the risk.• Deadline and responsible. Identification of who is responsible for implementing and follow up of the measure or threat, and any deadlines.• Status. Both with respect to the threat and any measure it is valuable to specify the development, i.e. did the treat reveal it self into undesired events with unwanted consequences, did the measure play any positive effect etc.2.5 Correction and controlAs the project develops the R&OR is the primary control tool for risk follow up. By following the status of the various threats, risk elements and measures we could monitor the risk in the project. This information should of course be linked to the time and cost plans. If a given threat does not reveal in terms of undesired events, the time and cost estimates could be lowered and this gain could be utilized in other part of the project, or in other projects. In the opposite situation it is necessary to increase the time and cost estimates, and we need to consider new measures, and maybe spend some of the reserves to catch up in case of an expected delay. During the life cycle of a project it will occur new threats and risk elements which we did not foresee in the initial risk identification process. Such threats must continuously be entered into the R&OR, and measures need to be considered.一、介绍（一）关于本纲要本课程纲要过程中研究的是“风险也是一种项目”。

商业银行风险管理流程步骤风险管理是商业银行管理的另一项重要工作，所以我们应该要重视商业银行的风险管理。

下面为您精心推荐了商业银行风险管理流程，希望对您有所帮助。

1.风险识别适时、准确地识别风险是风险管理的最基本要求。

风险识别包括感知风险和分析风险两个环节：感知风险是通过系统化的方法发现商业银行所面临的风险种类、性质;分析风险是深入理解各种风险内在的风险因素。

制作风险清单是商业银行识别风险的最基本、最常用的方法。

它是指采用类似于备忘录的形式，将商业银行所面临的风险逐一列举，并联系经营活动对这些风险进行深入理解和分析。

此外，常用的风险识别方法还有：①专家调查列举法②资产财务状况分析法③情景分析法④分解分析法⑤失误树分析方法2.风险计量风险计量/量化是全面风险管理、资本监管和经济资本配置得以有效实施的基础。

准确的风险计量结果是建立在卓越的风险模型基础上的，而开发一系列准确的、能够在未来一定时间限度内满足商业银行风险管理需要的数量模型，任务相当艰巨。

商业银行应当根据不同的业务性质、规模和复杂程度，对不同类别的风险选择适当的计量方法，基于合理的假设前提和参数，计量承担的所有风险。

3.风险监测①监测各种可量化的关键风险指标以及不可量化的风险因素的变化和发展趋势。

②报告商业银行所有风险的定性/定量评估结果，并随时关注所采取的风险管理/控制措施的实施质量/效果。

4.风险控制风险控制是对经过识别和计量的风险采取分散、对冲、转移、规避和补偿等措施，进行有效管理和控制的过程。

风险管理/控制措施应当实现以下目标：①风险管理战略和策略符合经营目标的要求;②所采取的具体措施符合风险管理战略和策略的要求，并在成本/收益基础上保持有效性;③通过对风险诱因的分析，发现管理中存在的问题，以完善风险管理程序。

按照国际最佳实践，在日常风险管理操作中，具体的风险管理/控制措施可以采取从基层业务单位到业务领域风险管理委员会，最终到达高级管理层的三级管理方式。