Risk aggregation

Risk aggregation ( english risk aggregation ) is part of the risk management of companies or projects , the aggregation of all risks , with the summary of the individual risks can not be done by mere addition.

General

Risk aggregation aims to determine an overall risk position for the company or for a project on the basis of the identified , analyzed and assessed individual risks. The establishment, within the risk aggregation risk classification provides the interface between risk assessment and risk management . On the basis of reliable aggregate data , the risk situation can be detected an enterprise across and optimized.

Risk aggregation is particularly necessary in order to identify possible “developments that could jeopardize the continued existence of the company ” on the risk-bearing capacity of a company from the combined effects of individual risks (which is required by Section 91 AktG ). It examines the likelihood of a breach of minimum requirements for the rating or of credit agreements , because such scenarios can indicate imminent illiquidity and are therefore to be interpreted as “threatening the continued existence of the company”.

Process flow

The risk aggregation is preceded by the risk quantification . From the risk identification it can only be deduced which risks alone could endanger the existence of a company. In order to assess how large the overall risk scope (and thus the probability of bankruptcy due to the set of all risks) is, a risk aggregation is required. A distinction must be made here between whether the individual risks are independent of one another or not. Independent risks do not influence each other, they can be added. Risk interdependence, on the other hand, means that risks are interdependent. Positively correlated risks reinforce each other, negatively correlated risks weaken each other. Usually, this stochastic dependency on risks is first checked for plausibility and quantified using a correlation coefficient. The higher this correlation coefficient, the more interdependent individual risks increase or weaken each other.

The dependencies of the risks can be determined by correlations or copulas , which have to be explicitly taken into account using risk simulation methods. In addition, individual risks can be statistically or empirically dependent on one another or on common causes, so that risk compensation effects or mutual reinforcement of the risks can occur. It can also be the case that a certain risk only occurs or only occurs when another risk has already arisen.

Werner Gleißner sets up three heuristic rules for risk aggregation :

Cause aggregation: Risks with the same cause are summarized and their effects aggregated.
Effective aggregation : For risks with equal impact the probabilities of the causes are aggregated.
Exclusion rule : Risks that cannot occur together are not allowed in the risk quantification at the same time.

In the subsequent risk aggregation, it is important to adequately take into account the actual stochastic dependencies on the cause and effect level of various individual risks.

Risk aggregation is followed by risk assessment in the process flow .

Monte Carlo simulation

A numerical method for risk aggregation is risk simulation with the help of Monte Carlo simulation .

Aggregated frequency distributions result from the determined realizations of the target variables . From these, expected values of cash flow and profit as well as the associated value at risk (VaR) can be calculated as a realistic maximum loss that will not be exceeded with a 95% or 99% probability, for example. There is no alternative to the Monte Carlo simulation for the aggregation of risks with reference to corporate planning if risks are described by different probability distributions .

As part of a Monte Carlo simulation, the effects of individual risks are mapped in a company model and assessed with regard to their influence on the corresponding items in the income statement and / or the balance sheet . Such effects of individual risks on items in the income statement or balance sheet are described in the model by probability distributions (see risk quantification ). In independent simulation runs, a financial year is simulated several thousand times with the help of the Monte Carlo simulation in order to determine the total scope of risk and the effect of a random combination of potential risks on the income statement and / or the balance sheet is determined. In order to be able to identify possible “developments that could endanger the company's existence”, the effects of the risks on covenents and the future rating are analyzed. A simulation over several planning years makes sense here (see IDW auditing standard 340 and principles of proper planning ).

Risk aggregation in corporate planning

By using simulation methods, the complex problem of the analytical summation of a multitude of different risks, especially with this approach, is replaced by a numerical approximate solution. In principle, this simulation generates and analyzes a representative sample of all possible risk scenarios for a company.

The following graphic shows the frequency distribution of the equity ratio , which results in the simulation from the consolidation of profits and losses with equity. With this distribution function it is immediately possible to assess the adequacy of a company's equity base (given a given risk). The example shows that equity (taking into account the risks of the company) becomes negative in 3.2% of all cases; the company would be over-indebted in these cases . In this way, based on the corporate planning and the risk analysis, an appropriate rating assessment can be concluded, and rating forecasts can be made.

Distribution of the equity ratio.

Application in practice

In practice, the effects of individual risks on corporate planning (e.g. budgeted profit and loss account ) are mapped; an approach that enables the connection between risk management and “traditional” corporate planning. In this way, risk-adjusted cost of capital rates ( English Risk Adjusted Profitability / Performance Measure , RAPM) or risk-related "spreads" of future profits or cash flows are determined ("bandwidth planning "). This contributes to a well-founded assessment of the reliability of the planning and shows the planning security as well as the equity and liquidity requirements (can be expressed e.g. by the risk measure value at risk ). The aggregation of risks is one of the most important tasks of risk management and the subject of the review of risk early warning systems (see IDW audit standard 340 and DIIR audit standard No. 2 on risk management from 2018). Risk aggregation is the basis for measuring risk-bearing capacity and risk tolerance (see IDW PS 981 ).

literature

Werner Gleißner / Frank Romeike: Risk management - implementation, tools, risk assessment. Haufe, 2005, ISBN 3-448-06209-X .
Werner Gleißner: The aggregation of risks in the context of corporate planning. In: Journal for Controlling & Management. 5/2004, pp. 350-359. (PDF on: werner-gleissner.de )
Werner Gleißner: Risk analysis, risk quantification and risk aggregation , in: WiSt, 9/2017, pp. 4 - 11 [1] on: werner-gleissner.de
Christian Cech: Copula-based top-down approaches in financial risk aggregation. (= Working Paper Series by the University of Applied Sciences of bfi Vienna. No. 32.) (PDF file; 6.04 MB). on: fh-vie.ac.at , December 2006.
Werner Gleißner: Bandwidth planning, planning security and Monte Carlo simulation of several planning years , in: Controller Magazin, Issue 4, July / August 2016, pp. 16–23
Cathérine Grisar / Matthias Meyer, Use of simulation in controlling research: a systematic literature review for German-speaking countries , in: Management Review Quarterly, published online: October 26, 2015, pp. 1–41
Endre Kamaras / Marco Wolfrum: Software for Risk Aggregation: Common Solutions and Case Study, in: Risk Management and Controlling, 2017, pp. 289–314
Mario Hempel / Jan Offerhaus ,: Risk aggregation as an important aspect of risk management , in: German Society for Risk Management (ed.): Risk aggregation in practice, 2008, pp. 3–13

Web links

Literature on risk aggregation in the catalog of the German National Library
Simulation procedure for risk aggregation. on: risknet.de

Individual evidence

↑ Karin Exner / Raoul Ruthner, Corporate Risk Management , 2019, p. 117
↑ Bruno Wiederkehr / Rita-Maria Züger, Risk Management System in Companies , 2010, p. 37 f.
^ Leonhard von Metzler, Risk Aggregation in Industrial Controlling , 2004, p. 199
↑ Werner Gleißner, Fundamentals of Risk Management in Companies , 2011, p. 159
^ Leonhard von Metzler, Risk Aggregation in Industrial Controlling , 2004, p. 199
↑ Fabian Ahrendts / Anita Marton, IT Risk Management Leben , 2008, p. 24
↑ Werner Gleißner, Quantification of Complex Risks - Case Study Project Risks , in: Risk Manager Heft 22, Bank-Verlag / Cologne, 2014, pp. 1, 7-10
↑ Werner Gleißner / Marco Wolfrum, Risk Aggregation and Monte Carlo Simulation , 2019, p. 2

[1] Karin Exner / Raoul Ruthner, Corporate Risk Management , 2019, p. 117

[2] Bruno Wiederkehr / Rita-Maria Züger, Risk Management System in Companies , 2010, p. 37 f.

[3] Leonhard von Metzler, Risk Aggregation in Industrial Controlling , 2004, p. 199

[4] Werner Gleißner, Fundamentals of Risk Management in Companies , 2011, p. 159

[5] Leonhard von Metzler, Risk Aggregation in Industrial Controlling , 2004, p. 199

[6] Fabian Ahrendts / Anita Marton, IT Risk Management Leben , 2008, p. 24

[7] Werner Gleißner, Quantification of Complex Risks - Case Study Project Risks , in: Risk Manager Heft 22, Bank-Verlag / Cologne, 2014, pp. 1, 7-10

[8] Werner Gleißner / Marco Wolfrum, Risk Aggregation and Monte Carlo Simulation , 2019, p. 2