Risk accounting
Risk accounting is a method that quantifies granular exposures to non-financial risks, aggregates them, and accounts for these exposures through expected loss accounting provisions.[1][2]
Background
[edit]Risk accounting is an extension of management accounting, aiming to enhance corporate reporting by measuring and documenting the potential future financial effects of various non-financial risks.[1][3][4] These include cyber, supply chain, operational, environmental, geopolitical, conduct, fraud, model, and other types of risks.[1]
Current accounting standards acknowledge that a business may face significant non-financial risks in one period, with the financial impacts of these risks reported in subsequent periods.[3] This practice of recognizing risks and potential profits in one period, followed by reporting financial losses in later periods, can undermine stakeholders' trust in reported accounting profits.[3] Moreover, these standards might allow some businesses and individuals to inadequately address risks concerning investors, customers, the environment, public health and safety, and community welfare.[3]
Risk accounting method
[edit]Risk accounting introduces the Risk Unit (RU) to measure non-financial risks, enabling their quantification, aggregation, and reporting. This approach uses three primary metrics: Inherent Risk, which quantifies the pre-mitigation level of non-financial risk in RUs; the Risk Mitigation Index (RMI), assessing the effectiveness of risk mitigation activities on a zero to 100 scale; and Residual Risk, representing the remaining non-financial risk after mitigation.[3][5]
The methodology refines traditional risk assessments by using numeric weights and risk factors instead of the conventional red, amber, and green (RAG) metrics, allowing for a precise calculation of RMI for each assessed business component.[3]
The non-financial risk Calculation Engine works with accounting systems and enhanced assessments to estimate daily maximum and actual non-financial risk exposures in RUs, considering inherent risks and RMIs.[3]
Risk accounting provides daily non-financial risk analytics by business component, product, customer, and location, facilitating the monitoring of risk exposures against predefined RU-based limits.[3] These analytics allow for comparisons across different organizational levels and between entities, provided the methodology is consistently applied.[3]
Monetary value of an RU
[edit]Risk accounting aims to quantify the monetary value of a Risk Unit (RU), termed RUm, by analyzing non-financial risk-related loss data with a specific context, including the relevant RUs and Risk Mitigation Indices (RMIs) at the time of loss.[3] This enables the estimation of expected non-financial risk-related losses by multiplying residual RUs by RUm.[3]
Risk accounting provides daily non-financial risk analytics in RUs across business units, products, customers, and locations, allowing for the monitoring of risk exposures against set risk limits in RUs.[3] This facilitates consistent risk comparison across the organization.[3]
Using statistical models and back-testing to examine the relationship between product-specific non-financial risk exposures in residual RUs and historical loss data may allow for determining RUs' monetary value.[3] This could enhance the accuracy of estimating expected non-financial risk-related losses and potentially provides an alternative to the operational risk regulatory capital calculations specified in the Basel Accords.[3][6]
AI-based enterprise data fabric for risk accounting
[edit]Semantic technologies, such as ontology-based knowledge bases, contribute to the development of enterprise data fabrics by facilitating data integration and improving artificial intelligence (AI) functionalities.[3] These functionalities include detecting and addressing potential cyber threats and conducting advanced risk analytics.[3] This integration forms a knowledge base When integrated with a graph database.[3]
In the context of data integration, a knowledge base acts as a foundational element for a data fabric.[3] The application of semantic technologies notably improves the capabilities of machine learning (ML) and natural language processing (NLP).[3] As a result, ontologies, along with ML and NLP technologies, form a set of tools for implementing a risk accounting framework.[3] This effectiveness stems from their capacity to tackle risk data aggregation challenges and utilize AI agents for enhanced risk and control assessments.[3]
References
[edit]- ^ a b c Grody, Allan D.; Hughes, Peter J. (2016). "Risk Accounting: The Risk Data Aggregation and Risk Reporting (BCBS 239) Foundation of Enterprise Risk Management (ERM) and Risk Governance". SSRN Electronic Journal. doi:10.2139/ssrn.2726638.
- ^ "Comments on Risk Accounting". Journal of Risk Management in Financial Institutions. 9 (4): 413–420. October 1, 2016 – via IngentaConnect.
- ^ a b c d e f g h i j k l m n o p q r s t u v Butler, Tom; Brooks, Robert (October 26, 2023). "Time for a paradigm change: Problems with the financial industry's approach to operational risk". Risk Analysis. doi:10.1111/risa.14240 – via CrossRef.
- ^ "ESG, sustainability, and non-financial risks a call for action".
- ^ Hughes 2023, p. 189.
- ^ Hughes 2023, pp. 145–146.