Hello, dear friend, you can consult us at any time if you have any questions, add WeChat: daixieit

BUSI4450

A LEVEL 4 MODULE, AUTUMN SEMESTER (SAMPLE EXAM PAPER)

RISK ANALYSIS

Sample Exam Paper (notes on the questions are appended to this document)

•   This sample paper is provided as an indication of the type and nature of the exam questions.

•   The notes at the end correspond to the notes that would normally be found in the Generic Exam Feedback on Moodle.

•   This sample paper does not provide any hints on the actual content of the 2022/23 exam paper.

1. Critically discuss the relationships between Sharpe's market index model and Capital Asset Pricing Model (CAPM) and how both models could be utilised to enhance risk-based investment decisions.

2. Considering the different types of corporate stakeholders, discuss how the following formula could reflect the risk problem for firms:

E(CasFlowt)

(1 + r)t

t =0

Where: t  indicates a financial period, E[. ]  means “expected value” and r  indicates the relevant discount rate.

3. Using the managerial utility function, explain the differences between the first best solution’ and second best solution’ in compensating managers to alleviate the principal/agent problem.

4. Critically discuss how simple statistical risk measures could be used to derive and implement basic rules of financial risk management.

5. Critically discuss the possible solutions to the asymmetric information problem in lending.

6. Utilising Rokenbok Education’s case study, critically discuss the four cascades of the “Domino Effect” of SME cyberattacks and evaluate the measures that SMEs can take to manage their cyber risk.

Q1. Critically discuss the relationships between Sharpe's market index model and Capital Asset Pricing Model (CAPM) and how both models could be utilised to enhance risk-based investment decisions.

Outline Answer:

The Capital Asset Pricing Model is a simple model designed to explain the minimum expected return necessary (in the future) to persuade shareholders to invest in a given firm. The model makes a number of simplifying assumptions, including:

•   There are many investors: they behave competitively and are price takers.

•    All investors are looking ahead over the same (one period) planning horizon.

•    All investors have equal access to all securities.

•    No taxes.

•    No commissions.

•    Risk does not create bankruptcy, only volatility in share returns (i.e. no bankruptcy costs or financial distress)

•    Each  investor cares only about their expected  return and  return variance. This  is tantamount to assuming either that returns have Normal distribution (which they do not) or that owners are rational’ according to SEUT and have a quadratic utility function of money.

•    All investors have the same beliefs about the investment opportunities

•    Investors can borrow and lend at the one risk-free rate.

The famous Capital Asset Pricing Model (CAPM) then says that risk averse owners only need to be compensated for taking on the systematic risk, and that the compensation they require, in terms of the excess of the expected return E (ri) over the risk-free rate rf , so that risk premium = E (ri) - rf, is a linear function of the share’s systematic risk.

In other words, the Capital Asset Pricing Model shows that the expected return on firm i shares is given by

E (ri) = rf  + βi  (E(rm) - rf)

where rf is the risk-free rate of return in the market and βi     =  cov (ri, rm) / σ2m

Thus the expected return on firm i depends on the firm's β, that is on the extent to which ri  is correlated with the market rate rm . Thus the firm's owners are only concerned with that aspect of risk which cannot be diversified away (the systematic risk).

Q2. Considering the  different types  of corporate  stakeholders,  discuss  how the

following formula could reflect the risk problem for firms:

E(Cash Flowt)

(1 + r)t

t=0

Where: t indicates a financial period, E[. ] means expected value and r indicates the relevant discount rate.

Outline Answer:

The impact of market and operational risk can affect the firm by producing fluctuations in income and expenditure accounting items (including operating profits), in balance sheet assets and  liabilities,  and  in  a  quoted  firm’s  share  price  (and  hence  its  market  value). These fluctuations are all ‘internal’ to the firm in the sense that they may have a direct impact on the firm value via the operation of the various  markets  in which the firm contracts with its stakeholders (product, labour, capital etc).

In addition, it must be remembered that, via its operations, a firm can impose risk on its ‘external’ environment (ie on other stakeholders who do not contract with the firm in a market). Even though the firm may not pay a risk premium, the impact of such fluctuations on the firm may not be negligible as they can cause damage to its reputation, and may induce government intervention.

While individuals have risk preferences (and obviously act at times in a risk averse or loss averse way), it is difficult to see how firms could have risk preferences in the same way that individuals do. The firm itself is merely a legal entity and Articles of Association cannot have risk preferences! We cannot model the firm as if it were an individual unless it is a one-person business. In practice, corporate decisions are made by groups of people who may have little of their personal wealth at risk.

However this does not mean that risk does not cause a firm any problems. The best way to think about this is to investigate the impact of risk on the value of the firm this is the maximum amount of money that the firm could be sold for. This value should be equivalent to the  present value of the firm’s future expected or average cash flows discounted at an appropriate discount rate:

Firm Value = Σ t=0  E[cash flowt ] / (1 + r)t

where E[.] means expected value” or average” . For a quoted company, this value should also be equal to the number of shares multiplied by the share price (although fluctuations in share prices make this an imprecise relationship).

Later on, we will make a distinction between a firm’s profits (gross of tax) and cash flows and explain that cash flow may be a non-linear function μ of gross profits (πt), so that we have

Firm Value = Σ t=0  E[ μ(πt) ] / (1 + r)t

It follows therefore that risk will be a problem if it reduces firm value, and that this can happen in three broad ways:

1. If risk increases the discount rate r. We will see later that, for quoted (plc) companies, the discount rate only reflects that risk that the shareholders cannot themselves remove by holding a diversified share portfolio (the so-called systematic risk). The tragedy is that firms find it very difficult to influence their systematic risk

2. If risk reduces profits πt whatever the shape of the cash flow function. This may happen if the firm has to pay a risk premium to stakeholders who dislike risk, and/or if risk reduces profits because information is asymmetric (leading to so-called agency costs).

3. If the function μ(πt) is concave, so that risk has the effect of reducing E[μ(πt)].

Q3. Using the managerial utility function, explain the differences between the first best solution and second best solution in compensating managers to alleviate the principal/agent problem.

Outline Answer:

The features  of the  managerial  utility function  give  rise to the  classical principal/agent’ problem: how does the rational owner of the firm (the principal) get a rational manager (the agent) to expend greater effort to increase expected profits μ]u(e)] when this increased effort e decreases the utility of the manager u(Y, e)? How do owners get managers to behave in the

ownersinterest, when the interests of owners and managers contradict?

This problem arises as a result of three main factors:

1. Owners cannot observe the effort of managers. If effort was observable, managers could simply be fired if they didn’t expend enough effort and the owners would get their optimal level of expected profits and risk this is known as the 'first best solution'. How do we get managers to work harder (or expend more skill, or consume fewer perquisites) if we can’t observe their behaviour?

2.  Profits are subject to random fluctuations. So a high value of profits could either be due to a high level of managerial effort or skill or because of a random spike in profits the owners can’t easily tell the difference.

3. Owners cannot observe the expected profits μ]u(e)] they cannot know the long-term average profits in circumstances when reality only provides one opportunity (which is the actual realisation of u). Think of it like this: suppose you had a 6-sided dice but you didn’t know the number of spots on each side until the dice was thrown. If you could throw the dice a large number of times, you could work out the average value of the spots. But you can’t know anything about that average if the dice is only thrown once.

In the context of managerial behaviour, the usual solution to the principal/agent problem is the design of the executive compensation scheme to provide an incentive for rational management to expend effort (or skill, or low consumption of perquisites) – so long as the agent does, in fact, have sufficient influence over firm performance (Miller, Wiseman, & Gomez-Mejia, 2002).

First note that managers would generally like to receive a fixed pay level Y0 so long as this was high enough to encourage them to take the job - since they are risk averse. But then their utility would be u(Y0, e)  and they could increase their utility by reducing effort e. Clearly this won’t be acceptable to the owners (who can’t observe effort) because they will get lower expected profits as a result of the lower managerial effort.  Thus a fixed pay is not optimal for owners even though it may be the preferred outcome for risk averse managers so it won’t happen.

Also note that it would be great if a link between managerial pay and the firm’s expected profits could be established, so that pay =   some function of μ[π(e)]. This would mean that the interests of the owners (who want more μ[π(e)])  and the managers (who want more pay) could be aligned as both parties will then benefit from greater managerial effort without imposing any  risk on  managers.  But this  isn’t  possible either  because μ[π(e)]   can’t  be observed.

So the only viable solutions involve linking executive pay to the actual realised profits π via some kind of performance-related pay - even though this is not optimal for either. This is not the ideal solution for owners (because it doesn’t produce as high profits as the first best’ solution) and it’s not ideal for managers either because they dislike risk. For this reason, this outcome is sometimes termed a second best’ solution.

A second-best solution requires making executive pay a function of random profits π, so that managerial pay is random too - this reduces the expected utility of risk averse managers. This gives management an incentive to increase effort (because π will be increased on average) and therefore produces a higher expected profit for owners. However this will not normally produce as high a level of expected profits as a (theoretical) link between pay and μ[π(e)] would do: because profits will be reduced as a result of either lower-than-otherwise effort (in order to reduce output levels and hence the riskiness of profits) or will involve the diversion of some profits into other measures to reduce risk (i.e. costly risk management).

It’s worth asking what would happen if the firm’s owners simultaneously linked pay to actual profits and prohibited the adoption of costly risk management. This would have the impact of exposing managers to too high a level of risk (which may benefit the owners but not the managers because of the latter’s risk aversion). They are likely to respond by either reducing their effort (so negating the benefit of prohibiting risk management) or alternatively may simply decide that they can increase their expected utility by doing some other job (perhaps for a fixed wage that is, a non-management role).

Q4. Critically discuss how simple statistical risk measures could be used to derive and implement basic rules of financial risk management.

Outline Answer:

For complex risks, the expected loss is equal to the probability of loss multiplied by the average loss. When the distribution of losses in discrete, the expected loss is the sum of all possible losses multiplied by their respective probabilities.

Then, the first basic rule of financial risk management is that provisions should be (at least) equal to the expected losses. This condition ensures that, on average, the firm will have enough reserves to cover future losses. The justification for this rule can be found in the Law of Large Numbers (LLN): The average loss from a portfolio of n independent and identically distributed risks with finite variance converges with probability one to the expectation of these risks when the number of risks, n, becomes arbitrarily large. This is a mathematical formulation of an important property that constitutes the basis of traditional insurance activities: by having a large portfolio of independent risks, an insurance company decreases the uncertainty on its average liability (Beneplanc & Rochet, 2011).

In a multiperiod context, future losses (or gains) have to be discounted. Consider, for example, a multiperiod insurance contract. The future claims on this contract (that will have to be paid by the insurer) can be represented by a sequence of random variables 1, 2, … , T  at dates t = 1,2, …, T. The insurance company wants to compute the minimum provision that has to be kept in reserve at date 0 to cover the average losses over the whole life of the contract. If r denotes

the discount rate that is used to evaluate the remuneration of the reserves of the company,

the average losses of period t will be covered by a provision E () at date 0.

By adding these terms from t = 1 to t = T, we obtain the Expected Present Value (EPV) of future losses:

Expected Present Value = E  ( +   + ⋯ + )

 

Then, the multiperiod version of the first basic rule of financial risk management is that ‘provisions for future losses should be at least equal to the EPV of these future losses (Beneplanc & Rochet, 2011).

Variance is a measure of the dispersion of losses (or gains). It is measured by computing the following formula:

vaT () = E[{ −  E()}2 ]

It is always non-negative and zero only when  is completely concentrated in E() and therefore not random. Standard deviation is simply the square root of the variance G =  √vaT () .

 

Then, the second basic role of financial risk management is that a minimum level of capital E should be kept as a buffer against unexpected losses. This minimum level (called Economic Capital) is equal to a multiple s of the standard deviation of the portfolio of risks: E   . The number s is called the safety coefficient; it is chosen by the firm.

 

Q5. Critically discuss the possible solutions to the asymmetric information problem in lending.

Outline Answer:

There are several ways which can be used to solve the information asymmetry problem, and which could be used by low-risk borrowers (in order to get cheaper loans) and high-risk borrowers (in order to reduce the risk that they pose to lenders). Such solutions may also prevent credit markets from failing.

Certification (Signaling)

Borrowers which know themselves to be low risk might apply to an independent credit-rating agency for a credit score. Agencies such as Fitch, Bests, and Standard & Poor’s provide credit scores to corporate borrowers on the basis of detailed information provided by the borrower  and which is costly for borrowers to supply (in terms of fees to the agencies, the cost of providing  information).

Only low-risk borrowers have an incentive to adopt costly signaling of their status, since high- risk borrowers cannot hope to gain from lenders knowing that they are high risk. Signals need to be costly - otherwise every borrower (even the high-risk ones) could afford to send them.

Unfortunately  the  value  of  such  signals  is  undermined  if  credit  rating  agencies  can  be ‘persuaded’ by high-risk borrowers to give them a good credit review. There is wide-spread concern that credit rating agencies may be susceptible to persuasion, given that they earn their revenues from charging borrowers.

Collateral (Pledging)

Another type of signaling is the low-risk borrowers’ willingness to pledge collateral. These are assets which can be prioritised to repay the loan. We noted earlier that it makes little sense for a borrower with liquid assets to borrow, so by definition the collateral will be illiquid.

We saw above that signals of low-risk status have little informational value unless they are costly (since high-risk borrowers could afford to send them). In the case of collateral, the signal is costly because collateral is illiquid so that the asset will lose value when turned into cash to repay the loan.

Self-selection

Borrowers may self-select themselves into high and low risk applicant pools when offered a menu of lending terms.

Risky borrowers will choose option 2 because although in the good state (venture is profitable), they repay £12,000, they know that the probability of default is high and hence try to minimise the amount of collateral that they offer to the bank.

Lower risk borrowers will trade off interest margins for reduced collateral because they know

that their lower risk will translate into a lower default probability.  They are perfectly happy to grant higher collateral cover in the knowledge that they will not default. In practice, lenders generally do not offer menus of collateral/rate choices which would permit self-selection.

Use of Business-Bank Relationships

This strategy of fostering close relationships with borrowers increases lender knowledge about the borrower over time in order to reduce risk.  Theoretically, the lender should reward the borrower a reduced interest margin for second round finance, if repayments ran smoothly over the first period. The first borrowing period is the period within information about the borrower is gathered and used in order to generate a risk profile.  Close bank-lender relationships are more often a feature of countries such as Germany and Japan, which rely more heavily on bank finance.

Credit scoring

This approach of using statistics to inform credit granting decisions or overdraft increases is increasingly dominant in the banking industry as it strives to cut costs and reduce the manual component of lending decisions. These systems depend on the lender’s ability to obtain;

•    large data sets (to enhance statistical significance)

•    variables highly correlated with financial distress and default

•    objectivity (borrowers can misrepresent data)

•    flow rather than stock data (e.g. monthly repayments)

Q6. Utilising Rokenbok Education’s case study, critically discuss the four cascades of the Domino Effect of SME cyberattacks and evaluate the measures that SMEs can take to manage their cyber risk.

Outline Answer:

Rokenbok Education’s Cyberattack

•   Rokenbok Education is an American small-size (seven-employee) company that designs toys to teach kids engineering skills

•  Online criminals had encrypted company files, making them unusable, and were demanding a huge ransom to unlock the data

•   But rather than pay the ransom, the company reconstructed its key systems over four days

•   It lost thousands of dollars in missed sales during the peak holiday season in 2015

Four Domino Cascades of SME Cyberattacks

1. The First Domino Cascade :

•   Business disruption

•  Customers leave and never return

2. The Second Domino Cascade :

•   Press coverage could be seriously damaging

3. The Third Domino Cascade :

•  Will cyber criminals cooperate?!

•   Bankruptcy risk

4. The Fourth Domino Cascade :

•   Litigation risk

How Can SMEs Protect Themselves from Cyberattacks?

•   Ensure that their antivirus and other security software is always kept up-to-date

•  Ask a cybersecurity consultant to identify high risk areas

•   Develop and enforce a formal, written password policy:

o strong passwords (e.g., a mix of letters, numbers, and symbols)

o frequently changed

o Passwords should also be changed automatically or accounts marked inactive when employees leave the company

•   Educate all employees regularly on cybersecurity vigilance

•   Restrict access to sensitive information

•   Update IT equipment & deploy security software

•  Create a Cyber Incident Response Plan (CIRP):

o a dedicated and prepared team of cyber responders consisting of both employees and outside service providers

o shorter response time and quicker resolution

•   Purchase Cyber Insurance