Due to the increasing globalization and international interdependence of many companies, currency hedging often crosses not only national borders but also the thresholds of their own currency area. In addition, the number of bankruptcies has increased enormously since then. While almost 9,000 companies went bankrupt in 1991, the number more than tripled in 2019 to around 300,000 before the global pandemic crises.

This considerable increase in foreign trade relations and the rise in the number of bankruptcies confirm the need for established risk management in companies. SMEs also have an option to outsource quantitative risk assessment services to a third party.

In the present work, an overview of the risk management system and the currency risk is to be given. First of all, the individual types of risk are explained. The third chapter then explains the objectives of risk management. It also shows how risk management operates in the individual sub-areas. In doing so, not only derivative financial instruments are considered, but also internal company measures. The choice of the instruments in this thesis was based on the ease of implementation and the frequency of the hedging instruments used in practice. Derivatives such as currency swaps, currency forwards, and futures are interpreted in their simplest form and illustrated with examples.

Definition of the term “risk”

The term risk is perceived differently by the subjective perception of each individual. Risk-averse personalities are more critical of potential risks than risk-averse characters. Therefore, the term risk is used differently in economics. 

Risk categories in the company

In the following article, the areas of strategic risk, operational risk, and financial risk are explained.


The strategic risk corresponds roughly to the risks of the environment. These include, for example, technology, collaborations, and changes in the law. The energy transition is a good example of strategic risk. 


Operational risks, which are called 3-P-Risks, mean process, politics, and people. Process means process risk that can arise in the individual steps. Politics is seen as an umbrella term which, in addition to political risks such as new laws or taxes, also includes natural disasters such as earthquakes or floods. People are to be understood as the risk caused by humans, which is dealt with in the context of corporate governance. 


Financial risks are risks that can negatively affect the value of individual balance sheet items. These include the market risk, the liquidity risk, and the default risk. In addition, currency risk plays a major role in financial transactions, in connection with types and hedging options.

What is the risk manual?

The term risk management consists of the words risk and management. Basically, this can be understood to mean managing potential deviations from expectations. In risk management, the potential risks are first recorded. Then, using appropriate hedging instruments, an attempt is made to perceive these risks as opportunities and to control them in such a way that the deviations from expectations are not negative.

Risk management is the task of corporate management, which, depending on the time horizon, can be characterized as strategic or operational control parameters. 12th risk management consists of the so-called risk management system. 

Objectives of risk management

The core objectives of risk management are to secure livelihoods, secure future success, and reduce risk costs. The goals of risk management must not be viewed separately from the corporate goals, but as a kind of supporting area, because otherwise competing goals are disregarded.

Examples of this are the goals of shareholder profit maximization and risk management to minimize risk. Since the two goals are in conflict, it is unlikely that they will be achieved. For this reason, management has to compromise on goals, in which the weighting of the individual goals depends on the corporate culture and corporate strategy.


quantitative risk assessment services
Legal Guidelines

The need to build up and establish a risk management system in the company is not only there to present information to the management level about the company’s financial position and the need for security, but also to comply with certain legal requirements. There is a large number of different framework conditions for this which the legislator prescribes. Some of these are explained in more detail below. Five important key statements of legal guidelines are given below:

The first pillar specifies the minimum capital requirements for market risk, credit default risk, and operational risk. As a benchmark, the regulation specifies an eight percent minimum equity ratio for the risk position, which can be determined using the solvency coefficient. 

The second pillar regulates the supervisory review, which states that banks should conduct risk management that determines the risk profile of the equity capital and maintains the equity level. In addition, the supervisory authorities should evaluate the company’s internal procedures and strategies and intervene if they are not satisfied with the results of the process. The third pillar includes the publication of the risk assessment methods and capital resources of the credit institutions.20th

What is the risk manual?

The risk management system consists of the three essential components of the risk strategy, risk controlling and risk optimization. The figure shows the cycle of the system as any calculable risk goes through these steps. The risk strategy specifies how to deal with the risk, the risk appetite, and the framework for the organizational implementation. Risk controlling includes the identification, assessment, and monitoring of the occurring risks, while risk optimization optimizes both pre-damage and post-damage.

When processing the next risk, the risk strategy is started again. Then the individual areas of the risk management system switch on again to identify and neutralize the new risk.


In the risk strategy, the company must determine how high its own risk appetite is, whereby the willingness to take risks can be derived from the corporate goals and corporate culture. 25 Risk-bearing capacity, risk preference, and organizational implementation are the individual steps that are carried out in the risk strategy.

  1. a) Risk-bearing capacity: In the first step, the worst case is assumed. To this end, considerations are made as to how far the company can cope with the risk and deal with it. Researchers explain that “the maximum damage that a company can suffer is a function of profit stability, business prospects, financial structure, and credit lines.” 
  2. b) Risk preference: In addition to risk-bearing capacity, risk must also – Preference to be determined. Some companies are more willing to take risks, while others are risk-averse or averse to risk. One can imagine the risk preference as the price for the risk, whereby the expected profit must be set in relation to the risk.27According to this, an assessment is made as to whether an activity with the risk-reward ratio is worthwhile.
  3. c) Organizational implementation: In the organizational implementation, the company’s guidelines must be clarified by the management. These include organizational framework conditions such as process planning, operational incentive systems, or contingency planning in the event of risks.

After the risk strategy has been clarified, the area of ​​responsibility for risk controlling must be dealt with. The risk strategy stipulated the company’s internal conditions, whereby the risk-controlling department, on the other hand, deals with the external issues. Risk controlling links the framework conditions and individual prerequisites into risk-adequate control impulses”. According to this, risk controlling is a supporting function, i.e., it analyzes and evaluates the risks, but does not independently take any measures to protect the company from the risk. 30th Risk controlling proceeds in three steps.

  1. a) Identification of risks: This first identification step is very important in order to be able to carry out successful risk management since the risk potentials and the cause-and-effect relationships are recognized and recorded. 31 When risks are identified, all risks are listed and assessed, and prioritized by a respective team of experts. 32 In order to be able to carry out such identifications, there are various evaluation and analysis options such as B. the fault tree analysis. With the FBA, the reliability of a technical system can be analyzed. The result shows how high the probability of a technical failure of this system is. With the FBA, potential risks can be identified at an early stage.
  2. b) Risk assessment: The main task of risk controlling is risk assessment. Here, risk controlling uses various evaluation and analysis options, such as FMEA or a risk matrix, the evaluation of the individual risks. In the case of high-risk figures, a reduction is necessary, which corresponds to the task area of ​​risk optimization. The task of risk control is to evaluate and then report on the risk figures, while risk optimization takes action against this.
  3. c) Reporting: After the risks have been identified and assessed, the controlling department reports the result to management. Risk controlling serves to supply management with information about the risk situation. Risk Controlling periodically forwards the information on the risk position and compliance with the framework risk guidelines to the Risk Committee or the Risk Framework Committee. 

Risk optimization is the active influencing of the risks identified and analyzed in the previous steps, taking into account the specific corporate strategy. Basically, there are five instruments available for risk optimization: reduction, avoidance, limitation, transfer, and acceptance. There are some risks that do not need to be taken into account, as some of the risks do not even arise when the contract is drawn up with the customer. The transport risk can e.g. B. can be eliminated by drafting the contract. Another function is the regular review and examination of the efficiency in order to optimize risk.36 Accordingly, weighing up the individual risk control strategies available and finding the right instruments are tasks of risk optimization and risk control.