4 types of risk analysis, 1 bad and 3 good examples RISK-ACADEMY Blog

0
694

Наши популярные онлайн курсы

sample85
+ Подробнее

Риск-ориентированное управление. Самостоятельно

Курс направлен на развитие навыков риск-ориентированного мышления, которое позволяет выявлять, приоритезировать и моделировать влияние рисков на ключевые цели или решения организации.

25000 руб
sample85
+ Подробнее

Риск-ориентированное управление. С преподавателем.

Крупнейшая в России программа онлайн-подготовки к двум сертификациям: национальной и международной G31000

45000 руб
sample85
+ Подробнее

Количественная оценка рисков

Единственный в России и СНГ онлайн-курс по количественной оценке рисков и принятию решений.

33000 руб

Say what you will about risk management in financial services, one thing is for sure, it is much more mature than risk management outside of financial services, at least when it comes to credit and market risks. Don’t get me started on operational risk management at banks, it is often embarrassing to put it mildly. Nevertheless, there is two principles in banks that are fundamental to risk management – it pays to better manage risks and horses for courses. Basel has this wonderful idea that there are 3 risk managements: basic, standardized and advanced. Each is suitable for different tasks and the less effort you put into risk analysis the more you pay for it.

Let me emphasise this point – horses for courses. It means risk register has a role to play but this role is very narrow and scope and it is useless for other important tasks. We, as risk professionals, need to clearly understand when to use which risk analysis. I summarised the scope of application below and will go into more detail in the rest of the article:

By the way, if you prefer video format, watch this video from a recent Archer event in Dubai:

Alex has created a short bootcamp designed to help companies implement quantitative risk management. Imagine saving the company so much money that investing in risk management competencies and resources becomes a no brainer for the executives. That’s exactly what Alex Sidorenko did at a global $10B chemical company and he has been kind enough to share his top tips and lessons learned with you each week. Sign up now!

This is not risk management, just like astrology has nothing to do with astronomy. Horoscopes, sorry I meant heatmaps, are not ok even for companies that claim they are not mature, just like smaller space agencies wouldn’t use them for sending things into space.

Most companies have risk registers. Well, it turns out it takes few minutes to turn any risk register on the planet into a quantitative risk register. It can be done manually by replacing probability score with a probability or frequency distribution and replacing consequence score with a consequence distribution. Or you can use software like Archer Insight which does it almost automatically.

Do this tomorrow. I am not exaggerating. Converting your current risk register to a quantitative risk register has amazing benefits:

  • automatically calculate expected losses for a single risks
  • automatically calculate aggregate expected losses for a department or business unit
  • use expected losses for budgeting and mitigation planning
  • calculate unexpected losses for liquidity and capital allocation purposes

And more importantly quantifying your risk register will allow you to prioritise risks more accurately than a heatmap, below is an example of the tornado diagram:

By the way, if you think it is impossible to aggregate financial and non-financial risks, think again. Utility theory is quite old and allows companies to aggregate unaggregatable risks with ease. Software packages like Archer Insight even have this functionality built in.

Given the effort required I honestly don’t understand why would anyone ever have a risk register that is not quantitative. The upside of having a quant risk register is huge. However you have to keep in mind, risk registers, even quantitative have limited application, for example, they are useless to have a mitigation conversation or decide on the best mitigation strategy, nor do they help in decision making. We have Standardized and Advanced for this.

Whenever we need to mitigate a risk or we need to improve our estimate of the risk exposure, we need to deep dive into that risk. Usually this is done for the top 3 or 5 risks from the tornado diagram above.


Bow-tie is a simple and powerful technique that can be used to perform detailed risk analysis, map risk factors against the consequence scenarios and improve on the quantitative risk estimate. Archer Insight automated bow-ties with Monte-Carlo engine sitting on top of it. 

Bow-ties can be used for selecting optimal mitigation strategies or testing hypothesis regarding existing control effectiveness and various other return on investment decisions. I use bow-ties whenever I need to deep dive into a risk to understand it better, usually when someone from business approaches me to help with a decision.

Whenever there is a big decision at hand (large investment) or a lot of money at stake (insurance or vendor selection) or there is an expectation a risk will be quantified (CSRA, credit and market risks), neither quantitative risk registers or a quantitative bow tie will do the job. In these cases it may be required to built a tailor made model, specifically designed for that decision or risk.

My team built models for water pollution, investment projects, maintenance budgeting, different insurance lines, vendor accreditation, vendor selection and others.

Below is an example of a model specifically designed to optimise insurance coverage that the team is currently pilot testing within Archer Insight.

Let me know which risk analysis type does your organisation currently use.

 

Check out other decision making books

RISK-ACADEMY offers online courses

sample85

+ Buy now

Informed Risk Taking

Learn 15 practical steps on integrating risk management into decision making, business processes, organizational culture and other activities!


149,9949,99




sample85

+ Buy now

Управление рисками

В этом коротком и очень увлекательном курсе, Алексей Сидоренко расскажет о причинах внедрения риск менеджмента, об особенностях принятия управленческих решений в ситуации неопределенности и изменениях в новом стандарте ИСО 31000:2018.


49,9919,99