Monday, July 21, 2014

Risk Appetite In Operations

Assessing and measuring risk appetite away from an investment portfolio is perhaps one of the most difficult risk management initiatives practitioners have to entertain, it is also discussed often on risk forums and written about avidly by many consulting firms.  Yet, very few subject matter experts actually delve into the semantics required to measure risk appetite and this is kind of frustrating. I personally have plenty of clients that have expressed their sentiments around how difficult the entire risk appetite program is and many managers out there struggle to take this important aspect of risk management to completion.

In this article we release a white paper that steps through the entire process of measuring and assessing risk appetite, dealing with the numbers specifically rather than just top level summaries and catch phrases on what risk appetite is.

Monday, July 7, 2014

The Near Miss

In section 2.17 of the ISO 31000 standard, an event without consequences but an event all the same can be classified as a "near miss", "near hit" or "close call". Yesterday morning at Barcelona airport did such an event take place?

Monday, June 16, 2014

Why 5000 iterations in Monte Carlo

For those risk analysts out there using Monte Carlo in their analysis, have you ever wondered why the industry standard for simulation sample sizes in Monte Carlo is set at five thousand iterations?

So many Monte Carlo systems I see in use today run a standard five thousand simulations but why five thousand, why not ten thousand, why not five thousand and one?

How many samples should we have in our simulation sample size and when is the number of iterations insignificant?  To be concise, if you were to add another sample to your Monte Carlo simulation, when doesn't it make a difference to the result?

Saturday, June 14, 2014

Gigantic Catastrophes - Fukushima Daiichi

Recent investigative journalism has turned out some pretty horrifying developments and realizations at the Fukushima Daiichi Nuclear Facility ... The video from Vice is nothing less than deeply concerning.

Friday, June 6, 2014

What to do with KRIs? [Part 2]

So to follow up on Part 1 of our Key Risk Indicator network or system which can be found here [LINK], perhaps the most important consideration we should ponder on is what do we actually do with the KRI data we capture?

In reality, why bother tracking Key Risk Indicators if we aren't going to do anything with them?  Yet, so many risk managers do go through this very exercise without bringing it to full conclusion.

In this article I would like to describe at a top level what we can use our KRI data for and outline what holds us back from that objective.

Wednesday, June 4, 2014

What to do with KRIs? [Part 1]

Over a typical month a lot of risk practitioners in my network pose various technical questions to me. Today is no different but this month we certainly have an interesting query that goes along the following lines:
"I am creating a data model for KRIs and Op Risk Loss Events and would be curious to know how the metadata model and tables could work, how can I simulate or model Key Risk Indicators?" | US Banker
A good question without any doubt and from what I observe in general risk management practice, Key Risk Indicators are rarely modeled in coherent manner. Let's address the database design first, then we can investigate various ways in which Key Risk Indicators can be modeled. 

Thursday, May 15, 2014

Big challenges in risk

Only the other day, someone asked me what are presently the biggest challenges in risk management and while risk culture is probably always going to feature, Risk Information Technology or Risk IT has a lot of issues. When I refer to Risk IT here, this has nothing to do with computers or network connectivity but instead the analytics on these machines. Interestingly, what holds the risk community back is not the technology aspect per se but in some respects narrow mindsets. Let's take a look ...

Monday, April 7, 2014

Risk Based Audit

One of the biggest trends I am witnessing in the domain of audit is for auditors to migrate a traditional audit across to a Risk Based Audit program. This auditors' evolution or revolution if you prefer is relatively pervasive across market and industry sectors. It is actually reaching a point that in the not too distant future, a traditional audit will be seen by many as an outdated and unsatisfactory process for auditing a company.

In this blog posting we share a complete paper / presentation that leads an auditor through the various phases or steps that are required to perform a Risk Based Audit. 

Monday, March 31, 2014

Comprehensive Risk Frameworks for Reputation

Reputation risk is without any doubt a major concern for different types of entities across the planet and while risk managers recognize this fact, the methods by which many go about measuring and managing reputation risk can end up enfeebled and missing the point.

In this blog posting we share a complete and entire framework for Reputation Risk. 

Monday, February 24, 2014

The Auditor's Dilemma Part 1

Perhaps one of the largest dilemmas auditors face is being able to give stakeholders of any business they audit a level of confidence that they have captured and assessed 'all' material risks that threaten the company. A thumbs up if you prefer after an audit has taken place that the audit went well and the results are sound.

If risk is the effect of uncertainty on objectives, as the ISO 31000 global risk standard states it to be, then senior managers often expect a level of clarity or coverage to be expressed on what has been captured during a risk assessment exercise. They may also be keen to know what additional uncertainty may remain on the assessment of uncertainty:-(

In this blog posting we are going to describe the auditor's dilemma and in future blog postings we will untangle this paradox. 

Tuesday, February 18, 2014

Market Risk Implied or Inherent

To extend on from our previous article on inherent risk [ LINK ] we will dive a little bit deeper into the importance of inherent risk using an example from the domain of market risk measurement.

Friday, December 20, 2013

Positive Risk

It seems to be fashionable for risk specialists of all creeds to strive to become yes people rather than the no obstruction or control hurdle everyone in a business seems to detest. Yet, to truly embrace the innovation potential of risk management is going to require risk managers to chase the positive aspects, as well as the optionality in risk before risk management can evolve into a yes sport as opposed to the party pooper it often ends up being.

Thursday, December 5, 2013

The why in Inherent Risk

About a year ago I wrote an article on inherent risk versus residual risk and what the differences actually are. That preamble of a posting can be found here [LINK] but in this update we are going to look at why it is important to understand and then dimension inherent risk.

Wednesday, November 6, 2013

Contingency Theory in ERM

In Kaplan's view of the world of risk, Enterprise Risk Management needs to move towards a contingency theory, it is currently immature but at the very least an evolving discipline.

Last month, Robert Kaplan and Anette Mikes released their paper "Towards a Contingency Theory of Enterprise Risk Management" which is based on a ten year field project of over 250 interviews with senior risk officers. Their findings are quite disturbing or to cite the author's words "many organisations remain dissatisfied with existing risk management practices" and the risk management standards of ISO 31000 and COSO come under direct line of fire.

Monday, October 14, 2013

31000 Frameworks for Scenario Analysis

This week Causal Capital will be delivering a speech on how to 'stress test' an organisation for its resilience in managing catastrophes that originate from operational risk.

An associated draft white paper for this speech describes an entire framework for scenario analysis and can be found here LINK ].

Wednesday, September 18, 2013

31000 Frameworks for Market Risk

A recent discussion on the G31000 risk forum opened up an interesting debate that ISO 31000 doesn't really include explicit detailing on how to treat market risk, credit risk or whether it is or should be enterprise risk wide at all. The discussion can be found here [LINK].

We have taken to write this posting as a complete whitepaper that shows how to apply ISO 31000 to a firm wide market risk requirement.

In this blog we share the 31000 Risk Framework whitepaper for market risk [LINK].

Wednesday, August 14, 2013

Antifragile - Dose Response

Nassim Taleb recently released a draft working paper along with a video to explain his theory behind the book Antifragile. In this posting we'll take a look at both of these items and explore in R-Project some of the Sigmoid functions he uses.

If you are a fan of the Black Swan or the sequel Antifragile, then these additional pearls of wisdom are going to be intriguing to scrutinise further. They give us insight into the model that is at the heart of the Antifragile concept. 

Monday, August 12, 2013

ERM is more than Op Risk

If someone was to ask me what is the biggest hindrance holding back the evolution of Enterprise Risk Management today, I would probably have to say it's the over obsession risk analysts have with trying to squeeze the entire world of risk into the realm of operational risk.

Really, how important is operational risk in a typical company?

Saturday, August 10, 2013

Missed Opportunities in ERM

Should governing opportunities be part of the charter of Enterprise Risk Management? ... Is a discussion in the G31000 forum that is worth deliberating upon further. This [LINK] to the original dialogue will lead you to what has transgressed so far in the debate.

Most businesses run under two modes of operation; strategic planning and tactical delivery of what has already been strategically designed but Enterprise Risk Management usually finds itself applied to the tactical end of the game.

In this blog we'll take a look at four ways in which Enterprise Risk Management can become more involved in risk management for the strategy department.

Friday, August 2, 2013

Can risk models predict the future?

Back at camp G31000 we have another provocative debate raging on with "can we say that risk management helps to predict the future?LINK ] ... Let's ruminate on this statement for a moment.

Prediction and forecasting are a long standing deliberation but one that many people from the risk profession will ponder on at some point in their careers and it all ends up being partly philosophical but definitely paradoxical as we shall see.

Surely the more accurate we are in predicting something, the better off we become? ...