Monday, April 7, 2014

Risk Based Audit

One of the biggest trends I am witnessing in the domain of audit is for auditors to migrate a traditional audit across to a Risk Based Audit program. This auditors' evolution or revolution if you prefer is relatively pervasive across market and industry sectors. It is actually reaching a point that in the not too distant future, a traditional audit will be seen by many as an outdated and unsatisfactory process for auditing a company.

In this blog posting we share a complete paper / presentation that leads an auditor through the various phases or steps that are required to perform a Risk Based Audit. 

Monday, March 31, 2014

Comprehensive Risk Frameworks for Reputation

Reputation risk is without any doubt a major concern for different types of entities across the planet and while risk managers recognize this fact, the methods by which many go about measuring and managing reputation risk can end up enfeebled and missing the point.

In this blog posting we share a complete and entire framework for Reputation Risk. 

Monday, February 24, 2014

The Auditor's Dilemma Part 1

Perhaps one of the largest dilemmas auditors face is being able to give stakeholders of any business they audit a level of confidence that they have captured and assessed 'all' material risks that threaten the company. A thumbs up if you prefer after an audit has taken place that the audit went well and the results are sound.

If risk is the effect of uncertainty on objectives, as the ISO 31000 global risk standard states it to be, then senior managers often expect a level of clarity or coverage to be expressed on what has been captured during a risk assessment exercise. They may also be keen to know what additional uncertainty may remain on the assessment of uncertainty:-(

In this blog posting we are going to describe the auditor's dilemma and in future blog postings we will untangle this paradox. 

Tuesday, February 18, 2014

Market Risk Implied or Inherent

To extend on from our previous article on inherent risk [ LINK ] we will dive a little bit deeper into the importance of inherent risk using an example from the domain of market risk measurement.

Friday, December 20, 2013

Positive Risk

It seems to be fashionable for risk specialists of all creeds to strive to become yes people rather than the no obstruction or control hurdle everyone in a business seems to detest. Yet, to truly embrace the innovation potential of risk management is going to require risk managers to chase the positive aspects, as well as the optionality in risk before risk management can evolve into a yes sport as opposed to the party pooper it often ends up being.

Thursday, December 5, 2013

The why in Inherent Risk

About a year ago I wrote an article on inherent risk versus residual risk and what the differences actually are. That preamble of a posting can be found here [LINK] but in this update we are going to look at why it is important to understand and then dimension inherent risk.

Wednesday, November 6, 2013

Contingency Theory in ERM

In Kaplan's view of the world of risk, Enterprise Risk Management needs to move towards a contingency theory, it is currently immature but at the very least an evolving discipline.

Last month, Robert Kaplan and Anette Mikes released their paper "Towards a Contingency Theory of Enterprise Risk Management" which is based on a ten year field project of over 250 interviews with senior risk officers. Their findings are quite disturbing or to cite the author's words "many organisations remain dissatisfied with existing risk management practices" and the risk management standards of ISO 31000 and COSO come under direct line of fire.

Monday, October 14, 2013

31000 Frameworks for Scenario Analysis

This week Causal Capital will be delivering a speech on how to 'stress test' an organisation for its resilience in managing catastrophes that originate from operational risk.

An associated draft white paper for this speech describes an entire framework for scenario analysis and can be found here LINK ].

Wednesday, September 18, 2013

31000 Frameworks for Market Risk

A recent discussion on the G31000 risk forum opened up an interesting debate that ISO 31000 doesn't really include explicit detailing on how to treat market risk, credit risk or whether it is or should be enterprise risk wide at all. The discussion can be found here [LINK].

We have taken to write this posting as a complete whitepaper that shows how to apply ISO 31000 to a firm wide market risk requirement.

In this blog we share the 31000 Risk Framework whitepaper for market risk [LINK].

Wednesday, August 14, 2013

Antifragile - Dose Response

Nassim Taleb recently released a draft working paper along with a video to explain his theory behind the book Antifragile. In this posting we'll take a look at both of these items and explore in R-Project some of the Sigmoid functions he uses.

If you are a fan of the Black Swan or the sequel Antifragile, then these additional pearls of wisdom are going to be intriguing to scrutinise further. They give us insight into the model that is at the heart of the Antifragile concept. 

Monday, August 12, 2013

ERM is more than Op Risk

If someone was to ask me what is the biggest hindrance holding back the evolution of Enterprise Risk Management today, I would probably have to say it's the over obsession risk analysts have with trying to squeeze the entire world of risk into the realm of operational risk.

Really, how important is operational risk in a typical company?

Saturday, August 10, 2013

Missed Opportunities in ERM

Should governing opportunities be part of the charter of Enterprise Risk Management? ... Is a discussion in the G31000 forum that is worth deliberating upon further. This [LINK] to the original dialogue will lead you to what has transgressed so far in the debate.

Most businesses run under two modes of operation; strategic planning and tactical delivery of what has already been strategically designed but Enterprise Risk Management usually finds itself applied to the tactical end of the game.

In this blog we'll take a look at four ways in which Enterprise Risk Management can become more involved in risk management for the strategy department.

Friday, August 2, 2013

Can risk models predict the future?

Back at camp G31000 we have another provocative debate raging on with "can we say that risk management helps to predict the future?LINK ] ... Let's ruminate on this statement for a moment.

Prediction and forecasting are a long standing deliberation but one that many people from the risk profession will ponder on at some point in their careers and it all ends up being partly philosophical but definitely paradoxical as we shall see.

Surely the more accurate we are in predicting something, the better off we become? ...

Tuesday, July 30, 2013

A Failure To Define - Part I

Risk managers and consultants often facilitate "risk management workshops" in an effort to capture a registry or list of threats that their businesses may face. The way these workshops are delivered can vary substantially between practitioners but all that aside, a common problem found by many risk managers is; How to propose the likelihood of occurrence for a specific incident and how to identify its unbiased impact.

Let's take a look at this.

Tuesday, July 23, 2013

Extending Ishikawa with PLS-PM

In a recent article on this blog site we looked at how Ishikawa diagrams can be used to represent the causal drivers or factors for risk. However, these schematics lack the statistical models necessary for quantifying which factors are contributing most to the top event.

Perhaps one of the biggest problems with all causal analysis techniques are the conclusions that risk analysts draw from their assumptions, yet they often fail to test these postulations. In this blog we are going to look at how causal factors in a Bowtie or Ishikawa diagram can be investigated by "adding-in" the relevant statistical models. Our aim here is to identify which factors contribute most to a top event by considering both their frequency of occurrence as a driver but also how each variable intertwines and correlates in a network of factors to spawn an outcome.

Tuesday, July 16, 2013

Ishikawa Diagrams Explained

Several risk analysts have asked me how difficult Ishikawa Diagrams are to build and in this short article we are going to quickly construct one of these schematics.

"In ISO 31010 Fishbone Diagrams and Root Cause Mapping are recommended techniques for structured analysis techniques, section B.12.4 of ISO 31010. Do you have an example of such a Fishbone Diagram and are there any software tools that can assist with these techniques?"

Thursday, July 11, 2013

A failure of risk appetite

A recent survey titled the Expectations of Risk Management, It's time for action, leaves the expectations kind of wanting quite frankly. Published by KPMG in co-operation with the Economist Intelligence Unit, the survey encapsulates some excellent results and across various aspects of enterprise risk management. Don't misunderstand me, the survey is fantastic but those being surveyed might need a touch of help.

Specifically, I am rather disheartened to see that setting and measuring risk appetite appears to be a rare thing to consider for most executives in business.

Tuesday, July 9, 2013

Supply Chain Risk Management Paper

An interesting question was sent to me only the other day on Supply Chain Risk Management. 

"Martin, do you have any specific risk frameworks or do you know of any good case studies that have been published on Supply Chain Risk Management (SCRM)?".

As it happens, we are working on SCRM in Causal Capital but more on that another time. I also do know of a really grand case study on the framework aspects of Supply Chain Risk Management that has been published by The Pharmaceutical Quality Group, let's take a quick peep.  

Monday, July 8, 2013

UK Govt Response on Banking Standards

The Parliamentary Commission on Banking Standards final report is supposed to change banking for good and after reading what has been published, it definitely looks like a game changer for rogue bankers, let's take a look. 

Thursday, June 13, 2013

DTCC Systemic Risk Survey

A client of mine asked today which systemic risks are likely to impact a clearing organisation, what are the top ten?

Well, a couple of months ago the Depository Trust and Clearing Corporation (DTCC) ran a risk survey across the banking sector to identify key systemic risks which impact banks and clearing houses.  Let's see what came out of the survey ...