ISO 31004 Wishlist

The International Organisation for Standardization [ ISO ] is about to enter into a trial review for its ISO 31004 guide.

Being an active risk manager, I believe it is important to highlight potential key topical points for inclusion in the ISO 31004 program. This is all in the hope that the final ISO 31004 document will address some of the open ended elements that ISO 31000 seems to omit. The risk community at large seems to struggle with some of the items listed in the attachment that is linked to this post and more information, example case studies and critique on these areas of risk measurement specifically, would be welcome from the ISO body.

This blog lists 50 key aspects of commercial enterprise risk management which are not only common practice in some cases, but are also important for evolving the enterprise risk management field today.

The Model Dilemma

Over the last few months, risk models have come under the spotlight as a potential reason why risk management as an entire institutional function is failing. In the recent JP Morgan CDX tranche 9 blow up, Value at Risk was held accountable in much of the part. The JP Morgan disaster initially put the bank into a negative trajectory of at least USD 2bn and is very much a tail event that might just fall outside a traditional risk modelling technique.

But this is not an isolated case. There have been other claims from many corners of society that risk models are as dangerous as the risk they are attempting to quantify.

  

In this blog we look at the argument to rebuke the model.

Why Banks Fail Stress Tests

Perhaps one of the most important risk activities a bank should initiate or enhance over the coming years ahead is stress testing. The stress testing framework, not that risk analysts currently see it as that, is probably going to be the next best thing and the only viable commercially alternative for reducing financial sector fragility other than crippling regulation or bailouts.

  

In this blog we look at why banks have been failing their stress tests. 

Time in risk

A recent debate on the G31000 Linked in forum about time and risk poses the following question "Is delaying a risk considered a separate treatment method or is it just a sub-type of changing the likelihood?"

  

This is a very interesting statement and it leads this blog posting into looking at some of the aspects of risk through time. 
  
Time or the lack of it would intuitively have anyone believe that impact is likely to increase overtime just like a pressure cooker building up. I suppose that is one manner in which to conceptualize these time effects more practically. Alternatively, the "spreading out" of risk events makes for easier management, rather than having a lot of events occurring in a short period of time, it can go both ways. Perhaps then, time features more in risk management than we would like to first acknowledge?

In this blog posting we take a look at eight situations where time intertwines with risk. There are many more examples of risk in time or time in risk as it is, but we have chosen to talk about eight unique relationships of risk and time.

Perception in Objectives

Over the last two years alone, we have seen some incredible risk events across the planet. 

These disasters have not only been extremely high profile but also massively impacting and questions are now emanating from all quarters, that risk management as a commercial discipline of planning control is missing the mark.

  

What is wrong with risk management?