Positive Risk

It seems to be fashionable for risk specialists of all creeds to strive to become yes people rather than the 'No Obstruction Control Hurdle' everyone in a business generally detests. Yet, to truly embrace the innovation potential withing risk management is going to require risk managers to chase the positive aspects of risk.

Risk managers will need to explore the optionality in a risk before risk management can evolve into a yes sport as opposed to the party pooper it often ends up being.

The why in Inherent Risk

About a year ago I wrote an article on inherent risk versus residual risk and what the differences actually are. That preamble of a posting can be found here [LINK] but in this update we are going to look at why it is important to understand and then dimension inherent risk.

Contingency Theory in ERM

In Kaplan's view of the world of risk, Enterprise Risk Management needs to move towards a contingency theory, it is currently immature but at the very least an evolving discipline.

Last month, Robert Kaplan and Anette Mikes released their paper "Towards a Contingency Theory of Enterprise Risk Management" which is based on a ten year field project of over 250 interviews with senior risk officers. Their findings are quite disturbing or to cite the author's words "many organisations remain dissatisfied with existing risk management practices" and the risk management standards of ISO 31000 and COSO come under direct line of fire.

31000 Frameworks for Scenario Analysis

This week Causal Capital will be delivering a speech on how to 'stress test' an organisation for its resilience in managing catastrophes that originate from operational risk.

An associated draft white paper for this speech describes which is really an entire framework for scenario analysis has been written and can be found here [ LINK ].

31000 Frameworks for Market Risk

A recent discussion on the G31000 risk forum opened up an interesting debate that ISO 31000 doesn't really include explicit detailing on how to treat market risk, credit risk or whether it is or should be enterprise risk wide at all.

We have taken to write this posting as a complete whitepaper that shows how to apply ISO 31000 to a firm wide market risk requirement.

In this blog we share the 31000 Risk Framework whitepaper for market risk [LINK].

Antifragile - Dose Response

Nassim Taleb recently released a draft working paper along with a video to explain his theory behind the book Antifragile. In this posting we'll take a look at both of these items and explore in R-Project some of the Sigmoid functions he uses.

If you are a fan of the Black Swan or the sequel Antifragile, then these additional pearls of wisdom are going to be intriguing to scrutinise further. They give us insight into the model that is at the heart of the Antifragile concept. 

ERM is more than Op Risk

If someone was to ask me what is the biggest hindrance holding back the evolution of Enterprise Risk Management today, I would probably have to say it's the over obsession risk analysts have with trying to squeeze the entire world of risk into the realm of operational risk.

Really, how important is operational risk in a typical company?

Missed Opportunities in ERM

Should governing opportunities be part of the charter of Enterprise Risk Management? ... Is a discussion in the G31000 forum that is worth deliberating upon further. This [LINK] to the original dialogue will lead you to what has transgressed so far in the debate.

Most businesses run under two modes of operation; strategic planning and tactical delivery of what has already been strategically designed but Enterprise Risk Management usually finds itself applied to the tactical end of the game.

In this blog we'll take a look at four ways in which Enterprise Risk Management can become more involved in risk management for the strategy department.

Can risk models predict the future?

Back at camp G31000 we have another provocative debate raging on with "can we say that risk management helps to predict the future?" [ LINK ] ... Let's ruminate on this statement for a moment.

Prediction and forecasting are a long standing deliberation but one that many people from the risk profession will ponder on at some point in their careers and it all ends up being partly philosophical but definitely paradoxical as we shall see.

Surely the more accurate we are in predicting something, the better off we become? ...

A Failure To Define - Part I

Risk managers and consultants often facilitate "risk management workshops" in an effort to capture a registry or list of threats that their businesses may face. The way these workshops are delivered can vary substantially between practitioners but all that aside, a common problem found by many risk managers is; How to propose the likelihood of occurrence for a specific incident and how to identify its unbiased impact.

Let's take a look at this.

Extending Ishikawa with PLS-PM

In a recent article on this blog site we looked at how Ishikawa diagrams can be used to represent the causal drivers or factors for risk. However, these schematics lack the statistical models necessary for quantifying which factors are contributing most to the top event.

Perhaps one of the biggest problems with all causal analysis techniques are the conclusions that risk analysts draw from their assumptions, yet they often fail to test these postulations. In this blog we are going to look at how causal factors in a Bowtie or Ishikawa diagram can be investigated by "adding-in" the relevant statistical models. Our aim here is to identify which factors contribute most to a top event by considering both their frequency of occurrence as a driver but also how each variable intertwines and correlates in a network of factors to spawn an outcome.

Ishikawa Diagrams Explained

Several risk analysts have asked me how difficult Ishikawa Diagrams are to build and in this short article we are going to quickly construct one of these schematics.

"In ISO 31010 Fishbone Diagrams and Root Cause Mapping are recommended techniques for structured analysis techniques, section B.12.4 of ISO 31010. Do you have an example of such a Fishbone Diagram and are there any software tools that can assist with these techniques?"

A failure of risk appetite

A recent survey titled the Expectations of Risk Management, It's time for action, leaves the expectations kind of wanting quite frankly. Published by KPMG in co-operation with the Economist Intelligence Unit, the survey encapsulates some excellent results and across various aspects of enterprise risk management. Don't misunderstand me, the survey is fantastic but those being surveyed might need a touch of help.

Specifically, I am rather disheartened to see that setting and measuring risk appetite appears to be a rare thing to consider for most executives in business.

Supply Chain Risk Management Paper

An interesting question was sent to me only the other day on Supply Chain Risk Management. 

"Martin, do you have any specific risk frameworks or do you know of any good case studies that have been published on Supply Chain Risk Management (SCRM)?".

As it happens, we are working on SCRM in Causal Capital but more on that another time. I also do know of a really grand case study on the framework aspects of Supply Chain Risk Management that has been published by The Pharmaceutical Quality Group, let's take a quick peep.  

UK Govt Response on Banking Standards

The Parliamentary Commission on Banking Standards final report is supposed to change banking for good and after reading what has been published, it definitely looks like a game changer for rogue bankers, let's take a look. 

DTCC Systemic Risk Survey

A client of mine asked today which systemic risks are likely to impact a clearing organisation, what are the top ten?

Well, a couple of months ago the Depository Trust and Clearing Corporation (DTCC) ran a risk survey across the banking sector to identify key systemic risks which impact banks and clearing houses.  Let's see what came out of the survey ...

Stress Testing Front to Back

Stress testing is an ongoing concern for many banks across the planet and some risk teams are even struggling to find a starting point for entering into a comprehensive stress test program.

This short article is the outcome of a presentation that was recently delivered as a speech on stress testing in Singapore.  

Reputation Risk

Risks and losses that are caused from reputational damage are not part of the Pillar I Basel II regulatory requirements, but a framework or reputation risk initiative still needs to be developed by risk departments in banks.

If banks are unable to dimension what drives reputational damage in their organisations, they can't really say they have completed Pillar II for Basel. In this blog posting, a small presentation has been supplied as the outcome of an exploratory exercise into how to launch a reputational risk campaign in a bank. This is one of the artifacts from a recent operational risk workshop that was run in Dubai.

Hidden in a risk register

Risk registries are useful reports for looking at the entire hazard horizon across an enterprise but they have some issues which many risk analysts overlook.

In this blog posting, we take a look at a fundamental flaw found in nearly all risk registers.

ERM in the Philippines

It has been a while since I have posted but my clients across Asia have kept me busy with their various work related projects. This generally takes precedence over blogging.

This week however, Causal Capital delivered a presentation on what Enterprise Risk Management really means in terms of scope for risk managers in a corporation.

In this short blog posting, we look at various elements of Enterprise Risk Management for small medium enterprises and what should be in scope. There is also a link to the main presentation that was delivered to a group of seasoned risk practitioners in Manila.

H7N9 - The world is not ready for this

If Dr Timothy Uyeki and Dr Nancy Cox from the Center for Disease Control have it right, the human species is sitting on the edge of biological catastrophe.

The subject of epidemic surveillance has featured before on this blog [LINK] but this time our posting is far less academic and a lot more preemptive in its warning. From early analysis, H7N9 is a major risk threat which needs wider attention. Let's take a brief look at what appears to be very concerning, even though it is only a matter days since H7N9 has entered our world.
  

Risk Dashboards

A recent debate between risk analysts on how to report risk resulted in several suggestions but the discussion was reduced to comparing one chart type with another. This is all fine and I threw in a recommendation for the 3 in 1 polar plot [LINK] but risk reporting surely has to be greater than this.

Reporting risk really needs to be more holistic and it should take in a wider perspective of alternate measures of uncertainty found in a firm. Risk Dashboards achieve this end and we'll take a look at a couple of them in this blog.    

Stress Testing Framework

Properly stress testing measures of risk is a complicated activity that few companies have done well.  In this blog we take a look at a complete framework for stress testing.

3 in 1 risk chart

A question from a client today kind of goes like this: "Is it possible to plot three types of risk variables in one chart and if so, what kind of risk chart could we use to achieve this goal?"

This is an interesting query for sure and risk charting is an area of risk management which is fascinating but can be quite complex. There is certainly more than one answer to such a question but today we'll take a look at Polar Charts as a solution.
  

Risk Taxonomies

A recent poll on whether enterprise risk frameworks should employ a risk taxonomy or not seems to have turned out an encouraging result. Over 93% of risk practitioners voting gave a thumbs up for risk categorisation and only a handful of souls repelled the concept.

In this posting we look at four steps to bring a risk taxonomy into operation and a Dendrogram Cluster Report is demonstrated to show how risk can be prioritized within a taxonomy.

Two schools of thought for measuring op risk

I have been reading a lot of posts on many different risk forums of late and it appears that the Frequency x Magnitude argument for measuring operational risk, is a stubborn pandemic and a failing that is going to be nearly impossible to move on from.

How do we really measure operational risk?

What is scenario analysis to op risk people?

Over the last few days, several people have discussed various scenario analysis techniques with me and going on general opinion, this risk assessment technique is very popular among operational risk analysts. Definitely no doubt there, but what scenario analysis means to one analyst, can often be something entirely different to another.

What does scenario analysis really mean to operational risk analysts?

Op Risk - 10 areas of success and 10 failures

Basel III slipping its deadlines isn't probably ground breaking news for anyone working in the Basel risk domain, it is even possible that Basel III may fail entirely but that is for another debate.

Today we are going to look at what worked-out in Basel II operational risk because this isn't a done deal either.

Global Risks 2013

The time of year has come around again for the World Economic Forum and its various research publications on Risk Management. This year the whole program is dedicated to the theme of resilience.

In this short blog posting, we'll take a look at the WEF report on Global Risks 2013 and which country comes out best as a leader in risk management.

Before reading on, can you guess who is going to be at the top of the league table?
  

ISO 31000 supporting Basel II

On the G31000 LinkedIn risk forum, we have decided to open up a new "chat room" that is dedicated to the application of the ISO 31000 enterprise risk management standard in Banking, Insurance, Supply Chain Finance, Markets and Investment.

The link for the new group can be found by clicking on the logo here 

In this blog posting we are going to consider whether ISO 31000 is compatible with Basel II from the outset.

Five thorns of ISO 31000

Anyone following the G31000 forum closely will come to realize that there are some continual inconsistencies of opinion which raise their head when ISO 31000 is discussed broadly. I call these debates of contention, the Five Thorns of ISO 31000.

In this blog posting, we are going to look at these Five Thorns in more detail. The aim in the end, is to put a structural emphasis on attempting to resolve them.