Over the last two years alone, we have seen some incredible risk events across the planet.
These disasters have not only been extremely high profile but also massively impacting and questions are now emanating from all quarters, that risk management as a commercial discipline of planning control is missing the mark.
These disasters have not only been extremely high profile but also massively impacting and questions are now emanating from all quarters, that risk management as a commercial discipline of planning control is missing the mark.
The Shake Up
The failure of the banking system is nothing new to anyone but depending on whom you speak with, the debates around the different causes can be quite diverse. In general, not only is the morality of bankers being questioned today but also the ability of regulators to manage the system as a whole. From the rating agencies to the governments that oversee a worsening European sovereign debt crisis, whoever you choose to look at, actually the whole lot it seems is an utter basket case.
Our problems or the ability to govern risk doesn't appear to be too good and that is especially the case if we go on recent news. Mind you, this label of malpractice isn't reserved for the financial markets alone and while the banks are taking the lion share of accusation for running risk departments which are a farce, other industry sectors are also miserably struggling with the practice of risk management.
Our problems or the ability to govern risk doesn't appear to be too good and that is especially the case if we go on recent news. Mind you, this label of malpractice isn't reserved for the financial markets alone and while the banks are taking the lion share of accusation for running risk departments which are a farce, other industry sectors are also miserably struggling with the practice of risk management.
Recently failed trading strategies at JP Morgan are just another paragon of where oversight, risk management, control, insight, whatever it is, have all grossly failed. The JP Morgan bonanza is actually creating more noise today than the 2bn rogue trading disaster at UBS less than a year before. MF Global, UBS, BP, Transocean, Tepco in Japan, Dexia, Bankia or even the charade around the Facebook IPO; in fact the almanac of calamities seems utterly incredible and endless.
Now a lot of people out there are blaming Value at Risk as our problem for failing to effectively measure risk and while I am not going to defend VaR here, I don't believe the modelling tool had anything to do with BP or the Tepco explosions directly. Don't misunderstand me, I voice plenty of admonitory against VaR [see link] but our misadventure with risk is far greater than this.
Let's zoom out and take a look at the reason why people choose do things, perhaps the objective within action or inaction as it appeared to be with the Tepco calamity. Whether we like it or not, a typical potential choice event horizon is extremely complex and this is before we introduce human evils into the system. It actually starts with understanding how we measure success in the first place and for what it's worth, this is often based entirely around the position of a projected Net Present Value number.
The overuse of discounted cash flow analysis that leads to ubiquitous NPV calculation is simply inappropriate when applied to uncertain investments, whether they are new products, entering new markets or launching bold strategies.
NPV and DCF | FR Press
This is the tip of the iceberg and I have seen so many models that have flawed assumptions; so rough are these measures of cost, worth, value or price, that NPV itself is actually a fantasy living within a fantasy much of the time. Putting NPV traps to the aside for the moment, many business managers also fail to accept that investing or divesting into anything actually combines a future floating position with existing assets. The correlation of unknown new objectives in line with existing uncertain strategies can have extremely volatile consequences when something like leveraged debt is thrown into the mix.
Figure 1: Objectives and Perception Map | Martin Davies [Click image to enlarge]
The next point that completely knackers us is risk appetite, and I haven't come across very many businesses that truly measure risk appetite properly through time.
The big problem with risk appetite is that it is often based around incomplete information or data derived from randomness and then a business manager is likely to frame pivotal decisions based on their own internal and behavioral slants. In reality, there is an incredible array of behavioral traits that can clobber the decision maker from forming a reconcilable or coherent choice. From Myopic loss aversion to parabolic discounting and beyond, all these human flaws add opacity to decision making process and their implications need to be understood.
Finally, when we look back at choices made in the past; we have to accept historical wins and losses are retrospective and our risk appetite might have changed even if everything else has remained constant.
So what am I saying here?
Is it impossible to improve the way risk management works in complex business environments and commercial communities that are becoming more globally interconnected?
Is it impossible to improve the way risk management works in complex business environments and commercial communities that are becoming more globally interconnected?
ISO 31000
One bright beacon on the hill for risk managers today is ISO 31000. This relatively neoteric risk framework kicks off from the angle of "the objective" and right up front. "The Objective" connector for risk is so important in ISO 31000, it has been stipulated in the opening statement of the risk standard.
Organizations of all types and sizes face internal and external factors and influences that make it uncertain whether and when they will achieve their objectives. The effect this uncertainty has on an organisation's objectives is "risk"
Opening Statement in ISO 31000 | ISO 31000
Beyond the prelude, variants of this objective theme or specifically, the word "objectives" feature about forty seven times throughout the entire brief. What is additionally refreshing is that ISO 31000 is straight forward to understand and it can be customized for any type of organisation.
If we assume risk management is actually formalised within an institution, then a firm might do well to consider embedding decision making and risk appetite into their risk enterprise framework. One of the easiest ways to achieve this is from "the objective" corner directly and by investigating some of the following risk activities listed below:
Five tips
So where does that leave us in respect to the problem outlined in Figure 1 above?
So where does that leave us in respect to the problem outlined in Figure 1 above?
If we assume risk management is actually formalised within an institution, then a firm might do well to consider embedding decision making and risk appetite into their risk enterprise framework. One of the easiest ways to achieve this is from "the objective" corner directly and by investigating some of the following risk activities listed below:
The school of thought around real options is quite pure and the process of pricing in the real option space will lead us to consider or value specifically more than one potential position in the future. It also attempts to do this in line with volatility and while the exercise alone might turn out pricing errors, the effort has a tendency to move the analyst into a position where they contemplate adversity. Concisely, there is an array of outcomes in the future, not one single future position.
[2] ENGINEER SCENARIOS INLINE WITH APPETITE
Creating a bad, expected and good scenario model for any future business objective is not detailed enough. Additionally, when business managers find themselves living in a negative scenario, their risk appetite is likely to change and minimize coherent decisions for recovery.
To solve this problem, negative business scenarios need to be accompanied with recovery, mitigation or transference plans and these strategies need to be turned into tactical responses before any objective is consider beyond its inception.
[3] CONSIDER ESTIMATING THE IMPACT OF A NEW RISK ON EXISTING ASSETS
To solve this problem, negative business scenarios need to be accompanied with recovery, mitigation or transference plans and these strategies need to be turned into tactical responses before any objective is consider beyond its inception.
[3] CONSIDER ESTIMATING THE IMPACT OF A NEW RISK ON EXISTING ASSETS
If we consider the negative scenario or sometimes the positive trajectory, we need to try at the very least to understand the likely impact of new objectives on our existing operations, programs and assets.
What would happen if we leap forward into an uncertain objective and an existing asset also becomes encumbered? Two bad things together, perhaps three or four are likely to have much larger aggregated impacts when combined, than the single four events alone. Risk has this tendency to cluster and correlate but very few risk managers consider a stress test before they are in a stressed operating environment.
What would happen if we leap forward into an uncertain objective and an existing asset also becomes encumbered? Two bad things together, perhaps three or four are likely to have much larger aggregated impacts when combined, than the single four events alone. Risk has this tendency to cluster and correlate but very few risk managers consider a stress test before they are in a stressed operating environment.
[4] LOOK AT BUILDING RESILIENCE AND CONSIDER RISK VELOCITY
Most businesses have some kind of risk function in play even though it may not be formalised and generally as human beings, we do tend to make decisions with consideration of the unwanted. All this aside, risk has a tendency to actualize at different "speeds".
Causal factors which are always inherent hazards in a business model can combine and as the victim moves through time, the time to impact may also start to shorten as a consequence.
Causal factors which are always inherent hazards in a business model can combine and as the victim moves through time, the time to impact may also start to shorten as a consequence.
Figure 2: Risk Propagation and Time | Martin Davies [Click image to enlarge]
It isn't uncommon to find plans for resolutions arriving too little too late. The Tepco nuclear disaster is a great example of "oh what do we do now" and inaction over quite a long time horizon turned a disaster into a catastrophe. Tepco had plenty of opportunities to resolve the disaster as it was unfolding, it simply acted to late. The European Sovereign debt crisis is heading down the same route and we have had quite a few years now to consider what to do with Greece but right now, we only have a matter of months to actually do something before other countries fall off the wagon.
[5] UNDERSTAND IMPLICATIONS FROM OPERATING OR FINANCIAL LEVERAGE
[5] UNDERSTAND IMPLICATIONS FROM OPERATING OR FINANCIAL LEVERAGE
Operating or financial leverage will increase the "speed" of the situation we have described above and banks which were highly leveraged, certainly the ones at the peak of the global financial crisis, simply didn't survive. The problem with leverage is that during good times business managers are inclined to loosen their risk appetite over the objective horizon, yet they don't reassess potential impacts from this higher risk taking behaviour inline with the four points above.
In nearly all of the examples listed here, firms like Tepco, UBS or BP had plenty of time to limit their downside but inaction and poorly aligned risk appetite brought them all to outcomes which were extremely catastrophic, rather than mild as a result of being resilient.
No comments:
Post a Comment