Strategic Risk Assessment-5/6

2010-08-03 / How to do Risk Assessment / 0 Comments

This is a series on the risk manager’s role in strategic planning. In this post I describe the unique and complementary functions of two risk methodologies: risk ID and assessment, and risk scenarios.

Risk Identification and Assessment Process

If you think about it, risk assessment is the opposite of defining a business plan or constructing a forecast. Instead of building one fragile model, and placing all of your hopes on it, you are subjecting that single model to critique from 1000 different perspectives. To illustrate:

Consider a multidisciplinary round-table review of draft plans. In risk facilitation, participants consider the plan or proposal through the filters of many criteria, such as risk categories, organizational values, and financial limits.

To identify risk systematically is a form of stress testing, not by inflating variables in a financial model by a given percentage, nor by running Monte Carlo simulations, but by challenging a hundred assumptions – namely, the ones that underlie each element of the plan or proposal.

Thoroughness is built into the process. You are mapping many minds, each with its rich personal expertise and unique point of view, through many “lenses”, all directed to the scrutiny of the plan. If you lead a structured discussion among the right participants, you will identify comprehensively all the critical business risks.

If you share, as appropriate, the resulting risk profile with proponents or stakeholders, and get their input on risk and  mitigation, it is much easier to gain consensus on a plan for action.

Risk Scenario Analysis

Now we come to how to deal with the unpredictable and the unknown. Conventional forecasting tends to tie our fate to one picture of the future. Risk ID will lose its efficacy as time frames extend into the future and uncertainty rises dramatically. Another risk methodology is called for.

In a previous post, I talked about risk scenarios, and the value of this method to pursue robustness and resilience, similar to an all-hazards approach. Pictures of the future that are both plausible and critical serve as a litmus test of draft plans. Scenarios go beyond stress testing, because they consider structural change of the underlying relationship among future forces and influences. This enriches the planning discussion, creates possibilities, and opens up the examination of the long-term feasibility of the firm.

Enterprise Risk Management will continue to demand of risk managers support for planning objectives, including strategic risk assessment for major projects in the long term. Rigorous risk ID in a facilitated session of subject matter experts, as well as future risk scenario analysis, are two essential risk methodologies.

Read More

Risk Assessment: Manufacturing and Credit Risk

2010-06-10 / How to do Risk Assessment / 0 Comments

How should risk assessment in business be conducted? We might differentiate risk identification as an exercise in exposure analysis, using conventional categories of loss, from a more comprehensive concept of risk ID called for in Enterprise Risk Management.

An expanded idea of risk ID and assessment is useful in complex contexts.

In recent weeks I’ve been corresponding with a loss control expert based in Dubai who took my online course (How to Conduct High Quality Risk Assessment). We were trading notes on how risk assessment in business is done. He has particular challenges in risk assessment: construction and manufacturing firms are his specialty. He described credit risk analysis for manufacturing concerns:

“The most important factor is the collateral back up shown to the credit manager at the time of availing the credit, and the projected revenues after (supposed) infusion of the borrowed funds.”

He went on to say that the analyst has to check the deployment of the borrowed funds, using his/her knowledge of the manufacturing process, inputs and associated costs. The next task: “root cause analysis of failure (if the venture is on the red side ) and of the activity to generate the required revenues”, using both financial and technical engineering expertise.

I suggested: It seems to me that just here might be the right stage at which to conduct a comprehensive risk identification and assessment session, or a series of them, using a round table of experts. As long as the sessions are carefully prepared by establishing context, and the right visual and discussion aids are used, it is possible to identify risk reasonably comprehensively along several lines of inquiry in a systematic fashion:

  • strategic concept: macro-economic risk and market conditions;
  • cash flows and financial model: examine assumptions and probability estimates;
  • business continuity and resiliency;
  • manufacturing process flows and technical infrastructure;
  • management and HR; organizational culture;
  • supply chain: sole/single source and third party suppliers;

and so on, depending on the scope of the project and time available to conduct the analysis. As a rule, in past projects, I’ve been able to complete sessions with 6 to 8 participants on a particular risk context in 2 or 3 sessions of 3 hours each, assuming adequate preparation and follow-up by email.

This idea seemed to strike a chord with my correspondent:

“Yes, the 4th para of your second mail [multi-disciplinary risk ID session] is a good solution. The finance professional alone holding responsibility for the risk management of any organisation is definitely a misconstrued idea… Statistical data, models, assumptions and precedents can help to some extent only. A correct and responsible study of the risk exposures and arriving at mitigation is the correct and useful method. Many times the collateral is not properly and professionally assessed and is commonly over-stated /over-valued to satisfy the lender.”

Read More