This is a series on the risk manager’s role in strategic planning. In this post I describe the unique and complementary functions of two risk methodologies: risk ID and assessment, and risk scenarios.
Risk Identification and Assessment Process
If you think about it, risk assessment is the opposite of defining a business plan or constructing a forecast. Instead of building one fragile model, and placing all of your hopes on it, you are subjecting that single model to critique from 1000 different perspectives. To illustrate:
Consider a multidisciplinary round-table review of draft plans. In risk facilitation, participants consider the plan or proposal through the filters of many criteria, such as risk categories, organizational values, and financial limits.
To identify risk systematically is a form of stress testing, not by inflating variables in a financial model by a given percentage, nor by running Monte Carlo simulations, but by challenging a hundred assumptions – namely, the ones that underlie each element of the plan or proposal.
Thoroughness is built into the process. You are mapping many minds, each with its rich personal expertise and unique point of view, through many “lenses”, all directed to the scrutiny of the plan. If you lead a structured discussion among the right participants, you will identify comprehensively all the critical business risks.
If you share, as appropriate, the resulting risk profile with proponents or stakeholders, and get their input on risk and mitigation, it is much easier to gain consensus on a plan for action.
Risk Scenario Analysis
Now we come to how to deal with the unpredictable and the unknown. Conventional forecasting tends to tie our fate to one picture of the future. Risk ID will lose its efficacy as time frames extend into the future and uncertainty rises dramatically. Another risk methodology is called for.
In a previous post, I talked about risk scenarios, and the value of this method to pursue robustness and resilience, similar to an all-hazards approach. Pictures of the future that are both plausible and critical serve as a litmus test of draft plans. Scenarios go beyond stress testing, because they consider structural change of the underlying relationship among future forces and influences. This enriches the planning discussion, creates possibilities, and opens up the examination of the long-term feasibility of the firm.
Enterprise Risk Management will continue to demand of risk managers support for planning objectives, including strategic risk assessment for major projects in the long term. Rigorous risk ID in a facilitated session of subject matter experts, as well as future risk scenario analysis, are two essential risk methodologies.