The views and opinions expressed in this article are those of the thought leader as an individual, and are not attributed to CeFPro or any particular organization.
Steve Schlarman, Integrated Risk Management Strategist, Archer
How does risk quantification fit into a long-term risk management strategy?
Given the uncertainty in the market today, the assessment of the risk is not taken lightly or viewed as insignificant. Rather, many business leaders and decision-makers lack the proper tools and capabilities to assess, quantify, and monitor business risk accurately. Without a solid understanding of which risks are most important to the business, decision-makers cannot identify the best course of action, prioritize issues, or steer the business in the right direction through informed decisions.
Risk quantification is NOT about just using math or creating complex statistical models for risk management. The objective of quantifying risk is to make better business decisions. Risk quantification creates a more accurate picture of risk, informing the business and meeting the main goal of risk management – mitigating risk and address constraints that hinder business goals that grow corporate and shareholder value.
Enterprise risk management has been part of organizations for years in some manner and in some cases, organizations have created substantial approaches. However, most of those programs are built on qualitative analysis approaches. While those methods may start the conversation, a purely qualitative approach falls short on the tough questions being asked around the board room table. Risk quantification allows risk teams to utilize the data and experience they already have in new and exciting ways. Risk can be analyzed, aggregated, and visualized in ways that speak to the business. Risk teams can go from simply ‘reporting risk’ to actually ‘communicating risk’ through the power of quantification.
What methods can be used to get moving in the right direction and bring value to the business through risk management?
Risk management contains many elements – from engaging business operations to understand potential risks to analysing those risks and then presenting information to support decision making. Risk management should be an advisory function that provides input to the business to consider while making decisions at both the tactical and strategic level. At the heart of that decision making input is providing the right analysis that gives actual business insights – not just identifying possible areas of exposure.
Risk analysis could be just simple, qualitative, rational thinking; it could be in-depth statistics; or it could be anything in between. Risk analysis should be the quickest, the most believable, and the most defensible way to help guide decision-making in solving problems. Risk quantification represents the next phase in driving greater precision and meaning in discussions risk management teams have with their business partners.
Unfortunately, many risk managers may recoil at the thought of implementing quantitative statistical or probabilistic methods for a variety of reasons. But they are closer than they think to adding risk quantification to their toolset:
How can we improve communicating risk to leadership? What practical approaches can be used?
Get leadership support: Risk is a topic that many executives discuss quite frequently. It is important to understand the gaps in the conversation and prepare executives for a shift in how risk is measured and communicated. A short review of current practices should look at what data typically is available and the past structure of risk reporting. Focus should be placed on gaps or inconsistencies.
Start simple: A critical component of bringing risk analysis to an organization is to train the analysts in risk modeling. Sufficient time should be allowed for exercises and problems that are designed to reflect the types of problems the business faces. For everyone involved, analysis of bounded, simple examples allows everyone to gain experience of their respective roles, and to learn some lessons on how risk analysis can be structured to work for the organization.
Seek to answer some basic questions first:
Quantitative risk analysis is acknowledged by many authorities on risk management as a valuable tool for any types of business, if it is well-organized and adopted throughout your organization. It is not complex and can be incorporated into a business’ current methods with little difficulty. With moderate investment in time and money, risk quantification will provide substantial value to your organization through effective communication and efficient management of risk.
Steve will be speaking at our upcoming Operational Risk Management USA Congress, taking place on October 12-13 at Etc Venues Lexington.