Have you become “Nose Blind” to deficiencies in your ERM program?

Posted May 16, 2016 by riskviews
Categories: Enterprise Risk Management

You may have seen the commercial for the room freshener about becoming “Nose Blind” to odors.

Well, the same thing happens all the time, even in good ERM programs.

In the early days of ERM, the smart CRO is willing to take the victories that they can get and not let the “perfect be the enemy of the good”. And if they do it right, they will end up with an ERM program much faster then the perfectionist CRO and his two or three successors.

But, that CRO will eventually become “nose blind” to the weak spots in ERM. Just as a long term homeowner who goes to sell a house and has a hard time believing that new buyers cannot just step over that bad spot on the floor just as they have been doing for 10 years.

That is the reason that an outside audit of an ERM program is needed every so often.  The outside audit brings in a fresh nose.  But you need to be careful in charging the auditor.

There are two aspects of the ERM program that the auditor needs to look for:

  1. Poor execution of the ERM Framework
  2. Incomplete ERM Framework

And the nose blindness might apply in either aspect.  The CRO may have become nose blind to the places where someone is doing a weak job of execution.  Again, this may have been the area that was least supportive of ERM when the program was new.  So due to steady opposition, the CRO eventually just learns to live with whatever the managers in that area are willing to do, however minimal and ineffective.  And the CRO could be responsible to choosing to not attempt some normal parts of an ERM program when they are first making up the ERM Framework of the company.  Or, the standard that was initially used as the template for the ERM Framework might not have been very good for the types of risks that are taken by the company.  For example, the COSO ERM standard is intended to be applicable to all sorts of firms.  Its advise is fairly generic.  An insurer is a firm whose business it is to accept financial responsibility for other people’s risks.  There are a number of ERM standards developed specifically for insurers.  But an insurer that uses the COSO ERM standard as its sole guide will have difficulty achieving the level of ERM program maturity of those who followed insurance specific standards.

For those without the budget to hire an outside auditor can use two techniques can help you to clear the air and smell things with fresh nose:

  1. For execution issues, ask your folks to do peer audits of each other.  When people from your weakest area see the level of practice in another area, they will get some sense of what they are missing.  And when the people from the strongest execution area folks do an audit of another area, their best practices can be spread more widely.
  2. Review your ERM Framework against a different standard than the one that you used to create it.  Do not pull punches, if that different standard says to do something in a certain manner, mark your framework as potentially deficient if you are not operating in that manner.  Then work to honestly resolve these issues.  These alternate standards may have their own area of nose blindness, but they would never have risen to standard status unless they had some serious benefits for the users.

Frequency and Severity

Posted April 19, 2016 by riskviews
Categories: Enterprise Risk Management

There are not any statistics available, but some form of guessing frequency and severity for each risk is most likely the most popular approach to risk assessment.

Which is a problem, since that approach is fatally flawed.

There are at least three fatal flaws:

  1. Guessing is a weak approach to assessing anything.
  2. The Frequency/Severity idea only actually applies to a few rare situations.
  3. Frequency/Severity pairs are not actually comparable.

But there is a simple fix for this.  That fix would be to pick two levels of frequency and then determine the loss that is likely at both levels of frequency.  Most useful would be to look at worse losses that might occur under “Normal Volatility” and also look at the losses for each risk that would be considered a “Realistic Disaster”.  Losses from different risks CAN be compared on each of those two levels.

For more information about the Frequency Severity approach and this alternate approach, see:

For ERM, a Better Solution to Guessing Frequency and Severity Pairs for Risks on the Willis Towers Watson Wire

 

Real World Risks

Posted December 16, 2015 by riskviews
Categories: Black Swan, Enterprise Risk Management, Risk

Tags:

There are many flavors of Risk Management.  Each flavor of risk manager believes that they are addressing the Real World.

  • Bank risk managers believe that the world consists of exactly three sorts of risk:  Market, Credit and Operational.  They believe that because that is the way that banks are organized.  At one time, if you hired a person who was a banking risk manager to manage your risks, their first step would be to organize the into those three buckets.
  • Insurance Risk Managers believe that a company’s insurable risks – liability, E&O, D&O, Workers Comp, Property, Auto Liability – are the real risks of a firm.  As insurance risk managers have expanded into ERM, they have adapted their approach, but not in a way that could, for instance, help at all with the Credit and Market risk of a bank.
  • Auditor Risk Managers believe that there are hundreds of risks worth attention in any significant organization. Their approach to risk is often to start at the bottom and ask the lowest level supervisors.  Their risk management is an extension of their audit work.  Consistent with the famous Guilliani broken windows approach to crime.  However, this approach to risk often leads to confusion about priorities and they sometimes find it difficult to take their massive risk registers to top management and the board.
  • Insurer Risk Managers are focused on statistical models of risk and have a hard time imagining dealing with risks that are not easily modeled such as operational and strategic risks.  The new statistical risk managers often clash with the traditional risk managers (aka the underwriters) whose risk management takes the form of judgment based selection and pricing processes.
  • Trading Desk Risk Managers are focused on the degree to which any traders exceed their limits.  These risk managers have evolved into the ultimate risk takers of their organizations because they are called upon to sometime approve breaches when they can be talked into agreeing with the trader about the likelihood of a risk paying off.  Their effectiveness is viewed by comparing the number of days that the firm’s losses exceed the frequency predicted by the risk models.

So what is Real World Risk?

Start with this…

Top Causes of death

  • Heart disease
  • stroke
  • lower respiratory infections
  • chronic obstructive lung disease
  • HIV
  • Diarrhea
  • Lung cancers
  • diabetes

Earthquakes, floods and Hurricanes are featured as the largest insured losses. (Source III)

Cat LossesNote that these are the insured portion of the losses.  the total loss from the Fukishima disaster is estimated to be around $105B.  Katrina total loss $81B. (Source Wikipedia)

Financial Market risk seems much smaller.  When viewed in terms of losses from trading, the largest trading loss is significantly smaller than the 10th largest natural disaster. (Source Wikipedia)

Trading LossesBut the financial markets sometimes create large losses for everyone who is exposed at the same time.

The largest financial market loss is the Global Financial Crisis of 2008 – 2009.  One observer estimates the total losses to be in the range of $750B to $2000B.  During the Great Depression, the stock market dropped by 89% over several years, far outstripping the 50% drop in 2009.  But some argue that every large drop in the stock market is preceded by an unrealistic run up in the value of stocks, so that some of the “value” lost was actually not value at all.

If your neighbor offers you $100M for your house but withdraws the offer before you can sell it to him and then you subsequently sell the house for $250k, did you lose $99.75M?  Of course not.  But if you are the stock market and for one day you trade at 25 time earnings and six months later you trade at 12 times earnings, was that a real loss for any investors who neither bought or sold at those two instants?

So what are Real World Risks?

 

Comments welcomed…

 

Real World Risk Institute

Posted November 28, 2015 by riskviews
Categories: Enterprise Risk Management

They work first to develop

the principles and methodology for what we call real-world rigor in decision making and codify a clear-cut way to approach risk.

Then they offer to teach those principles and methods to a small group of students.

They are

  • 2 risk takers, former full-time traders (with combined experience of more than half a century)
  • 2 persons known to have an attitude problem
  • 6 Phds (quant/math), 4 businessmen/quants/advisors to hedge funds, 2 owners of analytics firms (competing with one another)
  • 2 UHNWI (Ultra High Net Worth Individuals)
  • 4 persons who specialize in tail events in both theory and real-life practice
  • More than 25 books, and around 500 scholarly publications
  • 4 are probabilists with deep enough a knowledge of probability to respect practice and explain things with concepts and pictures

Their leader is Nassim Taleb, author of The Black Swan and other books.

They are offering a MINI-CERTIFICATE IN REAL WORLD RISK MANAGEMENT* Feb 22-26 2016, New York City, 9 AM-5 PM.

Find them at Real World Risk Institute

Inequality and Lotteries

Posted October 21, 2015 by riskviews
Categories: Compensation

Tags:

There has been much talk about how unacceptable the degree of financial inequality that there is in the US.  And it seems to be getting worse and worse.

But what we have seems to be exactly what most people want in general.  Probably the only part of it that most people would change is the part where they personally are not one of the fortunate wealthy few.

The lottery is the perfect example of a mechanism to achieve an unequal society.

Everyone buys a ticket for a small amount of money.  The jackpot grows until it reaches $301 million.  The winner is drawn.  The result is one rich person with $301M and everyone else goes back to their regular life and stops dreaming about becoming that one rich person – for a week at least.

If that happens several times a year and everyone is either a winner or has a low to moderate job, then a vastly unequal society develops.

After one year, there will be 3 – 4 multi-millionaires and the entire rest of the population will have wealth that is a tiny fraction of those ultra rich.  After a decade, the ranks of the ultra rich will have grown to 30 or 40.  At that point, the top .000001% of the population will have .03% of the total wealth.

Each year, the country will grow more and more unequal, with a tiny fraction of the population commanding an ever growing proportion of the total wealth.

But that is why there is no uprising against the super rich.  Everyone else believes that they might one day hit the lottery and win their position in that group.  And when that happens, they do not want a tax regime, for instance, that will just take their riches away.

 

No Reward without Risk

Posted September 29, 2015 by riskviews
Categories: Business, Enterprise Risk Management

Tags: ,

Is that so? Well, only if you live in a textbook. And RISKVIEWS has not actually checked whether there really are text books that are that far divorced from reality.

Actually, in the world that RISKVIEWS has inhabited for many years, there are may real possibilities, for example:

  • Risk without reward
  • Reward without risk
  • Risk with too little Reward
  • Risk with too much Reward
  • Risk with just the right amount of reward

The reason why it is necessary to engage nearly everyone in the risk management process is that it is very difficult to distinguish among those and other possibilities.

Risk without reward describes many operational risks.

Reward without risk is the clear objective of every capitalist business.  Modern authors call it a persistent competitive advantage, old school name was monopoly.  Reward without risk is usually called rent by economists.

Risk with too little reward is what happens to those who come late to the party or who come without sufficient knowledge of how things work.  Think of the poker saying “look around the table and if you cannot tell who is the chump, it is you.”  If you really are the chump, then you are very lucky if your reward is positive.

Risk with too much reward happens to some first comers to a new opportunity.  They are getting some monopoly effects.  Perhaps they were able to be price setters rather than price takers, so they chose a price higher than what they eventually learned was needed to allow for their ignorance.  Think of Apple in the businesses that they created themselves.  Their margins were huge at first, and eventually came down to …

Risk with just the right amount of reward happens sometimes, but only when there is a high degree of flexibility in a market – especially no penalty for entry and exit.  Sort of the opposite of the airline industry.

No Reward Without Risk

Comparing Eagles and Clocks

Posted August 11, 2015 by riskviews
Categories: Enterprise Risk Management

Tags: ,

Original Title: Replacing Disparate Frequency Severity Pairs.  Quite catchy, eh?

But this message is important.  Several times, RISKVIEWS has railed against the use of Frequency Severity estimates as a basis for risk management.  Most recently

Just Stop IT! Right Now. And Don’t Do IT again.

But finally, someone asked…

What would you do instead to fix this?

And RISKVIEWS had to put up or shut up.

But the fix was not long in coming to mind.  And not even slightly complicated or difficult.

Standard practice is to identify a HML for Frequency and Severity for each risk.  But RISKVIEWS does not know any way to compare a low frequency, high impact risk with a medium frequency, medium impact risk.  Some people do compare the risks by rating the frequency and severity on a numerical scale and then adding or multiplying the values for frequency and severity for each risk to get a “consistent” factor.  However, this process is frankly meaningless.  Like multiplying the number of carrots times the number of cheese slices in your refrigerator.

But to fix it is very easy.

The fix is this…

For each risk, develop two values.  First is the loss expected over a 5 year period under normal volatility.  The second is the loss that is possible under extreme but not impossible conditions – what Lloyd’s calls a Realistic Disaster.

These two values then each represent a different aspect of each risk.  They can each be compared across all of the risks.  That is you can rank the risks according to how large a loss is possible under Normal Volatility and how large a loss is possible under a realistic disaster.

Now, if you are concerned that we are only looking at financial risks with this approach, you can go right ahead and compare the impact of each risk on some other non-financial factor, under both normal volatility and under a realistic disaster.  The same sort of utility is there for any other factor that you like.

If you do this carefully enough, you are likely to find that some risks are more of a problem under normal volatility and others under realistic disasters.  You will also find that some risks that you have spent lots of time on under the Disparate Frequency/Severity Pairs method are just not at all significant when you look at the consistently with other risks.

So you need to compare risk estimates where one aspect is held the same.  Like comparing two bikes:

Helsinki_city_bikes

Or two birds:

ISU_mute_swans

But you cannot compare a bird and a Clock:

Adalberti_1

Bahnsteiguhr[1]

And once you have those insights, you can more effectively allocate your risk management efforts!

“Adalberti 1” by Juan lacruz – Own work. Licensed under CC BY-SA 3.0 via Wikimedia Commons – https://commons.wikimedia.org/wiki/File:Adalberti_1.jpg#/media/File:Adalberti_1.jpg


Follow

Get every new post delivered to your Inbox.

Join 805 other followers

%d bloggers like this: