Archive for the ‘Risk Learning’ category

Learning from Disaster – The Honshu Earthquake

May 17, 2011

Steve Covey called it Sharpening the Saw.  A good risk management program will be continually learning.  The school of hard knocks is an extremely expensive teacher.  It is much better to audit the course by observing the experiences of others and learning from them.  The effective risk management program will be actively working to audit the courses of others experiences.

With that in mind, Risk Management magazine has devoted the May 2011 issue to learning from the Honshu earthquake.  There are four articles that review some key aspects of the Japanese experience as it appears right now.

  • Nuclear Safety – the problems at the Fukushima Daiichi reactor came from the multiple events that struck.  The safety provisions were sufficient for the earthquake, but not for the tsunami.  There are specific questions raised in the article here about the specific design of the reactor cooling system.  But a greater question is the approach to providing for extreme events.  The tsunami was greater than any on the historical record.  Should it be necessary to prepare for adverse events that are significantly worse than the worst that has ever happened?  If so, how much worse is enough?  Do we even have a way to talk about this important question?
  • Building Codes – the conclusion here is that Japanese building codes worked fairly well.  Many larger buildings were still standing after both the quake and the tsunami.  Christchurch did not fare as well.  But New Zealand codes were thought to be very strict.  However, the fault that was responsible for the earthquake there was only discovered recently.  So Christchurch was not thought to be in a particularly quake prone area.  As they overhaul the building codes in NZ, they do not expect to get much argument from strengthening the codes significantly in the Canterbury region.  The question is whether any other places will learn from Christchurch’s example and update their codes?
  • Supply Chain – the movement over the past 10 years or more has been to “just-in-time” supply chain management.  What is obvious now is that the tighter that the supply chain is strung, the more that it is susceptible to disruption – the riskier that it is.   What we are learning is that great efficiency can bring great risk.  We need to look at all of our processes to see whether we have created risks without realizing through our efforts to improve efficiency.
  • Preparedness – ultimately, our learnings need to be turned into actions.  Preparedness is one set of actions that we should consider.  The Risk Magazine focuses on making a point about the interconnectedness of all society now.  They say “Even a simple sole proprietorship operating a company in rural South Dakota can be negatively affected by political and social unrest in Egypt.”  We risk managers need to be aware of what preparedness means for each of our vulnerabilities and the degree to which we have reached a targeted stage of readiness.
Whenever there is a major crisis anywhere in the world, risk managers should review the experience to see what they can learn.  They can look for parallels to their business.  Can systems at their firm  withstand similar stresses?  What preparedness would create enough resilience?  What did they learn from their adversity?
Advertisements

ERM Fundamentals

January 21, 2011

You have to start somewhere.

My suggestion it that rather than starting with someone else’s idea of ERM, you start with what YOUR COMPANY is already doing.

In that spirit, I offer up these eight Fundamental ERM Practices.  So to follow my suggestion, you would start in each of these eight areas with a self assessment.  Identify what you already have in these eight areas.  THEN start to think about what to build.  If there are gaping holes, plan to fill those in with new practices.  If there are areas where your company already has a rich vein of existing practice build gently on that foundation.  Much better to use ERM to enhance existing good practice than to tear down existing systems that are already working.  Making significant improvement to existing good practices should be one of your lowest priorities.

  1. Risk Identification: Systematic identification of principal risks – Identify and classify risks to which the firm is exposed and understand the important characteristics of the key risks

  2. Risk Language: Explicit firm-wide words for risk – A risk definition that can be applied to all exposures, that helps to clarify the range of size of potential loss that is of concern to management and that identifies the likelihood range of potential losses that is of concern. Common definitions of the usual terms used to describe risk management roles and activities.

  3. Risk Measurement: What gets measured gets managed – Includes: Gathering data, risk models, multiple views of risk and standards for data and models.

  4. Policies and Standards: Clear and comprehensive documentation – Clearly documented the firm’s policies and standards regarding how the firm will take risks and how and when the firm will look to offset, transfer or retain risks. Definitions of risk-taking authorities; definitions of risks to be always avoided; underlying approach to risk management; measurement of risk; validation of risk models; approach to best practice standards.

  5. Risk Organization: Roles & responsibilities – Coordination of ERM through: High-level risk committees; risk owners; Chief Risk Officer; corporate risk department; business unit management; business unit staff; internal audit. Assignment of responsibility, authority and expectations.

  6. Risk Limits and Controlling: Set, track, enforce – Comprehensively clarifying expectations and limits regarding authority, concentration, size, quality; a distribution of risk targets

    and limits, as well as plans for resolution of limit breaches and consequences of those breaches.

  7. Risk Management Culture: ERM & the staff – ERM can be much more effective if there is risk awareness throughout the firm. This is accomplished via a multi-stage training program, targeting universal understanding of how the firm is addressing risk management best practices.

  8. Risk Learning: Commitment to constant improvement – A learning and improvement environment that encourages staff to make improvements to company practices based on unfavorable and favorable experiences with risk management and losses, both within the firm and from outside the firm.

Risk Learning

January 18, 2011

ERM is a new and developing field.

However, it is wrong headed to ever expect that it will fall into a simple set of repeatable practices.

That is because of the nature of RISK.

Risk has a way of changing and adapting to your risk management strategies.  Risk is like water looking for the weak seam to flow through and produce a leak.  Water is not being an evil conscious entity, that is just the nature of water.  And that is the nature of risk as well.  It will adapt and change and will find the cracks in your risk management system.

But there is a solution for risk managers.  They must manage their system so that it is flexible and adaptable.  To do that they must be on a constant learning path.  Learning about how risk has adapted, learning about how others have adapted their risk management systems and learning about how others failed to successfully adapt while also learning from their own successes and failures.

This is the exact same sort of process that a firm must undertake if it is to be successful with marketing in the long run.  But in many cases, management expects that some sort of limited FIXED defense will work for risk management.  The sort of defensive thinking that produced the famous Maginot Line.  And we all know how well that worked.

Risk learning sometimes needs a mantra to make sure that it keeps happening.  Riskviews suggests the risk learning mantra:

Inside, Outside, Backwards, Forwards

Inside means looking to learn from your own successes and failures.

Outside means looking at others experiences.

Backwards means looking at past experiences.

Forwards means looking into the future for what might be needed.

Risk Learning is another of Riskview’s favorite topics.  There are already 35 posts that have been tagged as relating to Risk Learning.

ERM an Economic Sustainability Proposition

January 6, 2011

Global ERM Webinars – January 12 – 14 (CPD credits)

We are pleased to announce the fourth global webinars on risk management. The programs are a mix of backward and forward looking subjects as our actuarial colleagues across the globe seek to develop the science and understanding of the factors that are likely to influence our business and professional environment in the future. The programs in each of the three regions are a mix of technical and qualitative dissertations dealing with subjects as diverse as regulatory reform, strategic and operational risks, on one hand, and the modeling on tail risks and implied volatility surfaces, on the other. For the first time, and in keeping with our desire to ensure a global exchange of information, each of the regional programs will have presentations from speakers from the other two regions on subjects that have particular relevance to their markets.

Asia Pacific Program
http://www.soa.org/professional-development/event-calendar/event-detail/erm-economic/2011-01-14-ap/agenda.aspx

Europe/Africa Program
http://www.soa.org/professional-development/event-calendar/event-detail/erm-economic/2011-01-14/agenda.aspx

Americas Program
http://www.soa.org/professional-development/event-calendar/event-detail/erm-economic/2011-01-12/agenda.aspx

Registration
http://www.soa.org/professional-development/event-calendar/event-detail/erm-economic/2011-01-12/registration.aspx

Eggs and Baskets

December 1, 2010

Andrew Carnegie once famously said

“put all your eggs in one basket. and then watch that basket”

It seems impossible on first thought to think of that as a view consistent with risk management.  But Carnegie was phenomenally successful.  Is it possible that he did that flaunting risk management?

Garry Kasparov – World Chess Champ (22 years) put it this way…

“You have to rely on your intuition.  My intuition was wrong very few times.”

George Soros has said that he actually gets an ache in his back when the market is about to turn, indicating that he needs to abruptly change his strategy.

Soros, Kasparov, Carnegie are not your run of the mill punters.  They each had successful runs for many years.

My theory of their success is that the intuition of Kasparov actually does take into account much more than the long hard careful consideration of a middling chess master.  Carnegie and Soros also knew much more about their markets than any other person alive in their time.

While they may not have consciously been following the rules, they were actually incorporating all of the drivers of those rules into their decisions.  Most of those rules are actually “heuristics” or shortcuts that work as long as things are what they have been but are not of much use when things are changing.  In fact, those rules may be what is getting one into trouble during shifts in the world.

Risk models embody an implicit set of rules about how the market work.  Those models fail when the market fails to conform to the rules embedded in the model.  That is when things change, when your thinking needs to transcend the heuristics.

So where does that leave the risk manager?

The insights of the ultra successful types that are cited above can be seen to refute the risk management approach, OR they can be seen as a goal for risk managers.

The basket that Carnegie was putting all of his eggs into was steel.  His insight about steel was correct, but his statement about eggs and baskets is not particularly applicable to situations less transformational than steel.  It is the logic that many applied during the dot com boom, much to their regret in 2001/2002.

The risk manager should look at statements and positions like those above as levels of understanding to strive for.  If the risk managers work starts and remains a gigantic mass of data and risk positions without ever reaching any insights about the underlying nature of the risks that are at play, then something is missing.

Perhaps the business that the risk manager works for is one that by choice and risk tolerance insists on plodding about the middle of the pack in risk.

But the way that the risk manager can add the most value is when they are able to provide the insights about the baskets that can handle more eggs.  And can start to have intuitions about risks that are reliable and perhaps are accompanied by unmistakable physical side effects.

Risk Management Learns from Sun Tzu

October 10, 2010

Usually risk managers do not think of themselves as being at war.  But a risk manager is facing a number of foes.  And failure to succeed against those foes can result in the end of the enterprise.  So maybe the risk manager can learn from The Art of War.

Sun Tzu’s The Art of War has 11 chapters.  Each of these topics can be seen to have a lesson for risk managers.

  1. Laying Plans explores the five fundamental factors that define a successful outcome (the Way, seasons, terrain, leadership, and management). By thinking, assessing and comparing these points you can calculate a victory, deviation from them will ensure failure. Remember that war is a very grave matter of state.             The risk manager of course needs plans.  Remember that risk management is a grave matter for the enterprise.
  2. Waging War explains how to understand the economy of war and how success requires making the winning play, which in turn, requires limiting the cost of competition and conflict.        Risk management does not run on an unlimited budget.  In some cases risk managers have not completed their preparations because they have gone forward as if they could spend whatever it took to fulfill their vision for risk management.  Of course risk management spending needs to be at a sensible level for the enterprise.  Excessive risk management spending can harm an enterprise just as much as an unexpected loss.
  1. Attack by Stratagem defines the source of strength as unity, not size, and the five ingredients that you need to succeed in any war.            The risk manager succeeds best if they are able to get the entire organization to support the risk management efforts, not just a large corporate risk management department.
  2. Tactical Dispositions explains the importance of defending existing positions until you can advance them and how you must recognize opportunities, not try to create them.           The risk manager needs to build organizational strength to support risk management opportunistically.  A risk management program that does not wait for the right opportunities will create internal enemies and will then be fighting both the external risks as well as the internal enemies.
  3. Energy explains the use of creativity and timing in building your momentum.            The risk manager also needs to be creative and needs to build momentum.  The best risk management program fits well with the culture of the organization.  That fit will need to be developed by creatively combining the ideas of risk management with the written and unwritten parts of the organizational imperatives.
  4. Weak Points & Strong explains how your opportunities come from the openings in the environment caused by the relative weakness of your enemy in a given area.             Quite often the risk manager will know the right thing to do but will not be able to execute except at extreme danger to their position in the firm.  The openings for a risk manager to make the moves that will really lake a difference in the future of the firm come infrequently and without warning.  The Risk manager must be looking at these openings and be ready and able to act.
  5. Maneuvering explains the dangers of direct conflict and how to win those confrontations when they are forced upon you.      Some thing that the risk managers job is the direct conflict with the important people in the firm who would put the firm in an excessively risky position.  This in inadvisable
  6. Variation in Tactics focuses on the need for flexibility in your responses. It explains how to respond to shifting circumstances successfully.       Risk Management tactics will be the most successful if they are alligned with the actual risk environment.  See Plural Rationalities and ERM.
  7. The Army on the March describes the different situations in which you find yourselves as you move into new enemy territories and how to respond to them. Much of it focuses on evaluating the intentions of others.        Rational Adaptability is the process of assessing the risk environment and selecting the risk management strategy that will work best for the environment.
  8. Terrain looks at the three general areas of resistance (distance, dangers, and barriers) and the six types of ground positions that arise from them. Each of these six field positions offer certain advantages and disadvantages.      The risk environment has four main stages, Boom, Bust, Moderate and Uncertain.
  9. The Nine Situations describe nine common situations (or stages) in a campaign, from scattering to deadly, and the specific focus you need to successfully navigate each of them.      Companies must determine their risk taking strategy and their risk appetite by looking at the risk environment as well as at their risk taking capacity.
  10. The Attack by Fire explains the use of weapons generally and the use of the environment as a weapon specifically. It examines the five targets for attack, the five types of environmental attack, and the appropriate responses to such attack.
  11. The Use of Spies focuses on the importance of developing good information sources, specifically the five types of sources and how to manage them.

Rational Adaptability

October 7, 2010

In any given risk environment, companies holding a risk perspective and following an ERM program aligned with external circumstances will fare best.

In order to thrive under all future risk regimes, a firm ideally would follow a strategy of Rational Adaptability. This involves three key steps: 1. Discernment of changes in risk regime, 2. Willingness to shift risk perspective, and 3. Ability to modify ERM program. The difference between Rational Adaptability and the process of “natural selection” where firm go through a “natural” process of change of risk attitude and risk strategy is conscious recognition of the validity of differing risk perspectives and proactive implementation of changes in strategy. Individuals often find it difficult to change their risk perspective. Therefore, a company that wishes to adopt Rational Adaptability must ensure that its key decision-makers represent a diversity of risk perspectives.

Furthermore, the corporate culture and the managers themselves must value each of the risk perspectives for its contributions to the firm’s continued success. An insurance company is best served by drawing on the respective expertise of underwriters, actuaries, accountants, contract attorneys and claims experts—and members of one discipline should not feel slighted when the expertise of another discipline is called upon. Similarly, any firm that wishes to optimize its success under each of the various risk regimes should have Maximizers, Conservators, Managers and Pragmatists among its senior management; and those who hold any one of these risk perspectives should acknowledge that there are times when another perspective should take the lead. The CEO must exercise judgment and restraint, shifting among strategies as needed and shifting responsibilities among the management team as required.

Rational Adaptability recognizes that during Boom Times, risk really does present significant opportunities—and it is appropriate to empower the Profit Maximizers, focusing ERM efforts on Risk Trading to ensure that risks are correctly priced using a consistent firm-wide metric. When the environment is Moderate, the firm employing Rational Adaptability will give additional authority to its Risk Reward Managers, examining the results of their modeling and using these to reevaluate long-term strategies. And in times of Recession, a firm following Rational Adaptability shifts its focus to Conservation: tightening underwriting standards and placing special emphasis on firm-wide risk identification and risk control. Resisting the pull of his or her own personal risk perspective, the CEO must be willing to listen—and act—when others in the firm warn that the company’s risk management strategy is getting a little too concentrated on one and possibly not the optimal risk attitude and risk strategy.

Yet in each risk regime, there are companies following strategies that are not well aligned with the environment. Some of these firms muddle along with indifferent results and survive until their preferred environment comes back. Others sustain enough damage that they do not survive; some change their risk perspective and ERM program to take advantage of the new environment. Meanwhile, new firms enter the market with risk perspectives and ERM programs that are aligned with the current environment. Since many of the poorly aligned firms shrink, die out or change perspective— and since new firms tend to be well-aligned with the current risk regime—the market as a whole adjusts to greater alignment with the risk environment via a process of “natural selection.”

This an excerpt from the article “The Full Spectrum of RIsk Management”  co-authored by Alice Underwood.

This post is a part of the Plural Rationalities and ERM project.

 


%d bloggers like this: