Download - The Case of the Plucky Promise
![Page 1: The Case of the Plucky Promise](https://reader034.vdocuments.net/reader034/viewer/2022051314/55a1a2a21a28abdf3f8b45d1/html5/thumbnails/1.jpg)
The Case Of The
Plucky Promise Can Enterprise Risk Management really deliver the goods?
![Page 2: The Case of the Plucky Promise](https://reader034.vdocuments.net/reader034/viewer/2022051314/55a1a2a21a28abdf3f8b45d1/html5/thumbnails/2.jpg)
Enterprise Risk Management • Structured process for the management of all risks
• Lots of ideas about how to make it work
• Are they real solutions or just snake oil?
![Page 3: The Case of the Plucky Promise](https://reader034.vdocuments.net/reader034/viewer/2022051314/55a1a2a21a28abdf3f8b45d1/html5/thumbnails/3.jpg)
Purported benefits • Fewer surprises
• More efficient deployment of resources
• Improved chance of achieving goals ü “Risk management is the Army’s principal risk-reduction process to
protect the force. Our goal is to make risk management a routine part of
planning and executing operational missions.” Chief of Staff, Army, 1995
![Page 4: The Case of the Plucky Promise](https://reader034.vdocuments.net/reader034/viewer/2022051314/55a1a2a21a28abdf3f8b45d1/html5/thumbnails/4.jpg)
Implementation challenges • Effectiveness of program based on judgment
ü Human judgment can be faulty
ü Management has ability to override ERM decisions
• Application of risk management concepts relatively
new to most areas
• Risk management decisions/controls subject to
relative costs and benefits
• Tolerance for risk not uniform throughout
organization
![Page 5: The Case of the Plucky Promise](https://reader034.vdocuments.net/reader034/viewer/2022051314/55a1a2a21a28abdf3f8b45d1/html5/thumbnails/5.jpg)
And the fine print . . . • No guarantee of success
• Only able to provide “reasonable assurance”
• Misalignment of incentives is likely
![Page 6: The Case of the Plucky Promise](https://reader034.vdocuments.net/reader034/viewer/2022051314/55a1a2a21a28abdf3f8b45d1/html5/thumbnails/6.jpg)
Built-in conflict
Business Management • Customer is king • Achieve performance targets • Maximize volume & revenue
Risk Management • Deviation from plan • Minimize losses & errors
![Page 7: The Case of the Plucky Promise](https://reader034.vdocuments.net/reader034/viewer/2022051314/55a1a2a21a28abdf3f8b45d1/html5/thumbnails/7.jpg)
Improve your odds of success
1. Focus on empirical solutions
2. Don’t just tell people to manage their risks • Provide risk assessment training and analytical tools to
help business managers evaluate risks as part of their day-to-day decision-making process
3. Learn how to talk about uncertainty and risk
![Page 8: The Case of the Plucky Promise](https://reader034.vdocuments.net/reader034/viewer/2022051314/55a1a2a21a28abdf3f8b45d1/html5/thumbnails/8.jpg)
Focus on empirical solutions
Worse Better
Soft methods used but are not counted on by management.
Management intuition drives assessment and mitigation strategies. No formal risk management attempted.
Quantitative models built. Scope of risk management expands to include more risks.
Ineffective methods used with great confidence. No objective, measurable evidence that improves on intuition.
Quantitative models built. All inputs validated with proven statistical methods. Additional empirical methods used where optimal.
![Page 9: The Case of the Plucky Promise](https://reader034.vdocuments.net/reader034/viewer/2022051314/55a1a2a21a28abdf3f8b45d1/html5/thumbnails/9.jpg)
Risk assessment methods
Expert Intuition
Expert Audit
Risk Mapping
Weighted Scores
Traditional Financial Analysis
Probabilistic Models
![Page 10: The Case of the Plucky Promise](https://reader034.vdocuments.net/reader034/viewer/2022051314/55a1a2a21a28abdf3f8b45d1/html5/thumbnails/10.jpg)
Key risk language skills
• It’s better to be precise than ambiguous about what you don’t know
• Scales using verbal descriptions create an “illusion of communication”
• Most people are “catastrophically overconfident” in their ability to make predictions.
ü But with training, most people can become more accurate
![Page 11: The Case of the Plucky Promise](https://reader034.vdocuments.net/reader034/viewer/2022051314/55a1a2a21a28abdf3f8b45d1/html5/thumbnails/11.jpg)
Color Code Methodology for Ranking Residual Risk
Green Assessed levels of residual risk on a forward-‐looking basis for all iden4fied poten4al occurrences are fully within management tolerance levels when all mi4ga4ng ac4vi4es are considered.
Green-‐Yellow Certain iden4fied residual risks are outside management tolerance at the present 4me given current mi4ga4ng ac4vi4es. The total levels of residual risk present a minimal threat to jeopardize the goals and objec4ves of the Company and mi4ga4on plans must be in the process of being implemented in order to lower excessive residual risks to tolerable levels within a short period of 4me not to exceed two quarters.
Yellow Certain iden4fied residual risks are outside management tolerance at the present 4me given current mi4ga4ng ac4vi4es. There may be more numerous iden4fied risks than lower ra4ngs or the poten4al consequences may be greater if any single or group of events occurs. The total levels of residual risk are more than minimal but s4ll not likely to jeopardize the goals and objec4ves of the Company. Mi4ga4on plans must be in the process of being implemented in order to lower any excessive residual risks to tolerable levels within a reasonable period of 4me not to exceed four quarters.
Yellow-‐Red The residual risk of a given category aDer accoun4ng for all mi4ga4ng ac4vi4es is significantly outside management tolerance levels. Iden4fied risks have a reasonable probability of occurring, which would jeopardize the goals and objec4ves of the Company. Proposed mi4ga4on ac4vi4es are either inadequate or would not reduce residual risk within an acceptable 4meframe; however expected loss is not imminent and 4me is expected to be adequate to address iden4fied residual risks prior to any likely occurrence.
Red The residual risk of a given category aDer accoun4ng for all mi4ga4ng ac4vi4es is significantly outside of management tolerance levels. Iden4fied risks have a substan4al probability of occurrence which would jeopardize the goals and objec4ves of Company. Proposed mi4ga4on ac4vi4es are either inadequate or would not reduce residual risk within an acceptable 4meframe and there is a substan4al probability that an iden4fied residual risk will occur prior to the implementa4on of a mi4ga4on strategy sufficient to lower the overall risk to a degree consistent with acceptable management tolerance levels.
Ambiguity not cure for uncertainty
![Page 12: The Case of the Plucky Promise](https://reader034.vdocuments.net/reader034/viewer/2022051314/55a1a2a21a28abdf3f8b45d1/html5/thumbnails/12.jpg)
Dangers of relying on intuition and experience
• Based on nonrandom, nonscientific sample of events throughout our lifetime.
• Memory-based; selective
• Conclusions can include errors
• Inconsistent in how we apply memory
![Page 13: The Case of the Plucky Promise](https://reader034.vdocuments.net/reader034/viewer/2022051314/55a1a2a21a28abdf3f8b45d1/html5/thumbnails/13.jpg)
Focus on empirical solutions
Worse Better
Soft methods used but are not counted on by management.
Management intuition drives assessment and mitigation strategies. No formal risk management attempted.
Quantitative models built. Scope of risk management expands to include more risks.
Ineffective methods used with great confidence. No objective, measurable evidence that improves on intuition.
Quantitative models built. All inputs validated with proven statistical methods. Additional empirical methods used where optimal.
That’s why
![Page 14: The Case of the Plucky Promise](https://reader034.vdocuments.net/reader034/viewer/2022051314/55a1a2a21a28abdf3f8b45d1/html5/thumbnails/14.jpg)
Risk modeling methodologies
• Probabilistic risk analysis (engineering) ü Monte Carlo simulation
ü Markov chains
ü Regression
• Qualitative methods (finance, insurance, psychology) ü Decomposition
ü Option theory
ü Correlations
ü Bayesian analysis
ü Value of information
![Page 15: The Case of the Plucky Promise](https://reader034.vdocuments.net/reader034/viewer/2022051314/55a1a2a21a28abdf3f8b45d1/html5/thumbnails/15.jpg)
But we’re different –
that won’t work here • Your risk measurement problems are not unique
• You probably have more data than you think
• You probably need less data than you think
• Getting more data is probably more economical than you think
• You probably need completely different data than you think
![Page 16: The Case of the Plucky Promise](https://reader034.vdocuments.net/reader034/viewer/2022051314/55a1a2a21a28abdf3f8b45d1/html5/thumbnails/16.jpg)
Want to improve your odds of launching a successful ERM program? [email protected]