- LATEST BLOG POST
- echo $post_date ?>
- A decade of physical risks generated by industrial systems hacking is featuring a remarkable and worrisome acceleration. Indeed, it all…
- Read More
In this post we will see to what extent does the point of view influence the ERM decision making process. We deploy the ORE (Optimum Risk Estimates, (C)Riskope) methodology. We want to enable the comparison of Management and Corporate decision making at ERM (Entreprise Risk Management) level. We selected ORE because common practice risk assessment techniques lack the acumen to enable the discussion to proceed.
Common practice risk assessment techniques include methods such as FMECA, FMEA, Probability Impact graphs, etc.
To find the answer we apply a published list of “top corporate concerns” for 2013 against a Case Study. The Case Study is an anonymous, well developed and managed mining corporation for which an operational risk assessment had been completed. The result is a Case Study holistic risk assessment covering the full range of hazardous scenarios, from operational to strategic.
Probabilities and cost of consequences estimates come from clients. They show strong awareness for new hazards, like for example cyber attacks, which did not customarily entered in (mining) corporations radar-screens. Cost of consequences estimates include market capitalization losses like, for example, the collapse of share value in the aftermath of an accident, for example a Tailings Dam failure.
Using real-life past experience and a recent list of industry write-offs due to failed acquisition, we drafted two explicit risk tolerance thresholds for the Case Study. To do that we used Riskope’s proprietary algorithms. One algorithm covers the Corporation the other the upper Management.
The corporate risk tolerance is the curve that separates risks that are bearable for the Corporation from the unbearable. That is the tolerance curve that interests investors and/or money lenders. The Management risk tolerance is the curve that tells them what combination of probability and losses will be punished without appeal, a sort of “head-rolling” threshold.
If on one hand it is obvious that these two thresholds are different, on the other we have seldom seen a study of the resulting differences in ERM decisions.
The deployment of ORE allows, as an extra benefit, to propose formal definitions of what constitute a “manageable” vs. “unmanageable” risks. That definition is missing form most professional glossaries.
An unmanageable risk is a risk for which a sustainable mitigation, that would bring it below tolerance, is inconceivable. It is therefore intrinsically bound to the specific threshold, i.e. to the “observer point of view” of the risk assessment.
The only way to mitigate unmanageable risks is to change the system. That means changing the consequences and its associated probability i.e., generally speaking, strategic decisions.
ORE offers a formal way to decide, for different points of view (Management, Corporate/investor/money lender in this particular Case Study), which risks:
Thus we can assume that, faced with the prospective of a “all Unmanageable” portfolio of intolerable (“head-rolling”) risks, Management would wrongly “select by consequences (and not by risks)” or assume a “Not during my term” attitude and select a passive “do nothing” attitude.
The chances that Management would adopt a “selection by consequences” are even stronger if instead of using ORE and having a proper rational analysis, Management had in their hands a common practice (matrix based) risk assessment result. In that case the tolerance and prioritization are arbitrary. They follow a pattern of colors and are no more than a “binning” exercise.
In our Case Study, based on ORE analysis, Management would:
promote strategic shifts to protect itself in case of a major World Market Collapse,
use barely more than 10% of the mitigative funds to pursue mitigation of Resource Availability and
another 10% for Global Conflict effects mitigation.
Hence, large acquisitions would probably not have been promoted with the same enthusiasm, leading to less “sour deals”.
These results underscore the need for careful selection of the “point of view” of the tolerance. They also emphasize the requirement for transparent analyses to avoid mitigative funds misplacement and unwanted over exposures. That is Management vs. Corporate or Investor or Money lender.
Tagged with: Corporation, Cyber threats, Entreprise Risk Management, ERM, Intolerable, Investing, Investor Panic, Lending, Manageable, Managing, market capitalization, Resource availability, sour deals, Tailings Dam failure, Tolerable, Unmanageable