Contact

Three ways to enhancing your risk registers

Three ways to enhancing your risk registers

Jul 26th, 2017

We wrote a paper with 10 rules to enhance risk assessments and today we will focus on three ways to enhancing your risk registers, namely rules #3, 5, 6.

We have selected three rules out of ten of the original paper based on issues various delegates focused on at a recent conference. Of course we invite you to read the full paper and review your risk registers.

Three ways to enhancing your risk registers

Your projects/operation/company will greatly benefit from this action once the dust settles.

Three ways to enhancing your risk registers: rule #3

  • Always start by identifying hazards using threats-to and threats-from.

At the conference, but this was not the first time, we heard some delegates stating that “hazards” do not work and the “hazard step should be removed” as hazards are events and some risks arise without an event.

Let’s look at a case where “hazard” allegedly does not work: corruption. The delegates say that corruption is not amenable to a hazard, i.e. an “event” and then, of course it is not amenable in a quantitative risk register because it is “complex”.

Here is the way to overcome this difficulty, based on rule #3. The hazards to your project/operation/company are, for example:

  • Individuals
  • Companies
  • Organizations (mafia type, organized crime groups)
  • Politically exposed people
  • Government officials
  • etc.

One does not need to get bogged down naming them one by one: they are either threats-to to or threats-from. It is enough to develop “families of corruption agents”. Each family has a probability (quantifiable in each country, based on experience, with a range) of corrupting the system or being corrupted by the system, and the corruption has a potential consequence (legal, image, business interruption, HR, etc.) that can also be quantified with a range (look at Rule #7 in the original paper. Thus the “complexity” can be deconvoluted and uncertainty transparently stated. Note we use here the term uncertainty in decision making as a situation where:

  • the current state of knowledge is such that the order or nature of things is unknown (in terms of deciding exactly who are the corruption agents),
  • the consequences, extent, or magnitude of circumstances, conditions, or events is unpredictable (meaning difficult to predict with precision), and
  • credible probabilities to possible outcomes cannot be assigned (with precision, only ranges are known or can be evaluated).

NB: The texts in parenthesis in the list above are comments we made to “link back to the subject at hand”.

At this point it is possible to combine the various “elements of risk” and get the aggregated corruption risk for your case.

One could write an entire book on this subject. Think about oil and gas or mining prospection: a dry well/borehole is a costly “failure” that many would claim has no hazardous event.

What are the threats-to the well/borehole? Many stem out of human error, omissions, geology, capitalization of the campaign. A list of those threats-to which constitute the hazard families list potentially hitting the well/borehole can be prepared. You can certainly also build the threat-from list.

Now go back to the prior example (corruption)… define ranges of experience based probabilities, consequences, combine the individual threats and you will have the risks.

It is an enlightening exercise and if you get lost in the way, contact us!

Three ways to enhancing your risk registers: rule #5

  • Always consider a range of probabilities in order to include the range of uncertainties.

For reasons unknown to us, as soon as someone talks about probabilities there is the temptation to give one “magic number” or to say that “the number is impossible to find, so better do nothing”.

Thinking about giving one precise value for the probability is a dangerous illusion. For instance, even if you have available large amounts of data from the past, the past can never be assumed to equal the future. At best it can be used as a point estimate.

The reality is that uncertainties will always exist. So, consider the limits of our human capability to estimate events. Give one pessimistic probability, possibly Common Cause Failure based (i.e. in the case all redundancies fail because of a common flaw), and one optimistic probability with the foreseen mitigation active. If probabilities are transparently considered uncertain, then a Bayesian update mechanism can be implemented when new data become available.

Three ways to enhancing your risk registers: rule #6

  • Always consider a range of consequences.

Giving one precise value for the consequences or selecting “the worst” among types of possible consequences (in the corruption case above, selecting the worst among, for example legal, image, business interruption, HR, etc.) are blatant mistakes.

The human brain is generally good at imagining the best and the worst scenario but we see many times that people censor the range considered. In modern society, he who hides risks dies, sooner or later.

Uncertainties will always exist. Don’t censor!

Closing comments

At Riskope we work very hard to develop innovative and proven methodologies for supporting decision-making surrounded by uncertainties. We also recognize that many risk registers developed over time are afflicted by some “aging ailments”.

In the last couple years we have performed many Risk registers third party reviews which have lead to streamlining, focusing, more transparency and at the end economic benefits as they have allowed clients to focus on what really matters to succeed.

This blogpost gives you some pointers. The referenced paper more details.

Contact us if you want us to support your business.

Tagged with: , , , ,

Category: Risk analysis, Risk management

Leave a Reply

Your email address will not be published. Required fields are marked *

Riskope Blog

  • LATEST BLOG POST
  • The 10 commandments for resilient design we propose below are based on risk management concepts. They should be considered as…
  • Read More

More Info

  • Get in Touch
  • Learn more about our services by contacting us today
  • t +1 604-341-4485
  • +39 347-700-7420

Vancouver Digital Creative Agency Ballistic Arts Media Studios.