Risk tolerance for tactical and strategic planning
Jun 9th, 2021
We discuss risk tolerance for tactical and strategic planning using an excerpt from a case study in our forthcoming book. The title is Convergent Leadership – Divergent Exposures and the case study is in Chapter 16.
In the book we include three complete case studies with different level of information and requirement.
Setting of the case study covering risk tolerance for tactical and strategic planning
Kryptonite corp. has three plants shipping bulk material through a wharf called Terminal reached by railroad (RR). Kryptonite corp. asked an ERM development. Thus the study includes the three plants, potential divergencies (climate change, cyber, etc.) as well as the RR and Terminal. The ERM uses a ORE convergent platform where all elements and subsystems, and all hazards and risks are recorded under the same “roof”.
Below we will use the same figure numbers featured in the book.
Dealing with more than one risk tolerance for tactical and strategic planning
The tolerance defined by Terminal’s operational manager differs substantially from the one selected by Kryptonite top management and each chemical plant manager. It is indeed completely normal to have different tolerances at different levels of the organization: the tolerance at operation’s level is necessarily more stringent than at corporate level. This explains why tolerance has to be evaluated in a reproducible and swift manner at all levels pertinent with the enterprise risk management. Additionally this explains why we have to deal with more than one risk tolerance for tactical and strategic planning.
In Fig. 16.3 we chose to display two risk tolerance thresholds, i.e. the corporate (orange) and the Terminal (purple) as well as the risks present in the ERM risk register. We did not label all risk tolerance thresholds (we omitted the chemical plants) and risk scenarios to avoid overcrowding.
The graph of Figure 16.3 bears on the horizontal axis the cost of consequences C and on the vertical axis the annual probability of occurrence of the scenarios. The figure displays risk scenarios in:
- green if they are corporately tolerable, respectively
- in blue if they are corporately intolerable.
A number of risks are corporately tolerable but intolerable at Terminal operation’s level. We can see a selection of risks that are above Terminal operation tolerance but below corporate tolerance.
Fig. 16.3 ERM probability-cost of consequences graph with Corporate tolerances (curve in orange) and Terminal’s operational (curve in purple) tolerances. Horizontal axis: consequences expressed in M USD; vertical axis: annual probability.
Risk tolerance for tactical and strategic planning
Beyond allowing to understand where intolerable risks lie and to clarify potential areas of conflicting interests the use of explicit tolerance thresholds allows for sophisticated planning.
Indeed, intolerable risks can be manageable or unmanageable. The first are tactical risks, the second strategic risks. Tactical planning means mitigating by reducing the probability of occurrence, whereas strategic planning requires changing the system to reduce the risks by reducing the consequences.
Using the same ORE divergent-convergent risk register we can then look at intolerable risks per element. As already stated, in the considered case the elements include each chemical plant, the RR and Terminal convergently, starting with the assumption that no buffer stock is present at Terminal (Fig. 16.5).
Fig. 16.5 Intolerable risks per element (operation) (orange, horizontal axis M USD) assuming no buffer is present at the Terminal.
From this graph we can see that the RR and Terminal generate a greater portion of intolerable risk than the chemical plants do. This may appear as obvious given RR and Terminal represent a bottle-neck, but it is quantified and just the start of a series of cascading queries useful for planners.
Indeed, using the built-in granularity, we can then zoom into the risk register to show the intolerable risk per sub-elements within the operations. This allows to evaluate the best possible mitigative tactics and strategic moves as applicable. As a matter of fact, the Chapter then goes on discussing different scenarios allowing the decision makers to focus their attention in a Risk Informed Decision Making approach. The scenarios include:
- climate change divergence,
- cyber divergence and
- others could be added.
Thus it is possible to optimize the size of say, buffer stocks, based on risks arising from climate change, or quakes, or hurricanes. Insurance coverages can also be optimized. This results in the implementation of innovative Force Majeure clauses with built-in B2B preventative solutions.
Closing remarks on risk tolerance
A convergent quantitative risk assessment should empower decision makers with answers about different aspects of the risks. For instance, which risks are tolerable, intolerable but manageable, and intolerable and unmanageable. Risk tolerance for tactical and strategic planning is a reality. We use it on a day-to-day basis and is affordable.
Defining tolerance thresholds makes it possible to provide a transparent definition of what constitutes a manageable risk. For instance, if mitigative investments and risk transfer can bring a risk below tolerance then that risk is manageable. Of course economic sustainability has to be considered in the selection of the means.
Intolerable risks for an operational manager may differ from Corporate. However, thanks to the risk tolerance which makes these differences clear, discussions can take place in a more serene communication environment.
The roadmap for mitigating an operation’s risks, expressed as relative value of the intolerable risks, helps maximize the time and resources of managers. That is by focusing on the most important issues and not necessarily on immediate issues. Indeed, this is the ultimate goal of Risk Informed Decision Making.
Glossary: please refer to the freely downloadable glossary. If used please reference to it as Riskope 2021 technical risk engineering glossary.
Tagged with: risk tolerance, Tactical planning
Category: Consequences, Mitigations, Probabilities, Risk analysis, Risk management, Tolerance/Acceptability, Uncategorized