320 likes | 476 Views
Risk Assessments. From qualitative to quantitative. Agenda. Introduction Case presentation Introduction to distributions Risk quantification Risk simulation Discussion and wrap-up. About DNV. Purpose: to safeguard life, property and the environment
E N D
Risk Assessments From qualitative to quantitative
Agenda • Introduction • Case presentation • Introduction to distributions • Risk quantification • Risk simulation • Discussion and wrap-up
About DNV • Purpose: to safeguard life, property and the environment • Independent foundation created in 1864 • Over 9,000 employees working from 300 offices in 100 countries providing: • Assessment, Advisory, Certification, Assurance and Training services • DNV assists organisations in a wide range of sectors to indentify, assess, manage and communicate on risk and sustainability, building sustainable value, resilience and stakeholder trust
Introduction Workshop Introduction Case Quantification Simulation End
Assumptions • You are familiar with thinking about risks • You are comfortable with risk registers • You are familiar with qualitative risk identification and assessment
Why should we quantify risks? • Makes a risk register richer and potentially more nuanced • May simplify discussions relating to risk appetite • Can summarise a risk register into one figure • Simulation results may change priorities
Why shouldn’t we quantify risks? • Some risks don’t lend themselves to quantification • Reputation risks are notoriously hard to pin down • When too many simplifying assumptions must be made • E.g. Gaussian cupolas and credit default swap pricing • When risks are too diverse • Don’t compare apples to motorcycles
Changing definition of risk • Measurable uncertainty Knight, Frank H. (1971), “Risk, Uncertainty and Profit” (University of Chicago Press), Orig. pub. 1921 • Combination of the probability of occurrence of harm and the severity of that harm Source: ISO/IEC Guide 51:1999 • Combination of the probability of an event and its consequence ISO/IEC Guide 73:2002 • Chance of something happening that will have an impact on objectives AS/NZS 4360:2004 • Effect of uncertainty on objectives ISO 31000:2009
For this workshop session Unwanted event → Negative consequence
Short case description Workshop Introduction Case Quantification Simulation End
Hi-tech corporation Hi-tech corporation is a multi-national company that produces and sells hardware and services on several continents. They pride themselves in a good reputation for corporate governance, social responsibility and good worker practices.
Description Hi-tech corporation use outsourcing and complex supply chains very efficiently They use raw materials and components sourced from all over the world
Market situation is extremely competitive Marketing research has shown that customers in Western countries are willing to pay a premium for Hi-tech corporation’s products Surveys identified their reputation for fairness to employees, and that their products are perceived as having high quality as the main reason for this
Financial performance last year Revenue 3bn 4% increase year on year R&D expenses £80 m After tax profit £500 Launched 4 new products
Risk quantification Workshop Introduction Case Quantification Simulation End
Risk quantification in this model is in two steps • Quantify probability of occurrence • Quantify loss distribution on occurrence
Step two – Quantify the loss if the unwanted event occurs • Statisticians have spent many years identifying distributions in data sets • Ideally, use historical data to identify impact of risks and fit a distribution
We will simplify – By using the Trigen function • Need three values • P10 • Most likely • P90
How do we quantify using the trigen function? • Imagine 10 outcome scenarios ranging from worst case to best case • Your P10 value is your second best outcome scenario • Your P90 value is your second worst outcome scenario • Most likely is the median, which usually is somewhere in the middle ..
Each group will quantify one risk • Assign • P10 • Most likely • P90 Group exercise
Simulation Workshop Introduction Case Quantification Simulation End
Summary of model outputs • Mean value • The average expected loss over the next year • In a humdrum year, we would expect our humdrum loss to be this value • Standard deviation • Quantifies the range of the possible outcomes • The narrower the “better”, as it increases our confidence in the mean value • ±1.96 * Standard deviation • Our 95% confidence band • We are 95% certain our losses will not exceed/be inferior to these thresholds
Did our risk priorities change? • The tornado graphs show correlation between simulated losses related to each risk and total simulated losses • This information is useful with regards to prioritising risk mitigating actions and controls • Our qualitative register suggests we start with mitigating risk 8 – Stolen product designs • What does our model say?
And for those of a statistical persuasion • Fit the aggregate exposure to statistical distributions • If this is consistent over a 10 – 15 year period you may consider using …
Thank you • Please fill in the feedback forms • May your risk management make you sleep well at night
Safeguarding life, property and the environment www.dnv.com