The ‘Cone of (Un) Certainty’ has been a fixture in strategic planning for a few decades [1]. In reviewing these models I was struck by the assumption that planning ends…. and well that is it. To correct this, I would like to propose a planning model entitled: ‘The NOW-Event Map’. which considers both planning and delivery.
A comprehensive list of risk categories to support a definition previously provided. Categories can be downloaded via MS Excel.
Continue readingA survey of definitions for ‘risk category’ results in one that is organization focused: A risk category allows for the grouping of one or more risks in a manner that is meaningful to the organization and its key external-stakeholders such as investors, citizens, auditors. etc.
Continue readingThis is a second in a series of blogs on Internal Control and this one specifically asks, is there a list of internal controls and why would you want such a list?
Continue readingAccountants are trained to think about and implement controls. The classic examples are segregation of duties, reconciliations or budgets. Generally though, these controls are to manage at the transactional level where an error or a small fraud might occur. The big frauds of course are in the C-Suites and include such classics as off-balance sheet liabilities, rogue traders or manipulation of inventories.
Continue reading“Voldemort Risks” are unspoken that employees avoid naming due to fear or cultural pressures. It highlights historical examples, like Enron and the Challenger disaster, emphasizing the need for risk identification through methods like whistleblower protections and fostering a high-trust culture. Identifying these risks can improve organizational resilience.
Continue readingI have been thinking about risk management a lot and how to make it as effective as possible. One concept that I have not seen but I would have expected would be ‘cascading risk management’.
Cascading risk management is where senior levels of an organization manage risks that are germane to the entire organization freeing subordinate levels to focus on their specific strategic, tactical and operational risk management. Here is an example in a fictional state or provincial government or larger for-profit company:
| Level | Risk Management | Example/Comment |
| Government Wide / National Wide | Strategic risks that affect the entire government and central services provided. | Government wide IT security, tax policy, inter-government relations. |
| Ministry/ Department | Strategic risks that affect the Department but exclude those identified as belonging to the government. Government wide risks are inherent to the Ministry’s Risk profile but do not need to be repeated unless they meet one of the following criteria:
|
Ministry of Finance further articulates the risks of debt management or tax policy.
The Ministry of Health further articulates the risks related to a pandemic. The Ministry of Education reinforces the need to replace retiring teachers. |
| Division/ Branch | Strategic risks that affect a sub-element of the organization but exclude those sufficiently belonging to the above layers of the organization.
The same conditions as discussed above apply but cascaded down one more level. Note that this level will generate Strategic, Tactical and Operational Risks. |
Western Canada Marketing sub-Department.
Tax policy unit of the Ministry of Finance |
| Team/ Project/ Other Work Unit | Tactical and Operational Risks with a reference to the above cascaded risks. In this manner, the operational area can focus on the most critical risks affecting delivering their contribution to organizational objectives. | IT Project Team.
Policy team drafting legislation. New product launch team. |
The above is predicated on the following assumptions:
Assuming the above exists the a cascade risk statement may look like this:
Peter L. Bernstein wrote “Against the Gods: The Remarkable Story of Risk” in the late 1990s, well before the financial meltdown of 2008 or the dot come bubble burst a few years later. The book itself is a good refresher of the history of mathematics and provides a reasonably entertaining and well written history of risk. Before getting to the book though, a quick detour about Bernstein himself.
Bernstein died in 2009 at the age of 90. Over those nine decades he was born into relative wealth, served as an officer in World War II, worked for the US federal government, taught university, took over his father’s investment business, sold the business for a tidy sum, wrote ten books – 3 in his late 80’s and became a respected academic. WHEW
For anyone of us, a few of the above accomplishments in our lifetime would be gratifying (including making it to 90) let alone the number he accomplished. In other words, Bernstein can be said to have had a life well lived.
Some of the reviews on http://www.goodreads.com have critiqued Bernstein’s writing style. It is not the most elegant I have ever read but it was reasonably engaging and not too technical. He takes a chronological approach to risk but this is really on the mathematics of risk.
He notes the restrictions early western mathematicians had including the Roman numeric system, the enlightenment and renaissance (to get beyond the notion that all things are pre-ordained by God), bookkeeping, forecasting, algebra and an unfinished game of chance.
To this last point, the question was how best to divide up the winnings of a game with a fixed number of iterations of the game that was partially played. This question spurred the mathematics to ask the question about probabilities and the future. Risk management was born.
From the renaissance, Bernstein takes us through the development of more advanced mathematics, game theory and then finally the rise of the Quants in computerized trading.
In other words, the book is a good and reasonably accessible refresher on the history of mathematics and specifically the development of statistics and financial mathematics. Bernstein does explore some of the human side of risk. For example he discusses those old favorites of behavioral economics: loss aversion, regression to the mean / Prospect Theory, ambiguity aversion, etc. In other words, a good historical romp that ties in some familiar and some unfamiliar details into a reasonably good overview of the mathematics of risk…
… and therein lies the biggest problem with the book, big on math short on the story of risk. There is so much more that Bernstein could have incorporated into the book. For example
In a way it is too bad that Bernstein wrote the book when he did or that he did not write it say 10-12 years later. I would have been interested in his views on the 2008 financial crisis and the work of Nicholas Taleb, etc. who also discussed risk, statistics and randomness.
So, a good read if you enjoy history, mathematics and what a fuller understanding of the concepts of risks. A revised edition would be great, or even better, a second volume with more depth and breadth. Never the less a read that rounds out anyone interested in Risk Management.
Publisher’s Description: With the stock market breaking records almost daily, leaving longtime market analysts shaking their heads and revising their forecasts, a study of the concept of risk seems quite timely. Peter Bernstein has written a comprehensive history of man’s efforts to understand risk and probability, beginning with early gamblers in ancient Greece, continuing through the 17th-century French mathematicians Pascal and Fermat and up to modern chaos theory. Along the way he demonstrates that understanding risk underlies everything from game theory to bridge-building to winemaking.
p. 15: Time is the dominant factor in gambling. Risk and time are opposite sides of the same coin, for if there were no tomorrow there would be no risk. Time transforms risk, and the nature of risk is shaped by the time horizon: the future is the playing field. Time matters most when the decisions are irreversible.
p. 197: The essence of risk management lies in maximizing the areas where we have some control over the outcome while minimizing the areas where we have absolutely no control over the outcome and the linkage between effect and cause is hidden from us.
p. 228: Keynes argued that interest is a reward for parting with liquidity, not for refraining from consumption.
p. 232: Game theory says that the true source of uncertainty is in the intentions of others.
This is the second in a series of blogs on a Practical Risk Management Method or PRMM. At the bottom of this blog is a refresher of the other steps. This step’s premise is don’t separate your planning activities from your risk management activities. In other words:
Planning = Risk Management. Planning is ultimately about managing uncertainty which is a fancy name for Risk. At this point you may be saying:
I am afraid I can’t help you if you fall into the last category but hopefully these blogs can help you if you with the first two.
Continue readingIs traditional risk management practical? If so, why do so many organizations struggle to do it well? As a quick refresher here are the three steps of virtually all risk management methods:
What makes risk management impractical is that it is often a bolt on and/or a parallel activity. In addition, risk management often gets bogged down in too many risks and not enough value add (see my blog “Guns, Telephone Books and Risk?” for more on this). PRMM recommends the following steps:
My next blog are some thoughts on step 1 above, integrating risk management into the planning processes of the organization.
Organizational Biology 