Strona główna English

Ryzyko interkulturowe – mini case study


ryzyko interkulturowe

Speedy risk management

speedy risk

Speedy risk management – for English readers.

We are not lacking occasions to manage risks these days… in the end we live in a risk society, but often either no one manages risk or only a few try to manage too little, too late.

Quite a long time ago risk managers observed that although we evaluated a risk in two dimensions (just to remind you), i.e. the likelihood and consequences of a „risky” event multiplied by itself (not added to each other, because such ideas do happen!), there are other dimensions of risk.

Thus, today we will describe the speed of materialization of a risk or in other words, the time that remains from risk identification until its occurrence.

Speedy risk and TTI

There are different terms that are related to the speed of a risk, such as: risk velocity, risk clock speed and Time To Impact (TTI). Relatively, the topic is quite poorly perceived by managers, although empirically-tested by each one of us when we come into the office Monday morning, refreshed and eager to work hard, then we check our email box and … boom!

Exactly. There is no doubt today, that the world has really accelerated and every day, apat from the old, traditional risks, completely new risks appear: political, cyber, fraud, reputational. Luckily there are both threats and opportunities, but… do not be deceived by a world of technological innovations: a time in which the most massive, „traditional” risk can materialize does not necessarily result from an implementation of new discoveries by eggheads. Just for example it is enough that our valued legislators fall into the new idea of new regulations, and like a bolt from the blue, we have a problem.

That is why those who manage risk recommend adding that third dimension, spreed of materialization, risk velocity to the size of a risk during risk analysis. Of course, according to the rules of risk management, it would be good to quantify this additional risk dimension. The best in “days”, because it would probably be too late to do it in “hours” (we should note however, that it could be a part of so called Business Impact Analysis, BIA, that is the cornerstone of BCM).

Out of the blue

So, there are risks that materialize quickly (fast clock speed risk) and require immediate reaction and those that can wait. Because we always have to consider the allocation of our resources in the most effective and appropriate way. In the end there will also be risks of a „boom” – type, completely out of the blue, in other words classic black swans or like hawks falling on peacefully-grazing corporate partridges. Speedy risk.

Giving up these ornithological comparisons we need to mention that the concept of the „speed” of a risk raises some controversy. Some people even believe that this idea undermines the very essence of the concept of a risk, which „by definition” is connected with uncertainty. For if we had the ability to estimate when an event would take place “in days”, “hours”, or even in “years” (for strategic risks).. where would the uncertainty be then?

Others argue that the speed of a risk is already included in our estimation of the likelihood of an event. In other words, if the likelihood of a specific risk is greater than the likelihood of another risk it is also because we (sub)consciously took into account the shorter time in which it can materialize.

The issue remains debatable and, for example, in the standards of a risk management we do not find clear guidelines on how to proceed although the well-known Committee of Sponsoring Organizations (COSO) in its interesting guidance “Risk assessment in practice” proposes an assessment of „the speed of onset” or just „velocity of risk”.

Speedy risk: technically speaking

It seems, however, that at least at the level of preparation of a corporate risk profile, this classic risk management report for C-level management, it would be a shame to give up information about estimated „time to impact” (TTI). Technically speaking, some suggest that TTI multiplied by probability and effects will give us a new line up of identified risks, precisely taking into account the „clock” dimension. Of course we should previously establish our criteria for a risk assessment, and therefore the benchmark for a risk measurement.

As in the case of impact and probability each of the „small” or „large” TTI means something different. Probably for manufacturers of computer games, risk velocity is measured in months, and in the case of heavy industry in years, but … are you sure today?

As always you need to carefully consider the criteria by which we measure anything, especially the scale of probability. It is indeed a typical mistake made during risk mapping and repeated in many companies with a strange stubbornness.

The issue of risk velocity becomes particularly important given the increasing regulatory requirements for risk management. Regulations, like Solvency or Basel, or issued by local market regulators, impose construction of heavy, shiftless, static risk management systems, and writing of lengthy disclosures on topics that had become (pre)history yesterday. Today a drastically changing horizon of new events continually brings us new risks. We need solutions that are lightweight, agile, and responsive to the upcoming opportunities and threats, agile risk management.

Megaprojects! Why do they fail?


Why do Megaprojects fail? A short but a very interesting study on causes of biggest project failures with an excellent example of Seattle tunnel drilling.
Worth seeing as it briefly analyse root causes of typical Mega failures, unfortunately very typical and easy to predict…

Megaprojects ! Should we start them at all ?

The aliens attack

aliens attack

An alien invasion is undoubtedly a risk of a black Swan event, though with a rather lower likelihood but considerably higher consequences.

Apparently this is not a completely ridiculous threat because it was raised by the World Economic Forum (WEF), a very serious organisation from Switzerland, supported by a host of the most prominent players in the insurance industry. And no one else, but the WEF in its wellknown annual survey “Global Risk” 2013,  the only one, but still an important chapter dedicated to so called “X factors”.

In the “X” chapter we can find several paragraphs on risks with a very, very low probability, among them an “Extra-terrestrial life discovery”. It should be immediately noted that all of these “E.T” considerations are basically optimistic and suggest a number of quite positive consequences of such a seminal discovery. (By the way, honestly speaking,  if anyone had someone to discover, that would be “us”, and not  vice versa.)

The positive effects of the  forementioned discovery would indeed bring us to, even spotting of a very tiny piece of life, not to mention the Aliens and even if only at a distance, through a telescope.  Among the benefits of such an event the World Economic Forum lists a cosmic increase in spending on space exploration, with an emphasis on the creation of artificial intelligence (that we will send warily as  date bait) an emergence of many new branches of science and industry. The WEF report also considers the social effects of   a Contact event and even suggests serious problems for the Vatican.

With all these optimistic assumptions the whole range of threats associated with such a meaningful event is not mentioned in the Global Risk “X factors” at all. Among them we can, on the spot, even without asking 1000 experts from around the world (as does the report) bandying around other E.T. – threats or related  ideas, for example, malicious incineration of the population with  the use of  light rays; immobilizing of cars, not included in insurance terms and conditions; kidnapping for the „Newcomers’” breakfasts (or any other meal they use to celebrate while invading), more or less sophisticated abductions (conceivably for sex), the locking away of captives in cages as their guinea pigs or just for fun etc.

Otherwise, the catalogue of risks associated with an arrival of  Aliens is widely discussed and shown in easilyaccessible literature and video materials. Speaking about material losses caused by the extra-terrestrial force, it can be seen at once that there is a wide scope of activity for insurance companies, both locally and globally. But is the risk of an attack from the space insurable at all?

This is probably the moment when Lloyds’ syndicates smile indulgently, thinking about much more sophisticated risk than they insured in the past. A classic example is an insurance payment of a prize in a competition organized some time ago by the producer of Cutty Sark whisky. According to the rules of the contest, the winner of 1.5 million  pounds was ( merely) supposed to find the famous Loch Ness Monster.  Another similar example can be  the insurance of triathlon participants in Scotland (100 Ironmen, 1.5 million per capita) in the event of an attack  by that same monster (not found so far, as we know).  Here wealso have  a journalistic obligation to mention that  in  response to this insurance activity a violent, official protest was issued by the official  Monster Fan Club, arguing that The Loch Ness Monster had never been aggressive and its loss ratio was undoubtedly nil.

Furthermore, those willing to provide coverage of the E.T. risks will not be very many, but there is no shortage.  Let’s take an example from the US, where a “UFO Abduction Insurance Company” offers an attractive coverage of $20 million for just a $10 premium. Here, however, as is usually  the case, it is important to carefully read the Terms & Conditions, because a desired compensation for the victims of UFO’s  will be only possible upon proper completion of an attached form certifying the fact of being subject to examinations by the Aliens. And this may be difficult, because no one knows,  for example, whether to go to a family doctor or the Healthcare Department. The good news is that the indemnity will be automatically doubled if the Aliens insisted on conjugal visits or  if the intention of the kidnapping took  was food.  Reportedly,  up to now they have only sold two policies, so…

Readers may fall down laughing, thinking that no business like an insurer underwrites such a policy but there are other examples of   insurance against Aliens . We were even able to find web pages belonging to  a Berkshire Hathaway subsidiary, which otherwise sold, for example about 12 million car insurance policies a year. Elsewhere we can find that another insurer, this time from the UK has already sold ca. 30 thousand (sic) similar policies. So we can conclude there is a market, so the risk must exist.

By the way, if we have already touched on the subject of insurance innovation we should also mention a wide range of insurance coverage for space risks, such as a meteorite impact,  which we  tangibly experienced two years ago in Chelyabinsk, Russia. The other supernatural and exotic risks to be covered include such phenomena as werewolf attacks, poltergeists or immaculate conceptions. However, let me address this another time…

aliens attack

Terrorism risk

terrorism risk

How can we protect ourselves against home grown terrorism ? (video source)

Subscribe us with email.

terrorism risk, terrorism risk, terrorism risk,

Risk Management show killers.

Risk Management

Though this be madness, yet there’s method in’t.

There are two tools of Enterprise Risk Management that gain incredible popularity in  business nowadays: the first one is a risk
map (heat map) and the second one is a risk register. Describing a risk register in simple words – it is a tabular statement of identified business risks, their causes and effects, risk dimensions (Probability multiplied by Effect of an event) plus description of risk controls. There are project, departmental, corporate risk registers; even attempts to put together governmental risk registers can be found.

A risk map is, let me remind you, a visualisation of identified risks in a coordinate system (P and E). It looks convincing and appropriate for a Power Point presentation for your board of directors, but…just one important remark: a risk map is only a graphic “visualization” of the risk identified before in a risk register. It is not a tool for risk identification and analysis itself!
In fact, the existence of an active risk register simply proves that an organisation systematically manages its risks. However, the boards often declare management of risk while the answer to a simple question about a risk register is negative.
Creation of risk records, either in a form of a risk map or a risk register is certainly not a sufficient condition for effective risk management. Moreover, creation of such maps and registers
often becomes destructive and turns into a classical show killer of enterprise risk management implementation. Are you lost already? Let me explain it to you then.
A classical model of a risk management process, either described in ISO 31000 or COSOII standards, provides  for at least a few basic steps. They are: establishing the context – risk assessment
(including identification, analysis and evaluation) – risk treatment. That’s enough about theory. In practice companies begin their risk management adventure by taking first crack at an exploratory, promising, but labour-intensive task of risk
identification and description. This is done in accordance with the art of risk management and best practice, but… how often such art turns into art for art’s sake!
Typically, as a result of dozens risk identification workshops lengthy lists of risks containing hundreds of threats to the business are created, whereas their creators are not able to control them anymore! It is also a regular occurrence that a risk identification process lasts months longer than initially
planned (if there was any plan) and as a result risks that had been identified at the beginning of the process simply become history, unimportant rubbish in today’s fast changing business environment. Thousands of office hours were spent, hundreds of donuts (or, if you prefer, precels) consumed and litres of coffee drunk. Was it all worth it?  On the other hand, such big records, even if their creators are eventually very proud of them, bring
horror to management and co-workers. “How will we be able to manage five hundred risks?”, they think desperately.
Well, the lesson learned for Risk Management is: your risk register should be built prudently. And what quantity of risks “should” your company identify is another story for the next column.
The bad news is that falling into bureaucratic identification of risks, only aimed at recording and updating, is not the only peril on a risk manager’s path. The biggest challenge, and numerous surveys prove it, is a real life use of a risk register in decision taking. It is surprising how often, even open-minded managers that used to be promoters of the risk management implementation process take even strategic decisions in complete isolation from what can be concluded from risk registers and maps. And when a company fails people say that risk management has failed. Wrong!
Systematic management (and any type of management) requires regularity and determination. It is also true that managers simply do not have time to dig through large, sluggish risk management
registers. This is the way risk registers live their own life and boards live their own and only among those who were involved in risk identification frustration is growing. “What was the purpose of our efforts?”, they ask themselves.
Thus, there is another lesson to be learned: risk identification is one thing, evaluation the other, but taking risky decisions is a
completely different, much bigger challenge.