Eight Ideas for 21st-Century Risk Managers

I recently contributed to an article in the April issue of "Risk Professional" on new approaches to risk management and scenario planning.  The full text can be found on the GARP website behind a pay wall, here; "Gifts of Sight"

 

I also put together a glossary of 21-Century ideas for risk professionals.  Boris came across it on my blog and suggested I repost it here.  The original, expanded version can be found on my blog.

 

Here are several key tools and concepts that every 21st-Century risk manager should be familiar with:

 

1.  Scenario planning: The classic, group-based process for exploring the impact of critical trends and uncertainties on the business or policy environment.  The method was widely popularized (although not developed) by Royal Dutch Shell in the 1960′s and 1970′s.  The legacy of Pierre Wack and his protege’s is still widely felt through-out the strategic planning world, focusing on external variables of change, critical uncertainties, and the mental models of managers and decision-makers.  Two of the best books on scenario planning are Kees Van Der Heijden’s “Scenarios: the Art of Strategic Conversation” and Peter Schwartz’s “The Art of the Long View“.  A very good (although slightly dated) academic history of scenario planning can also be found here.

 

2. Horizon scanning: If scenarios help managers think about long-term change, horizon scanning is a process of scanning the environment for short term disruptions and other emerging issues.  Key aspects of horizon scanning include environmental and social monitoring , distributed sensing capability, and knowing what to look for.  Horizon scanning is a natural extension of scenario planning, which often help sensitive decision-makers to areas of potential change so that they can “make sense” of emerging trends and data.  The Government of Singapore has the best horizon scanning system in the world, although several private consultancies offer horizon scanning services to corporations and organizations as well.  The Swiss Government also offers a detailed description of horizon scanning which is quite good.

 

3. Sensemaking: A critical element to horizon scanning is the concept of “sensemaking”.  The term describes a social process of explicit “making sense” of conflicting or ambiguous data and was originated by academics such as Weick, Sutcliffe and Dervin.  It was later popularized by philosopher / practitioners like Dave Snowden and Gary Klein, who have very successfully applied this to the corporate risk management world.  Sensemaking process through collective interpretation of confusing events, often events which have already happened.  The September 11th Review is a large-scale example, although without using explicit sensemaking techniques.  The point is to overcome the social and cognitive biases that cause us ignore critical bits of information that “don’t fit” with our stories about the world (such as airplanes crashing into towers).  In this way, sensemaking is linked to the process of horizon scanning, which captures and presents trends and changes to mangers in a way that helps them understand their own expectations and limitations.  One of the best introductions to sensemaking for risk management is Gary Klein’s excellent book “Sources of Power: How People Make Decisions.”  Dave Snowden also has dozens of excellent podcasts on sensemaking and risk management on his blog over at Cogntive Edge.

 

4. Phase transition: Most risk management (and risk management models) are based on assumptions of smooth change and linear continuity of events.  Phase transition is a concept fromcomplex adaptive systems which argues that change actually occurs in short, periodic bursts in most complex, interdependent environments such as economies, ecosystems and technological systems.  This concept is best illustrated by Gunderson and Holling’s work on the adaptive cycle (summarized well here), but is given a long treatment in an academic lecture I recently gave at the London School of Economics.  The point for risk managers is that change, when it occurs, is often more severe and rapid than simply statistical models predict.  This principle underlines the importance of all other concepts in this introduction.

 

5. Crowd sourcing: Given the reality of rapid change and the need to “make sense” of conflicting, emerging trends, crowd sourcing is an excellent way to keep track of emerging risks that can produce rapid, surprising results.  The MIT Center for Collective Intelligence does some of the best thinking on crowd sourcing.  Their point is that widely distributed problem-solving offers radical potentials for complex data processing.  Crowd sourcing, when linked to horizon scanning, sensemaking and scenario planning systems, offer a truly revolutionary  approach to risk management.  I wrote a short introduction to crowdsourcing and collective intelligence here, which risk managers may find interesting.

 

6. Experiential learning: The value of many of these exercises is based on the fact that humans learn best when doing.  The concept of experiential learning, therefore, is a way to create lived experiences tht explore critical issues through creative simulation or experiential means.  Such approaches have been shown to produce demonstrable increases in learning and absorption of mission-critical ideas when compared to traditional forms of classroom learning and training.  Tactical decision games, a form of experiential learning, are widely used in crisis preparation and risk management communities to help first-responders walk through how they might respond to surprising or stressful situations.  Learning journeys (pdf) are another approach that takes senior management on physical field trips to unique environments to help them experience emerging threats or opportunities in their field.

 

7. Red teaming: Red teaming is a form of experiential learning coming from the military.  In live-action military training exercises, the “good guys” often called the “blue team” and the “bad guys” are  often known as the “red team”.  Over time, the term “red teaming” has come to stand for the process of using outsiders to intentionally break, foil or surprise your strategic planning and risk mitigation process.  It may sound counter-intuitive, but by actively inviting a determined (but ultimately friendly) enemy to stress-test your systems, you can increase the likelihood of uncovering hidden weaknesses and failure points.  A good introduction to red teaming can be found here.  A more detailed discussion on the use of red teaming and “ethical hacking” in IT security can be found here.  Finally, for those interested in security and defence, the Red Team Journal is an excellent blog and resource on this practice.

 

8. Serious gaming: Finally, a link between experiential learning, red teaming and traditional risk management can be found in the concept of serious gaming; ”games designed for the purpose of solving a problem.”  For risk managers, the most pressing problems might be to identify, understand and communicate core risks to your organization.  Serious gaming and game mechanics offer compelling, effective and enjoyable ways of engaging people within your organization towards these ends.  Jane McGonigal is a leading thinker on how to use games to address serious issues (her TED talk on gaming should be a must-view for every risk manager).  The Serious Games Institute offers a rich repository of “serious research on serious games”. Finally, the Serious Games Market is an excellent blog on recent developments and ideas in serious gaming.

 

I believe that the combination of these ideas and techniques represent the leading edge of scenario planning, risk management and strategy creation.  The convergence of them is where the substantive of innovation in 21st-Century risk management will occur.  Watch this space for rapid and important change and please don't hesitate to get in touch for further discussion.  

 

The original, expanded version of this post can be found on my blog.

You need to be a member of Global Risk Community to add comments!

Join Global Risk Community

Votes: 0
Email me when people reply –

Replies

  • This is a very interesting approach to scenario testing and certainly in my view incorporates some excellent techniques in improving scenario testing. As the person who wrote the original Basel II rules on Value at RIsk for the FSA (UK regulator), I believe I have a unique insight in to this area, largely due to the access afforded to me by large investment banks and their VaR and stress testing models. The reality is that as in any quantitative model and certainly essential in a stress-testing model, qualitative common sense needs to be applied. Two common sense questions should be considered in every asset class and instrument that is part of a scenario test: 1) what is the appropriate distribution to use for the particular instrument/asset class 2) what will the future correlation of that instrument/asset class be with other positions in the portfolio. Most modeling techniques used do not successfully capture these questions whether parametric or non-parametric. However there are certain quantitative techniques that certainly are more appropriate than others, however this needs to be done at the instrument/asset class level not by having a broad technique that is decided at the overall model level. As far as correlation is concerned, my research concludes that for this to accurately predict the future a large amount of qualitative input is required. In fact the answer lies not in correlation at all but in causation.

  • Brilliant thought provoking writeup.

    Hats off.

    With Love and Regards

    Prof.S.Subramanian

  • Although process knowledge elicitation is good, is not a cookie-cutter process and care must be taken since 
    a) different elicitation techniques used depend on the context thereby creating multiple criteria decision-making problem such as risky assumptions and assumptions of risk among criteria, sub-criteria and alternatives, and
    b) if the model created is based on rules-based approach, employing discretion at different points can be dangerous since rule-based regime would have to include meta-rules (rules about the rule) to determine which rule or which variant of which rule is to be used. Additionally, the rule would also have to include a rule specifying when the rule should be ignored.

    In addition to the 8 ideas highlighted, with the aim of an effective risk discourse, I would like to suggest stakeholder partnership since by bringing together representatives from different stakeholder communities in an inclusive, sustained and indefinite discourse, provides a potentially important means of engaging them in the full cycle of risk governance. However, a key challenge in this is how to establish a practicable yet balanced partnership, which can properly represent the interests and views of large numbers of stakeholders. Barriers to participation which otherwise act to bias involvement also need to be overcome, and issues of legitimacy and accountability addressed, in order to ensure that stakeholder partnership genuinely speaks for their stakeholder communities. Further challenges also occur in enabling fair and open debate within the partnerships, with differing styles of discourse and goal-seeking strategies having to be recognised and accommodated, and collaborative strategies, which seek win-win solutions encouraged. This will address the following :-
    a) how can those subjected to risks be properly informed about the risks?
    b) how can credibility of risk assessments be assured?
    c) how can consent be obtained of those subjected to the risks?
  • Richard, repeating what our colleagues have expressed, this is an excellent list of topics and ideas that risk managers should be considering and employing as it applies to their situation in today's markets. The first 3 ring true and need to be center plate to understand the scenarios we face and re-establish where we are in the cycles that each industry sector continues to go through albeit with the changes of the times that have affected those cycles previously watched and monitored. Then, experiential training has to come back. Risk management is not something learned through webinars. I am presently in Jakarta teaching relationship managers how to write up deal proposals based on a real case study where they have to do the financial analysis, the projections and the actual write-up based on a risk management framework covering management, competitive positioning and industry risk, financial strength, and structuring and collateral. The marketing officers have strayed too far relying too heavily on the credit analysts support and today there is a disconnect requiring the marketing officers to refresh or in some cases learn risk management principles for the first time to execute deals with acceptable risk under a firm's policies and risk criteria. It has to be a "hands-on" experience to dominate this. It can't be learned from simply studying a manual or reading books or taking on-line courses. There has to be interactive discussion where the participants' conclusions are challenged forcing them to show their understanding and justifying their decisions and recommendations. Thanks for sharing your perspective. It is readily applicable I assure you.
  • I am willing to share. My experience is mostly public sector and qualitative analysis (14 years focused on risk management, preceded by other private and public sector experience).  I also need to get smarter and confident in quantitative techniques.  My viewpoint might be of interest, especially when we consider the big problems facing the global enterprise.
  • Hi Richard, sounds great. I'll be there as well.  I look forward to chatting about this.  I've seen some great examples of Bayesian analysis in group decision-making around systemic risk.  You'll notice that most of these techniques focus on people's perception of risk, not necessarily about the actual analysis itself.  But I think that simulation and technical analysis still plays an invaluable part in adding evidence to these debates. Persuasive arguments without good data are often just as dangerous as good data without persuasive communication!

    Richard Pike said:
    Excellent list. I am attending the Oxford Futures Forum next week at which we will be discussing possible linkages betwen scenario planning and complex adaptive systems. Hopefully it should shed some light on possible areas of research. Have you considered the use of bayesian maths to generate some quantitative analysis?
  • Thanks for the feedback everyone.  I'd love to compile a list of examples where people in the community have put these ideas in practice.  I suspect that there may be a large group of "ideas insurgents" in the risk professional community that have been secretly applying innovations like these under the radar.  Would anyone like to share examples?
  • An excellent list and thank you for the links.  Professionally I am a big fan of Red Teaming, which provides an interesting and often times unorthodox view into the assumptions a team makes on planning and defending against risks.  The practice is often valuable for companies with international exposure with foreign facilities, operations and supply chains. 
  • This is excellent.  I totally agree on serious gaming, foresight and futures thinking; things that should be taught in the school system.  We need to get these things out of the OR world and into the mainstream.  I also love Klein's work (on decision making under uncertainty and pressure).   One thinking, learning and communicating tool / technique that I would include is systems thinking.  There are several resources, but pegasuscom.com is a good place to start.  Any risk professional would benefit from participating in their annual conference - Systems Thinking in Action - different theme each year. Every second year STA is in Boston (locale of MIT, Senge et al's SoL and the Presencing Institute, Cambridge) and subscribing to their Systems Thinker Newsletter (Cost is well worth it.  Every issue has something useful).  Another resource is the Society for Organizational Learning. For people that remember The Fifth Discipline (1990), Peter Senge is still going strong.  Maybe, we should compile a Reading / Resource List covering these knowledge areas. Speaking of knowledge, a good KM resource is David Gurteen. For leadership, Mike Yates has an excellent newsletter. For World Cafe, check out World Cafe..., a powerful technique you will experience at STA
  • Excellent list. I am attending the Oxford Futures Forum next week at which we will be discussing possible linkages betwen scenario planning and complex adaptive systems. Hopefully it should shed some light on possible areas of research. Have you considered the use of bayesian maths to generate some quantitative analysis?
This reply was deleted.

Introducing the Global Risk Series - Book 1 Risk Management How Tos

Dear GlobalRisk Community member, Our community’s mission is to foster business, networking and educational explorations among members. Learn from some of the top experts in the industry as they clearly explain how to approach the most important Risk management concepts. Check out their expert tips and use the link at the end of each article to navigate back to the website to leave your comment or ask a question.   Some of the topics include: How do you Explain Risk Appetite?  How to Prepare a…

Read more…
16 Replies · Reply by GlobalRiskCommunity Mar 21
Views: 1106

[Free COVID-19 Framework] What's the path to recovery look like?

We created a free presentation (attached), which discusses both global and organizational impacts of the COVID-19 pandemic, along with critical actions organizations should take immediately. This presentation introduces a framework that helps regions and organizations navigate a path to recovery via 9 potential scenarios. These scenarios capture outcomes related to GDP impact, public health response, and economic policies. The presentation also breaks down 6 immediate and critical actions…

Read more…
4 Replies · Reply by Steve Diaz Jul 8, 2023
Views: 236

If risk management is about decision making, are current risk management solutions irrelevant?

Now that the updated COSO and ISO risk management standards emphasize a connection to enterprise objectives and decision making, does this mean ERM and GRC solutions focused on risk registers and regulatory compliance are missing the true value of risk management?Will current risk management solutions evolve to integrate more decision support functionality or will standalone prescriptive analytics and other technology solutions take a more prominent role in enabling risk-informed…

Read more…
3 Replies
Views: 163

A question related to classification of instruments between trading and banking book.

We have an interesting question from one of our members.       "We usually perform OTC FX transactions with clients backed-to-back on the market (with Banks). Now we are going to perform a FX swap (i.e. Spot + forward) JPY/EUR for the Bank account for 1 week at the longest. The purpose is to get EUR place @ CB for LCR compliance purpose (no trading purposes). Bank's Management think that this should be considered as a trading position and therefore be classified within the Bank's trading book.…

Read more…
5 Replies · Reply by Prisha Singh Dec 26, 2023
Views: 372

Plunging oil prices: curse or blessing in disguise?

The recent sudden crash of oil prices has had a major impact on the world economy, leading to many troubled faces in the international arena. The Russians fear the effects of yet another powerful hit on their economy, Venezuela seems to be considering default and the Americans are weary of the consequences for its young and emerging shale oil industry. And then you have the Middle East, where the smallest match is enough to ignite the largest fire. But are these worries really justified or…

Read more…
1 Reply
Views: 106

    About Us

    The GlobalRisk Community is a thriving community of risk managers and associated service providers. Our purpose is to foster business, networking and educational explorations among members. Our goal is to be the worlds premier Risk forum and contribute to better understanding of the complex world of risk.

    Business Partners

    For companies wanting to create a greater visibility for their products and services among their prospects in the Risk market: Send your business partnership request by filling in the form here!

lead