I recently contributed to an article in the April issue of "Risk Professional" on new approaches to risk management and scenario planning. The full text can be found on the GARP website behind a pay wall, here; "Gifts of Sight"
I also put together a glossary of 21-Century ideas for risk professionals. Boris came across it on my blog and suggested I repost it here. The original, expanded version can be found on my blog.
Here are several key tools and concepts that every 21st-Century risk manager should be familiar with:
1. Scenario planning: The classic, group-based process for exploring the impact of critical trends and uncertainties on the business or policy environment. The method was widely popularized (although not developed) by Royal Dutch Shell in the 1960′s and 1970′s. The legacy of Pierre Wack and his protege’s is still widely felt through-out the strategic planning world, focusing on external variables of change, critical uncertainties, and the mental models of managers and decision-makers. Two of the best books on scenario planning are Kees Van Der Heijden’s “Scenarios: the Art of Strategic Conversation” and Peter Schwartz’s “The Art of the Long View“. A very good (although slightly dated) academic history of scenario planning can also be found here.
2. Horizon scanning: If scenarios help managers think about long-term change, horizon scanning is a process of scanning the environment for short term disruptions and other emerging issues. Key aspects of horizon scanning include environmental and social monitoring , distributed sensing capability, and knowing what to look for. Horizon scanning is a natural extension of scenario planning, which often help sensitive decision-makers to areas of potential change so that they can “make sense” of emerging trends and data. The Government of Singapore has the best horizon scanning system in the world, although several private consultancies offer horizon scanning services to corporations and organizations as well. The Swiss Government also offers a detailed description of horizon scanning which is quite good.
3. Sensemaking: A critical element to horizon scanning is the concept of “sensemaking”. The term describes a social process of explicit “making sense” of conflicting or ambiguous data and was originated by academics such as Weick, Sutcliffe and Dervin. It was later popularized by philosopher / practitioners like Dave Snowden and Gary Klein, who have very successfully applied this to the corporate risk management world. Sensemaking process through collective interpretation of confusing events, often events which have already happened. The September 11th Review is a large-scale example, although without using explicit sensemaking techniques. The point is to overcome the social and cognitive biases that cause us ignore critical bits of information that “don’t fit” with our stories about the world (such as airplanes crashing into towers). In this way, sensemaking is linked to the process of horizon scanning, which captures and presents trends and changes to mangers in a way that helps them understand their own expectations and limitations. One of the best introductions to sensemaking for risk management is Gary Klein’s excellent book “Sources of Power: How People Make Decisions.” Dave Snowden also has dozens of excellent podcasts on sensemaking and risk management on his blog over at Cogntive Edge.
4. Phase transition: Most risk management (and risk management models) are based on assumptions of smooth change and linear continuity of events. Phase transition is a concept fromcomplex adaptive systems which argues that change actually occurs in short, periodic bursts in most complex, interdependent environments such as economies, ecosystems and technological systems. This concept is best illustrated by Gunderson and Holling’s work on the adaptive cycle (summarized well here), but is given a long treatment in an academic lecture I recently gave at the London School of Economics. The point for risk managers is that change, when it occurs, is often more severe and rapid than simply statistical models predict. This principle underlines the importance of all other concepts in this introduction.
5. Crowd sourcing: Given the reality of rapid change and the need to “make sense” of conflicting, emerging trends, crowd sourcing is an excellent way to keep track of emerging risks that can produce rapid, surprising results. The MIT Center for Collective Intelligence does some of the best thinking on crowd sourcing. Their point is that widely distributed problem-solving offers radical potentials for complex data processing. Crowd sourcing, when linked to horizon scanning, sensemaking and scenario planning systems, offer a truly revolutionary approach to risk management. I wrote a short introduction to crowdsourcing and collective intelligence here, which risk managers may find interesting.
6. Experiential learning: The value of many of these exercises is based on the fact that humans learn best when doing. The concept of experiential learning, therefore, is a way to create lived experiences tht explore critical issues through creative simulation or experiential means. Such approaches have been shown to produce demonstrable increases in learning and absorption of mission-critical ideas when compared to traditional forms of classroom learning and training. Tactical decision games, a form of experiential learning, are widely used in crisis preparation and risk management communities to help first-responders walk through how they might respond to surprising or stressful situations. Learning journeys (pdf) are another approach that takes senior management on physical field trips to unique environments to help them experience emerging threats or opportunities in their field.
7. Red teaming: Red teaming is a form of experiential learning coming from the military. In live-action military training exercises, the “good guys” often called the “blue team” and the “bad guys” are often known as the “red team”. Over time, the term “red teaming” has come to stand for the process of using outsiders to intentionally break, foil or surprise your strategic planning and risk mitigation process. It may sound counter-intuitive, but by actively inviting a determined (but ultimately friendly) enemy to stress-test your systems, you can increase the likelihood of uncovering hidden weaknesses and failure points. A good introduction to red teaming can be found here. A more detailed discussion on the use of red teaming and “ethical hacking” in IT security can be found here. Finally, for those interested in security and defence, the Red Team Journal is an excellent blog and resource on this practice.
8. Serious gaming: Finally, a link between experiential learning, red teaming and traditional risk management can be found in the concept of serious gaming; ”games designed for the purpose of solving a problem.” For risk managers, the most pressing problems might be to identify, understand and communicate core risks to your organization. Serious gaming and game mechanics offer compelling, effective and enjoyable ways of engaging people within your organization towards these ends. Jane McGonigal is a leading thinker on how to use games to address serious issues (her TED talk on gaming should be a must-view for every risk manager). The Serious Games Institute offers a rich repository of “serious research on serious games”. Finally, the Serious Games Market is an excellent blog on recent developments and ideas in serious gaming.
I believe that the combination of these ideas and techniques represent the leading edge of scenario planning, risk management and strategy creation. The convergence of them is where the substantive of innovation in 21st-Century risk management will occur. Watch this space for rapid and important change and please don't hesitate to get in touch for further discussion.
The original, expanded version of this post can be found on my blog.
Replies
This is a very interesting approach to scenario testing and certainly in my view incorporates some excellent techniques in improving scenario testing. As the person who wrote the original Basel II rules on Value at RIsk for the FSA (UK regulator), I believe I have a unique insight in to this area, largely due to the access afforded to me by large investment banks and their VaR and stress testing models. The reality is that as in any quantitative model and certainly essential in a stress-testing model, qualitative common sense needs to be applied. Two common sense questions should be considered in every asset class and instrument that is part of a scenario test: 1) what is the appropriate distribution to use for the particular instrument/asset class 2) what will the future correlation of that instrument/asset class be with other positions in the portfolio. Most modeling techniques used do not successfully capture these questions whether parametric or non-parametric. However there are certain quantitative techniques that certainly are more appropriate than others, however this needs to be done at the instrument/asset class level not by having a broad technique that is decided at the overall model level. As far as correlation is concerned, my research concludes that for this to accurately predict the future a large amount of qualitative input is required. In fact the answer lies not in correlation at all but in causation.
Brilliant thought provoking writeup.
Hats off.
With Love and Regards
Prof.S.Subramanian
a) different elicitation techniques used depend on the context thereby creating multiple criteria decision-making problem such as risky assumptions and assumptions of risk among criteria, sub-criteria and alternatives, and
b) if the model created is based on rules-based approach, employing discretion at different points can be dangerous since rule-based regime would have to include meta-rules (rules about the rule) to determine which rule or which variant of which rule is to be used. Additionally, the rule would also have to include a rule specifying when the rule should be ignored.
In addition to the 8 ideas highlighted, with the aim of an effective risk discourse, I would like to suggest stakeholder partnership since by bringing together representatives from different stakeholder communities in an inclusive, sustained and indefinite discourse, provides a potentially important means of engaging them in the full cycle of risk governance. However, a key challenge in this is how to establish a practicable yet balanced partnership, which can properly represent the interests and views of large numbers of stakeholders. Barriers to participation which otherwise act to bias involvement also need to be overcome, and issues of legitimacy and accountability addressed, in order to ensure that stakeholder partnership genuinely speaks for their stakeholder communities. Further challenges also occur in enabling fair and open debate within the partnerships, with differing styles of discourse and goal-seeking strategies having to be recognised and accommodated, and collaborative strategies, which seek win-win solutions encouraged. This will address the following :-
a) how can those subjected to risks be properly informed about the risks?
b) how can credibility of risk assessments be assured?
c) how can consent be obtained of those subjected to the risks?
Richard Pike said: