Erm2000

Enterprise
Risk
Management

An Analytic Approach

A Tillinghast – Towers Perrin Monograph

Foreword

B
usiness Risk Management…Holistic Risk Management…Strategic Risk Management…
Enterprise Risk Management. Whatever you choose to call it, the management of risk is
undergoing fundamental change within leading organizations. Worldwide, they are moving away
from the “silo-by-silo” approach to manage risk more comprehensively and coherently.

This heightened interest in Enterprise Risk Management (ERM) has been fueled in part by external
factors. In just the last few years, industry and government regulatory bodies, as well as institutional
investors, have turned to scrutinizing companies’ risk management policies and procedures. In
more and more countries and industries, boards of directors are now required to review and report
on the adequacy of the risk management processes in the organizations they govern.

And internally, company managers are touting the benefits of an enterprise-wide approach to
risk management. These benefits include:

Ⅲ reducing the cost of capital by managing volatility

Ⅲ exploiting natural hedges and portfolio effects

Ⅲ focusing management attention on risks that matter by expressing disparate risks in a
common language

Ⅲ identifying those risks to exploit for competitive advantage

Ⅲ protecting and enhancing shareholder value.

ERM is actually a straightforward process. And, in most cases, the requisite intellectual capital and
business practices needed to carry out ERM already exist within the company. But an accurate,
useful ERM process is based on sound analytics. Without valid measurements, managing risk is
effective and efficient only by chance.

In the following pages, we hope to add analytical rigor to the public discourse on ERM. Drawing
from our client experiences, we offer a rational, scientific approach — one grounded in sound
principles and practical realities.

“Risk,” by definition and by nature, cannot be eliminated. Nor do leading organizations wish it
gone. Rather, they want to manage the factors that influence risk so that they can pursue strategic
advantage. How to identify and manage these factors is the subject of this monograph.

It is our intention to periodically update this document. We would be most interested in readers’
comments and suggestions.

1

Contents

Page

I Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Purpose of this monograph . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Definition and objective of ERM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Motivation for considering ERM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

II Framework for ERM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Assessing risk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Shaping risk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Exploiting risk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Keeping ahead . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

III A Rational Approach to Assessing Risk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Step 1 – Identify risk factors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Step 2 – Prioritize risk factors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Step 3 – Classify risk factors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Recap… and segue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

IV A Scientific Approach to Shaping Risk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Step 1 – Model various risk factors individually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Step 2 – Link risk factors to common financial measures . . . . . . . . . . . . . . . . . . . . . . . . . 17
Step 3 – Set up a portfolio of risk remediation strategies . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Step 4 – Optimize investment across remediation strategies . . . . . . . . . . . . . . . . . . . . . . . 23
Extension to multi-period risk shaping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Recap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

V A Brief Discussion of Exploiting Risk and Keeping Ahead . . . . . . . . . . . . . . 26

VI Implementing ERM in Phases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

VII References and Recommended Reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

VIII Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Appendices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

3

Introduction

Purpose of this monograph Ⅲ exploiting natural hedges and portfolio
Pressure to adopt ERM has increased from both effects
internal and external forces. Although optional
in most cases, a formalized risk management Ⅲ supporting informed decision making
culture and its benefits have gained recognition Ⅲ uncovering areas of high-potential adverse
and have fueled interest in the process. impact on drivers of share value

With this monograph, we intend to add analyti- Ⅲ identifying and exploiting areas of “risk-
cal rigor to the public discourse on ERM by based advantage”
presenting a scientific approach grounded in
sound business principles and practical realities. Ⅲ building investor confidence
Ⅲ establishing a process to stabilize results by
In this document, we will: protecting them from disturbances
Ⅲ define the ERM process Ⅲ demonstrating proactive risk stewardship.
Ⅲ discuss what motivates organizations to
adopt ERM Motivation for considering ERM
Ⅲ describe our conceptual ERM framework External pressures
and outline the process steps Some organizations adopt ERM in response to
Ⅲ detail a comprehensive, analytic approach direct and indirect pressure from corporate gov-
to ERM ernance bodies and institutional investors:

Ⅲ discuss methods by which organizations Ⅲ In Canada, the Dey report, commissioned by
implement ERM. the Toronto Stock Exchange and released in
December 1994, requires companies to report
on the adequacy of internal control. Following
Definition and objective of ERM that, the clarifying report produced by the
We define ERM as follows: Canadian Institute of Chartered Accountants,
“Guidance on Control” (CoCo report,
November 1995), specifies that internal control
ERM is a rigorous approach to assessing and addressing the risks from
should include the processes of risk assessment
all sources that threaten the achievement of an organization’s strategic and risk management. While these reports
objectives. In addition, ERM identifies those risks that represent have not forced Canadian-listed companies to
initiate an ERM process, they do create public
corresponding opportunities to exploit for competitive advantage.
pressure and a strong moral obligation to do
so. In actuality, many companies have
responded by creating ERM processes.
ERM’s objective — to enhance shareholder*
value — is achieved through: Ⅲ In the United Kingdom, the London Stock
Exchange has adopted a set of principles — the
Ⅲ improving capital efficiency
Combined Code — that consolidates previous
Ⅲ providing an objective basis for allocating reports on corporate governance by the
resources Cadbury, Greenbury and Hampel committees.
Ⅲ reducing expenditures on immaterial risks

* In this monograph, the emphasis is on shareholders rather than the broader category of stakeholders (which also includes
customers, suppliers, employees, lenders, communities, etc.). Though some observers prefer to define the scope of ERM to
include the interests of all stakeholders, we believe this is not pragmatic at the current evolutionary state of ERM and would
result in too diffuse a focus. While shareholder value is not directly relevant to some organizations (e.g., privately held and
nonprofit entities), the concepts and approaches developed in this monograph clearly apply to those organizations.
4

This code, effective for all accounting periods nization, leading to setting in place an enter-
ending on or after December 23, 2000 (and prise-wide approach to risk management:
with a lesser requirement for accounting peri-
Ⅲ The report, “Internal Control — An
ods ending on or after December 23, 1999),
Integrated Framework,” produced by the
makes directors responsible for establishing a
Committee of the Sponsoring Organizations
sound system of internal control, reviewing its
of the Treadway Commission (COSO),
effectiveness and reporting their findings to
favors a broad approach to internal control
shareholders. This review should cover all con-
to provide reasonable assurance of the
trols, including operational and compliance
achievement of an entity’s objectives. Issued
controls and risk management. The Turnbull
in September 1992, it was amended in May
Committee issued guidelines in September
1994. While COSO does not require corpo-
1999 regarding the reporting requirement for
rations to report on their process of internal
nonfinancial controls.
control, it does set out a framework for
Ⅲ Australia and New Zealand have a common ERM within an organization.
set of risk management standards. Their 1995
Ⅲ In September 1994, the AICPA produced
standards call for a formalized system of risk
its analysis, “Improving Business Reporting
management and for reporting to the organi-
— A Customer Focus” (the Jenkins
zation’s management on the performance of
report), in which it recommends that
the risk management system. While not bind-
reporting on opportunities and risks be
ing, these standards create a benchmark for
improved to include discussion of all
sound management practices that includes an
risks/opportunities that:
ERM system.
— are current
Ⅲ In Germany, a mandatory bill — the Kon
TraG — became law in 1998. Aimed at giving — are of serious concern
shareholders more information and control, — have an impact on earnings or cash flow
and increasing the accountability of the direc- — are specific or unique
tors, it includes a requirement that the man- — have been identified and considered by
agement board establish supervisory systems management.
for risk management and internal revision. In
The report also recommends moving
addition, it calls for reporting on these systems
toward consistent international reporting
to the supervisory board. Further, auditors
standards, which may include disclosures on
appointed by the supervisory board must
risk as is required in other countries.
examine implementation of risk management
and internal revision.
Institutional investors, such as Calpers, have
Ⅲ In the Netherlands, the Peters report in 1997 begun to push for stronger corporate gover-
made 40 recommendations on corporate gov- nance and to question companies about their
ernance, including a recommendation that the corporate governance procedures — including
management board submit an annual report their management of risk.
to the supervisory board on a corporation’s
objectives, strategy, related risks and control Internal reasons
systems. At present, these recommendations Other organizations simply see ERM as good
are not mandatory. business. For example:
Ⅲ In the U.S., the SEC requires a statement on Ⅲ The Board of Directors at a large utility man-
opportunities and risks for mergers, divesti- dated an integrated approach to risk manage-
tures and acquisitions. It also requires that ment throughout the organization. They
companies describe distinctive characteristics introduced the process in a business unit that
that may have a material impact on future was manageable in size, represented a micro-
financial performance within 10-K and 10-Q cosm of the risks faced by the parent and did
statements. Several factors broaden the not have entrenched risk management sys-
requirement to report on the risks to the orga-

5

tems. This same unit was the focus of the par- Ⅲ The Chairman of the Finance Committee of
ent’s strategy for seeking international growth the Board at a manufacturing company com-
— a strategy that would take the organization plained about reports from Internal Audit that
into unfamiliar territory — and had no estab- repeatedly focused on immaterial risks. His
lished process for managing the attendant concern led to formation of a cross-functional
risks in a comprehensive way. Risk Mitigation Team to identify and report
on processes to deal with risks within an ERM
Ⅲ The CFO of a manufacturing company with
framework. The team now reports directly to
an uninterrupted 40-year history of earnings
the finance committee on a quarterly basis.
growth embarked on ERM. This step fol-
lowed the company’s philosophy of “identify-
These organizations view systematic anticipation
ing and fixing things before they become
of material threats to their strategic plans as inte-
problems.” The movement was spurred by
gral to executing those plans and operating their
the company’s rapid growth, increasing com-
businesses. They seek to eliminate the inefficien-
plexity, expansion into new areas and the
cies built into managing risk within individual
heightened scrutiny that accompanied its
“silos.” And they appreciate that their cost of cap-
recent initial public offering.
ital can be reduced through managing volatility.
Ⅲ A large retail company’s new Treasurer, with
the support of the CFO, wanted to “assess the Some observers argue that investors do not put a
feasibility of taking a broader approach to risk premium on an organization’s attempt to man-
management in developing the organization’s age volatility. These observers maintain that
future strategy.” As part of this effort, she investors can presumably achieve this result more
hoped to “evaluate our hazard risk and finan- efficiently by diversifying the holdings in their
cial risk programs and strategies, to identify own portfolio. They argue further that investors
alternative methods of organizing and manag- do not appreciate, and do not reward, an organi-
ing these exposures on a collective basis.” zation that spends its resources on risk manage-
ment to smooth results on investors’ behalf.
FIGURE 1
Our research into the link between performance
consistency and market valuation, however, indi-
Low-Return Companies High-Return Companies
cates otherwise. We found that consistency of
earnings explains a high degree of difference in
23 share value (specifically, “market value added”)
Market Market
Value Value
15 among companies within an industry. This is
Added Added true even after allowing for other influences
3 4 such as growth and return (see Figure 1 and
Appendix A). Investors assign a higher value,
Low High Low High
Earnings Consistency Earnings Consistency all else equal, to organizations whose earnings
are more consistent than those of their peers.
This clearly reduces the cost of capital for these
Low-Growth Companies High-Growth Companies organizations.
32
In summary, organizations can use ERM to
22 enhance the drivers of share value: growth,
Market Market
Value 13 Value return on capital, consistency of earnings and
Added Added quality of management. ERM can identify and
5 manage serious threats to growth and return
Low High
while identifying risks that represent opportuni-
Low High
Earnings Consistency Earnings Consistency ties to exploit for above-average growth and
return. Achieving earnings consistency is, of
Companies with higher earnings consistency tend to have much higher stock valuations than course, a central goal of ERM. And institutional
their similarly situated competitors. Details and definitions are presented in Appendix A. investors increasingly define management quality
to include enterprise-wide risk stewardship.
6

Framework for ERM
Company information and procedures already Exploiting risk
in place can make the ERM process efficient
This “offensive track” includes analysis, devel-
and effective. Our conceptual framework for
opment and execution of plans to exploit
ERM consists of four elements.
certain risks for competitive advantage.

Assessing risk Keeping ahead
Risk assessment focuses on risk as a threat as
The nature of risk, the environment in which
well as an opportunity. In the case of risk-
it operates, and the organization itself change
as-threat, assessment includes identification,
with time. The situation requires continual
prioritization and classification of risk factors
monitoring and course corrections.
for subsequent “defensive” response. In the
case of risk-as-opportunity, it includes profiling The chapters that follow provide a fuller
risk-based opportunities for subsequent description of the above elements (outlined in
“offensive” treatment. Figure 2).

Shaping risk The larger part of the discussion in this mono-
graph is on the first two elements — risk assess-
This “defensive track” includes risk quantifica-
ment and risk shaping — as these create the
tion/modeling, mitigation and financing.
foundation for the remaining elements.
Accordingly, there will be more focus on the
defensive track of ERM.

FIGURE 2
The Conceptual Approach to ERM

II
Shape Risk
Ⅲ Quantify effects
Ⅲ Mitigate risk
Ⅲ Finance risk
I IV
Assess Risk Keep Ahead
Ⅲ Identify risk factors Ⅲ Monitor change
Ⅲ Prioritize Ⅲ risk factors
Ⅲ Classify Ⅲ environment
Ⅲ Profile risk III Ⅲ organization
opportunities Exploit Risk
Ⅲ Reenter prior steps
Ⅲ Analyze opportunities as necessary
Ⅲ Develop plan
Ⅲ Implement

The conceptual approach to ERM is straightforward.

7

A Rational Approach to Assessing Risk

Overview fore, managing risk, and particularly assessing
risk, requires focusing on its causes rather than
We approach risk assessment believing that
its manifestations.
managing risk effectively requires measuring
risk accurately — and that accurate risk measure-
ment requires well-formulated risk modeling. STEP 1
Such measuring and modeling: Identify risk factors
Ⅲ allow senior management to see a compelling In this initial step, a wide net is cast to capture
demonstration of the “portfolio effect,” i.e., all risk factors that potentially affect achieving
the fact that independent and/or favorably business objectives. Risk factors arise from many
correlated risks tend to offset each other with- sources — financial, operational, political/regu-
out the organization having to invest in latory or hazards. The key characteristic of each
explicit hedges is that it can prevent the organization from
meeting its goals. In fact, if a risk factor does
Ⅲ promote the proper allocation of capital
not have this potential, it is not truly a risk fac-
resources to risks that really matter
tor under an enterprise-wide interpretation of
Ⅲ permit sizing of investments in risk risk. Thus, the first “screen” through which a
remediation candidate risk factor must pass is materiality.
Ⅲ provide an objective framework for systematic
In identifying risk factors, we favor a qualitative
risk monitoring.
approach — gathering material from interviews
Do all risks that face an organization need with experts and reviewing documents. The
modeling? And isn’t model-building on this interviews typically span the organization’s:
scale daunting? Ⅲ Senior management

The answer to the first question is: “No.” Methods Ⅲ Operations management
to prioritize risk factors can screen for those that Ⅲ Corporate staff, including:
require modeling. These methods are qualitative;
Ⅲ Finance Ⅲ Treasury
we focus on these later in this chapter.
Ⅲ Legal Ⅲ Audit
The answer to the second question is: “Not typi-
Ⅲ Strategic Planning Ⅲ Human Resources
cally.” These models often have been built and
exist in some form somewhere in the organiza- Ⅲ Risk Management Ⅲ Safety
tion. This will be the focus of Chapter IV.
Ⅲ Environmental.
Before we discuss the steps in risk assessment,
These interviews solicit informed opinion on:
we should distinguish risks from the risk factors
underlying them. Here we focus on the negative Ⅲ how the business works, and the way compo-
side of risk — as a threat, not as an opportunity. nents of the business — the interviewees’
In this context, risk is the possibility that some- realms of responsibility — mesh
thing will prevent — directly or indirectly — Ⅲ key performance indicators used to manage
the achievement of business objectives. Risk the business and its components
factors are the events or conditions that give rise
to risk. Loss of market share is a risk; lack of Ⅲ tolerable variation in key performance indica-
preparedness for the entry of new competitors tors over relevant time horizons
is a risk factor. Risk is not something that can Ⅲ events or conditions that cause variations
be directly managed or controlled. Risk factors, beyond the risk tolerances, and the probable
however — the causes of risk — can be. There- frequency and possible maximum effect of
these.
8

Often we find it helpful to supplement internal the organization’s key performance indicators.
interviews with interviews among the organi- We also examined the quality of the process, sys-
zation’s external partners, their counterparties tems and cultural controls in place to mitigate
(banks, insurers, brokers), analysts, customers, these factors. At this stage, the information is
and — on occasion — competitors. subjective, but quite sufficient. Now, the objec-
tive is to cull the list of these factors into a man-
We also review the organization’s strategic ageable number for senior management. The
plans, business plans, financial reports, analyst attributes of each factor can be combined in an
reports and risk stewardship reports. overall score that, when combined with subjec-
tive judgment on the timing and duration of the
From all these data and information, a picture financial impact, can be expressed as a “net pre-
emerges of the organization’s: sent value” score. In the example in Figure 3,
Ⅲ corporate culture this “NPV” score is on a scale of 1 (low) to 5
(high). Once scores are assigned, we can sort
Ⅲ objectives the risk factors from low to high and produce a
Ⅲ forms of capital (human, financial, market prioritized list.
and infrastructure)
A team of risk management experts typically
Ⅲ business processes (which convert the capital does this evaluation and scoring. They often col-
into cash flows) laborate with representatives of management. In
Ⅲ control environment addition, we find a follow-up questionnaire or
focus group(s) extremely helpful for cross-vali-
Ⅲ roles and responsibilities
dation purposes. In these, the interviewees view
Ⅲ key performance measures the collective results of the identification step —
the full list of risk factors, the consensus view on
Ⅲ risk tolerance levels
key performance indicators and risk tolerances,
Ⅲ capacity and readiness for change etc. Then, with this richer context and some
Ⅲ preliminary list of risk factors. facilitation, they can prioritize risks. We compare
the results of this exercise with those from the
Importantly, this approach starts with the busi- independent prioritization conducted by the
ness, not a checklist of risks — far different expert team, and the differences are reconciled.
from an audit-type approach. In other words,
this approach goes from the top down and not The number of risk factors that will ultimately
the bottom up. Such an organic method is pass through the prioritization screen is often
strongly preferable because preconceived known before the process begins. Given the
checklists of risk factors are usually incomplete. demands on senior management, expecting
Further, the most crucial risk factors are usually them to concentrate on a dozen or more “top
unique to each organization and its culture. priority” risk factors is unrealistic. Generally, six
This alone makes generic checklists far less rele- or less is manageable, but this depends on the
vant than a business-first approach. organization. Also, natural breakpoints in the
prioritized list and strategic links among the risk
factors can influence the ultimate number. The
STEP 2 short list should, however, contain items deserv-
Prioritize risk factors ing of consideration at the highest levels of the
The resulting list of risk factors (typically several organization — factors that should influence the
dozen long at this stage) is not yet useful or strategic plan and the affected business plans,
actionable, although each factor has passed the alter the day-to-day priorities of business unit
materiality screen. It now requires prioritizing. managers and affect the behavior of the rank
and file.
In Step 1 (Identify risk factors), we compiled
information on each risk factor’s likelihood,
frequency, predictability and potential effect on

9

STEP 3 is described below (see Figure 4). Additional
Classify risk factors refinements can be added as appropriate.
Still, any list of risk factors, however short and
In this scheme, high-priority risk factors are of
prioritized, is a sterile device. Organizing this
two types. One is characterized by the fact that
information to clearly indicate what type of risk-
the environment in which they arise is familiar
shaping action is necessary comes next.
to the organization, and the skills to remedy
We have used several classification schemes in those risk factors are already in-house. However,
our work, some more detailed than others, each for some reason, these risk factors had not been
tailored to the client organization. One general given the attention they deserve. We label these
scheme that may have nearly universal relevance “manageable risk factors.” Other risk factors
arise because the organization enters unfamiliar

FIGURE 3
When Prioritizing Risk Factors...

...subjective scoring is appropriate at this stage
Quality Aggregate
Risk Factors Likelihood Severity of Controls “NPV” Score (1-5)
A. Strategy
Informal planning, process and
communications allow surprises H H L 4.5
Market share and earning objectives
are not aligned H L L 3.0
.
.
.
B. Growth
Infrastructure is increasingly strained,
will be difficult to retain culture and values
with the changes that growth demands H H L 4.5
Increased size creates more opportunity
for mistakes M L M 2.0
.
.
.
C. Company Reputation
Pressure to make numbers may prompt
behavior that will impair company’s
credibility with financial markets M H H 3.5
Adverse publicity (e.g., business practices,
ethics) can affect image across multiple brands L H H 2.5
.
.
.
. . Human Resources
D
.
.
J. Systems
.
.
.

Risk factors can be prioritized using a subjective process.

FIGURE 4
When Classifying Risk Factors...

...use a scheme that implies action
“Manageable” Risk Factors “Strategic” Risk Factors
Ⅲ Known environment Ⅲ Unfamiliar territory
Ⅲ Capabilities and resources on hand to address Ⅲ Capabilities or resources may not be in place
Ⅲ Fell between the cracks? Ⅲ Major change in market or business
Just get on with it Requires allocation of capital or shift in strategic direction

Proper classification clearly implies the appropriate risk-shaping action.
10

business territory (due, perhaps, to a major acqui- The proper response to manageable risk factors
sition, a powerful new competitor or a significant is to “just get on with it” — in other words, deal
change in customer buying patterns), or the with them. The relevant skills already exist; they
organization lacks the skills necessary to respond. just need to be refocused on these high-priority
These are considered “strategic risk factors” and items. Strategic risks, however, require greater
may require significant capital outlay and/or a analysis; this is covered in Chapter IV.
major change in strategic direction.

Manageable risk factors in our experience include:
Recap… and segue
The steps described above are illustrated below
Ⅲ “The R&D division is not keeping pace with (Figure 5). This graphic also illustrates the
the demand for new products.” follow-on steps — the risk-shaping steps — that
Ⅲ “Contingency planning is weak in the critical are the subject of the next chapter. The graphic
production facilities.” demonstrates that not all risk factors need to be
quantified and modeled, nor do all risk factors
Ⅲ “Mid-level employees are dissatisfied with their
need to be financed. Risk factors needing quan-
opportunities for advancement.”
tification are those that pass through the “triple
screen” — they are material, high-priority and
Strategic risk factors we have encountered include:
strategic. Risk factors that need to be financed
Ⅲ “The share value is dependent on continuing pass through the first two screens and cannot be
uninterrupted earnings growth; this growth fully mitigated through other means.
must come from top-line revenue growth; and
opportunities for top-line growth are limited Underlying our approach to risk shaping —
without branching out of the organization’s described in Chapter IV — is the premise that
product line and/or niche market.” modeling, quantifying and formulating the strat-
egy for mitigation and financing can be carried
Ⅲ “Needed infrastructure changes clash with the
out simultaneously.
current success formula and culture.”

FIGURE 5

Assess Risk
Strategic
Risk Factors
Classify
Identify Prioritize
High-Priority
Risk Factors Risk Factors
Risk Factors
Manageable
Risk Factors

Shape Risk

Strategic Model and Risk Factors
Risk Factors Quantify That Can Be
Mitigated
Mitigate

Manageable Residual
Risk Factors Risk Factors

Finance

Triple screening in risk assessment creates efficiency in risk shaping.

11

A Scientific Approach to Shaping Risk

Overview The third step involves developing risk remedi-
ation strategies to be evaluated using the sto-
In this section, we will describe our approach
chastic financial model. This basket of strategies
to shaping risk and provide illustrations of its
represents a portfolio of risk management
application. The approach to risk shaping relies
investment choices. In the final step, the ERM
heavily on Operations Research methods such
budget is allocated optimally across these strate-
as applied probability and statistics, stochastic
gies using portfolio optimization methods. Each
simulation and portfolio optimization. To our
step is described in greater detail below.
knowledge, no organization has implemented
this approach in its entirety as of the date of this
To illustrate this approach, we will introduce a
publication, although we know of several that
hypothetical company (let’s call it HypoCom)
use portions of it in their incremental pursuit of
facing a broad array of strategic risks and show
ERM. (In Chapter VI, we describe how some
how the company would implement this
of these organizations have gotten started.)
approach in shaping these risks. Assume that
HypoCom is a manufacturing company and has
The Four Steps in Our Approach the following profile:
Model Link Risk Develop Optimize Ⅲ Sells its product to retailers in the United States
the Various Sources to Portfolio of Investment
and Europe — with limited competition
Sources of Financial Risk Remediation Across Portfolio
Risk Measures Strategies of Strategies Ⅲ Has production plants in France, Mexico and
Indonesia that deliver products to retailers
through HypoCom’s own distribution network
In the first step, each source of risk is modeled
as a probability distribution, and the correlation Ⅲ Faces the following risks in the next fiscal year:
among the risk sources is determined. These Ⅲ fire at a warehouse
probability distributions are typically expressed
Ⅲ volatility in the price of the raw materials used
in terms of different operational and financial
in the production process
measures. The second step links these disparate
distributions to a common financial measure Ⅲ possible employee union strike at the plant in
(e.g., Free Cash Flow) through a stochastic France
financial model. These two steps represent the Ⅲ possible new competitor entering the market.
bulk of the analytical effort. At this stage, we
have a holistic financial model of the business While a real company, similar to HypoCom,
that can be used to: would face many risks, we have limited their
Ⅲ measure the volatility of the financial number here for the sake of simplicity. Please
metric(s) under current operating conditions note, however, that the risks were selected to
span those that are traditionally considered within
Ⅲ analyze the impact of risk management deci- the domain of risk management (hazard and
sions through “what-if ” scenarios. commodity price risks) and those that are not
(operational and competitor risks).

Again, to keep the example simple, we assume a
one-year time horizon. At the end of this section,
however, we discuss extending these steps to a
more typical multi-period decision horizon.

12

STEP 1 assumptions set by experts. Extending risk
Model various risk factors management to enterprise-wide risks suggests a
individually continuum of methods for developing probabil-
ity distributions. Such a continuum ranges from
Generate probability distributions relying entirely on data to relying on expert
In Chapter III we outlined the approach for testimony.
identifying which risk factors need to be mod-
eled. Each risk factor contains uncertainty about Figure 6 identifies methods for assessing proba-
how, when and to what degree it will manifest bility distributions along this continuum. Readers
itself. This uncertainty is represented as a proba- of this monograph are likely to be familiar with
bility distribution. No one approach for develop- methods based primarily on historical data (left-
ing probability distributions can be used for all most section of Figure 6). Therefore, instead of
the risks that an enterprise faces. describing them, we have included references to
source documents at the end of this monograph.
Risks that fall within the traditional domain of At the opposite end of the continuum, there are
risk management — for instance, insurable risks formal methods developed and used by decision
or risks that can be hedged in the financial and risk analysts to elicit expert testimony for
markets — are typically modeled using statistical assessing uncertainty. We have provided brief
methods that rely on the availability of historical descriptions of some of these in Appendix B. In
data. However, when the domain is extended to the middle of the continuum, stochastic simula-
enterprise-wide risks, it is unlikely that enough tion modeling predominates for combining his-
historical data exist to employ the same methods. torical data and assumptions set through expert
Here, it is more likely that assessment of the testimony. We will use this method to model the
uncertainty will be based entirely on expert tes- risk associated with an employee union strike at
timony. Also, some risk sources will have to be the HypoCom production plant in France.
modeled based on historical data combined with (continued on page 16)

FIGURE 6
Data Analysis Modeling Expert Testimony

Empirically from Stochastic Direct assessment
historical data simulation Influence of relative likelihood
diagrams or fractiles

Assume theoretical
Probability Density Preference
Analytical model
Function and use data among bets or
to get parameters Bayesian
approach lotteries

Regression over Decompose into Delphi method
variables that component risks
affect risk that are easier to
assess

A continuum of methods for developing probability distributions ranges from those relying on data to those that rely on expert
testimony. The positions of the methods identified above suggest which to use depending on the availability of data.

13

several methods exist for in longer lead times to market
HypoCom – developing developing the probability — the time from order place-
distribution. These are: ment to delivery. The strike
probability distributions Ⅲ Use empirical distribution
would then affect HypoCom’s
ability to satisfy orders and
Ⅲ Assume lognormal distribu-
for the four risks tion using the sample mean
lead-time commitments or
expectations; this would result
and standard deviation in a short-term loss of sales

Reisk 1
Fir
Ⅲ Assume a stochastic process
(e.g., jump diffusion) and use
simulation to generate distri-
or possibly market share.

The probability distribution
fire at a plant or ware-
A house can result in direct
and indirect loss of sales vol-
bution of price movement.
for the sales volume loss can
be developed in three steps.
An example of a stochastic First, determine the probability
ume. Direct losses result from distribution for the length of
process is the Schwartz-Smith
destruction of inventory and the strike. It’s quite likely that
two-factor model for the
work in progress. Indirect development of this distribu-
behavior of commodity prices
losses result from a prolonged tion will have to be based
(Schwartz & Smith 1999). The
interruption of production, almost entirely on expert
two-factor approach models
through loss of short-term testimony. As illustrated in
both the uncertainty in the
sales and perhaps through Figure 6, there are several
long-term trend and the short-
loss of market share. These methods for assessing proba-
term deviation from that trend.
risks have been insurable for bilities based on expert testi-
a long time. Reliable methods For the sake of this example, mony: the Delphi method,
exist for measuring the fre- we will assume that HypoCom eliciting preferences among
quency and severity of losses faces a lognormally distributed bets or lotteries, and directly
based on review of historical price with a 2% standard devi- assessing relative likelihood or
data and business interruption ation from the current price. fractiles (see Appendix B for
worksheets. We will assume details on these methods). The
that for HypoCom, the fre- labor relations manager(s) at
quency distribution is negative
binomial and the severity
distribution is lognormal
Ripsyke u3ion strike
Em lo e n
HypoCom can be interviewed
using one of these methods to
An employee strike at the determine the probability dis-
(see references in Chapter VII tribution for the length of the
plant in France results in loss-
for descriptions of these strike. For example, the result
es in sales volume. HypoCom
distributions). may be a triangular distribu-
services its European and U.S.
markets from production at tion as illustrated in Figure 7.

Rliasli ikin2rice of
Vo t ty p
three plants (France, Mexico
and Indonesia). This strike
would result in a temporary
Second, develop a distribution
on lead times conditioned on
raw materials shutdown of the plant in the length of the strike. We
Historical price data for com- France. If the other two plants have developed a discrete-
modities can be obtained from have capacity to increase pro- event stochastic simulation
HypoCom’s own purchase duction quickly enough to sat- model of HypoCom’s distribu-
data or through financial isfy all demand, then there is tion network, using graphical,
markets if the commodity is little risk of loss in sales. But if animated simulation software
traded on a futures exchange. all three plants are already called ProModel®. The simula-
Given the availability of data, running at high utilization (a tion modeled stochastic
more likely scenario), then the arrival of demand based on
loss of one plant would result

14

FIGURE 7 historical data, production distribution with parameters
rates at each of the plants and min. = 0, most likely = 4 mil-
Triangular (0,3,10) the logistics of distribution lion, max. = 10 million.
Probability from the plant to regional dis-
0.25 tribution centers and then to
0.20

0.15
b
retailers. It incorporated a dis-
tribution policy of supplying
Rwsok p4titor
Ne i c m e
those distribution centers with Expert testimony provides the
0.10 the greatest backlog of orders. entire basis for the assess-
0.05 Inputs to this model are typi- ment of uncertainty associated
a c
0.00 0
cally easy to get; in fact, many with a new competitor. This
2 4 6 8 10
organizations already have a process entails interviewing
Duration of strike (days) stochastic supply chain model sales and marketing managers
Triangular probability distribution with parameters minimum, mode and used to optimize the logistics of HypoCom either individual-
maximum (a, b and c, respectively). The expected value is (a+b+c)/3 and of their distribution network.
the standard deviation is (a2 + b2 + c2 – ab – bc – ac)/18. This distribu-
ly or as a group. Any method
tion is used often as a rough model when there is little historical data. The effect of the strike was described in Appendix B could
simulated by shutting produc- be used here.
FIGURE 8 tion at the plant in France and
recording the increase in lead Here we develop a probability
Lead time (days) times. The chart of individual distribution on how new com-
35 lead times in Figure 8 is an petition affects sales volume
30
output from a simulation run. loss. It is helpful to dissect risk
25 events into conditional causal
20 We usually run simulations a events. For HypoCom, the
15 statistically valid number of causal events are illustrated
10 times to attain a high level of in Figure 10.
confidence in the results. An
5
empirical distribution of lead The probability of loss in sales
0
0 10 20 30 40 50 times based on these simulat- volume due to competition,
Time (days) ed data is shown in Figure 9. P(C), can be decomposed into:

The chart shows the impact of a strike on lead times from one of the sim- P(C) = Σi P(Ci | Ri, Ti) P(Ri, Ti)
ulation runs. The strike starts on the 20th day and can last anywhere from Finally, determine the loss in
1 to 10 days, based on the probability distribution in Figure 7. You can sales conditioned on the where i is the product index,
see that the impact of the strike is felt long after the strike is over.
increase in the lead times. P(Ri, Ti) is the joint probability
With information in hand on of an adverse change in regu-
FIGURE 9 the increase in the lead times, lation (Ri) and introduction
Probability the sales and marketing man- of new technology (Ti) and
16% agers at HypoCom would P(Ci | Ri, Ti) is the conditional
assess the effect on sales. One probability of a loss in sales
12 of the probability assessment volume for product i due to
methods for expert testimony new competition. If regulatory
8
described in Appendix B changes and introduction of
4
would be used here. The new technology are not highly
assessment would reflect con- correlated, then P(Ri, Ti) can be
0 tractual agreements with decomposed into the product
0 4 8 12 16 20 24
retailers as well as lead-time of P(Ri) and P(Ti).
Lead time (days)
expectations and the competi-
Discrete probability mass distribution generated from the lead-time tive environment. So the final Instead of assessing P(C)
data in Figure 8. The extended tail toward longer lead times is a con-
sequence of an employee strike. distribution on the decrease in directly, it is easier to ask dif-
the number of sales may be ferent experts to assess the
represented by a triangular
15

FIGURE 10 conditional and joint probabil- sales and marketing man-
ities. Company lobbyists are agers are interviewed to
interviewed to assess the assess the probability of a
Adverse
change in probability of adverse regula- new competitor, given the
regulation tion for a specific product, state of new regulation and
P(Ri), using one of two meth- technology, P(Ci | Ri, Ti). Of
New ods: preference among bets course, experts may be inter-
Product
competitor or judgment of relative likeli- viewed as a group using the
Introduction hood (see Appendix B). Delphi method (see Appendix
of new B) instead of separately. This
technology Managers of the Research process is applied over all
and Development function are products of interest and the
Given the product, the possibility for change in regulation or introduction interviewed to assess the results summed according to
of new technology could influence the loss in sales due to competition.
probability of introduction of the formula indicated above.
new technology, P(Ti). Finally,

Determine correlation among testimony. In some cases, it may be easier to
risk sources develop correlations between risks implicitly by
It is not enough to develop probability distribu- analyzing their correlation with a common link-
tions on individual risk sources. One primary ing variable. This process also ensures that a
benefit of managing risks on an enterprise-wide correlation matrix is internally consistent.
basis is being able to take advantage of natural
hedges and to explicitly reflect correlation among For HypoCom, we would expect a negative
risks. Therefore, it is necessary to develop a correlation between the commodity price
matrix of correlation coefficients among pairs movements and a new competitor entering the
of risks that would be used in the next step to market. If the commodity price increases, it cre-
link the individual risk sources to a common ates a greater barrier to entry into the market
financial measure. for a new competitor and vice versa. However, a
union strike is probably positively correlated
It is unlikely that relevant data will exist to develop with competition. Finally, there may be some
correlation among risks that span an enterprise. slight correlation between a union strike and
Thus, it is likely that this will have to be devel- the incidence of fire.
oped based on professional judgment and expert
It is unlikely that correlations would be deter-
mined with a high degree of precision. Rather,
FIGURE 11
it is more likely that they could be judged in
Commodity Union New
fuzzy terms such as high, medium or low.
Fire Price Strike Competitor These terms suggest some natural ranges for
Fire 1.0 0.0 0.2 0.0
correlation coefficients such as: high correlation
= .70 to .80, medium correlation = .45 to .55,
Commodity
low correlation = .20 to .30. Within these
Price 0.0 1.0 0.0 -0.5
ranges, there should be little sensitivity on the
Union Strike 0.2 0.0 1.0 0.7 results. The inclusion of correlations should
New have a significant impact on the results, but the
Competitor 0.0 -0.5 0.7 1.0 error within these ranges should have little
Correlations among risks are modeled using correlation coefficients
impact. Using these as guides, a Correlation
among risk pairs. For example, the risk due to commodity price fluctua- Coefficient Matrix can be developed for
tions is negatively correlated with a new competitor entering the market. HypoCom as shown in Figure 11.

16

STEP 2 rics. See Figure 12 for an illustration of this. The
Link risk factors to common elements should be broken down to the level of
financial measures the operational and financial measures used for
modeling the individual risks in Step 1.
Select financial metrics
The prior step provides a set of probability distri- Some elements of the FCF model may be sto-
butions representing enterprise-wide risks. Note chastic without consideration of the risks from
that the probability distributions were expressed Step 1. For example, there is some inherent
in terms of different units. We modeled the uncertainty in product demand and price as well
union strike as a probability distribution on lead as cost of goods sold. These measures may fluc-
time and then sales volume. Commodity price tuate based on supply and demand economics.
risk was modeled in terms of the price of raw These inherent uncertainties are included in the
materials. Other risks would be modeled in terms base FCF model. The probability distributions
of the operational and financial measures that from Step 1 are then added to the corresponding
they directly affect. In this step, all these risks are elements of the model. Finally, the Correlation
combined and linked to one financial measure. Coefficient Matrix (from Step 1) is added to
the model to reflect the interaction among the
Managers of different organizations vary in their sources of risk. The resulting stochastic pro forma
preference and propensity for the financial mea- financial model links all the risks to FCF, the
sures by which they manage the business. The financial measure by which the risk remediation
financial measure will also vary depending on the strategies will be evaluated in the next two steps.
objectives and goals of the organization. Above
all, it is important that there is general agree-
Measure current level of enterprise
ment on the financial measure selected. For this
risk before mitigation strategies
document, we will use Free Cash Flow (FCF) to
Before proceeding to risk remediation strategies,
capture the impact of risk on both the income
however, it is worth taking note of the value of
statement and balance sheet.
the model thus far. At this point, we have a
financial model that can be used to determine
Develop a financial model to link the current level of volatility in FCF. This infor-
risks to financial metric mation by itself would be extremely valuable in
Once a financial measure is selected, we can then budgeting and financial planning. This analysis
model the aggregate impact of the sources of risk helps move managers’ thinking away from the
on the financial measure. We can construct a pro one-dimensional certainty of typical budgets and
forma FCF model by decomposing each element toward the range of possible outcomes and man-
in the calculation of FCF into its constituent met- aging probable rather than definite outcomes.
(continued on page 21)

FIGURE 12

Free Cash Flow

Operating Cash Flow Investment

Operating Income SG&A Taxes Working Capital Fixed Assets

Revenue Cost of Goods Sold

Volume Unit Price

Free Cash Flow is decomposed into its elements: Operating Cash Flow and Change in Investment, which are further decomposed. Each element is
broken down into its constituents until all operational and financial measures used for the distributions in Step 1 are isolated.

17

and a correlation of +0.5 Assets to reflect loss of
For HypoCom between price and cost of inventory and the invest-
goods sold before inclusion ment in rebuilding the plant
e developed an FCF of the four risks from Step 1. destroyed by fire. The size of
W model (see Figure 13).
This model includes inherent
The fire risk effect on FCF
this adjustment was a func-
tion of the loss in Volume
was modeled by layering on (i.e., the magnitude of the
uncertainty in volume, price
the probability of loss in loss due to fire). The other
and cost of goods sold. It also
Volume developed in Step 1 risks were incorporated simi-
includes a correlation of -0.7
(see Figure 14A). Also, an larly — as shown in Figures
between volume and price,
adjustment was made to 14B, 14C and 14D.
Working Capital and Fixed (continued on page 20)

FIGURE 13
Stochastic Cash Flow Model
Free Cash Flow
$4,850

$4,072 $778

$9,938 $4,204 $1,663 -$252 $1,031

$23,355 $13,416

Volume Unit Price
$228 $102

Stochastic Free Cash Flow for HypoCom. Volume, Unit Price and Cost of Goods Sold are represented as random variables with specified probability
distributions and correlations.

Risk profiles are linked...
FIGURE 14A

Probability Distribution of Free Cash Flows
12%
10%
Probability

8%
6%
4%
2%
0%
413.40

426.48

439.58

452.64

465.72

478.80

491.88

504.96

518.04

531.12

Free Cash Flow



Fire Risk
Volume Unit Price Probability Distribution of
Economic Loss Due to Fire Risk
10%
8%
Probability

6%
4%
2%
0%
120.84

146.84

172.85

198.85

224.86

250.86
16.82

42.83

68.83

94.84

The probability distribution for fire risk is linked to FCF through its effect on sales volume, working capital and fixed assets.

18

Risk profiles are linked... (cont’d)
FIGURE 14B

12%
10%

Probability
8%
6%
4%
2%
0%

413.40

426.48

439.58

452.64

465.72

478.80

491.88

504.96

518.04

531.12
Free Cash Flow



Financial Risk
Price Volatility
10%
8%

Probability
6%
4%
2%
0%

6.42

6.75

7.09

7.42

7.75

8.09
5.09

5.42

5.75

6.09
The probability distribution for commodity price risk is linked to FCF through its effect on cost of goods sold.

FIGURE 14C

12%
10%
Probability

8%
6%
4%
2%
0%
413.40

426.48

439.58

452.64

465.72

478.80

491.88

504.96

518.04

531.12
Free Cash Flow



Union Strike
Lead Time to Market Due to Strike
10%
8%
Probability

6%
4%
2%
0%
10.29
7.91

8.39

8.86

9.34

9.81
6.02

6.49

6.97

7.44

The probability distribution for risk due to a union strike is linked to FCF through its effect on sales volume and cost of goods sold.

19

Risk profiles are linked... (cont’d)
FIGURE 14D

12%
10%

Probability
8%
6%
4%
2%
0%

413.40

426.48

439.58

452.64

465.72

478.80

491.88

504.96

518.04

531.12
Free Cash Flow



New Competitor
Market Share Lost Due to New Entrant
10%
8%

Probability
6%
4%
2%
0%

0.209

0.243

0.277

0.311

0.345

0.379

0.413

0.447

0.481

0.515
The probability distribution for new competitor risk is linked to FCF through its effect on sales volume and unit price.

The size of the FCF model
FIGURE 15
and the number of risks
Volatility of FCF modeled for HypoCom were
kept small to simplify
Probability
describing our approach.
7%
This way, we could con-
6
struct this model in MS
5 Excel™ and run simulations
4 using @RISK™ software.
However, in practice, mod-
3
els are built using special-
2
ized, industrial simulation
1 and optimization software.
0% The aggregate impact of all
2,000 3,000 4,000 5,000 6,000 7,000
four risks on FCF is shown
Free Cash Flow ($M)
as a probability distribution
Volatility of Free Cash Flow for HypoCom. This reflects the aggregate impact of all four risks in Figure 15.
without inclusion of any remediation strategies.

20

STEP 3 Ⅲ Reduce the tail of the distribution on the
Set up a portfolio of risk down side, i.e., reduce the worst-case sce-
remediation strategies nario of Cash Flow-at-Risk (CFaR). This is a
Value-at-Risk (VaR) type measure that is
The steps in the analysis thus far have pro-
commonly used in financial risk manage-
duced information on the current level of risk
ment. For FCF, this means increasing the
for Free Cash Flow or any other financial mea-
5th percentile FCF so that there is less than
sure selected for this analysis. Steps 3 and 4
5% probability of FCF falling below some
outline a course of action to mitigate the cur-
threshold value.
rent level of risk based on management’s risk
preferences. In Step 3, a portfolio of risk reme-
Each risk remediation strategy will affect the
diation strategies is developed as follows.
probability distribution of FCF in at least one
of the three ways enumerated above. Thus, the
Identify risk remediation measure by which the strategies should be eval-
strategies uated will be a function of these three mea-
With a measure of riskiness of the FCF estab- sures — described in greater detail in Step 4.
lished, we can now determine how to reduce
this risk. We can consult domain experts on The FCF model from Step 3 measures the
strategies for mitigating each source of risk. effect of each combination of strategies on the
This is a collaborative brainstorming effort distribution of FCF. Simulations are run for
among internal and external experts on the each possible portfolio or combination of
topic. Strategies are not restricted to financial strategies and the resulting probability distribu-
remediation through insurance or financial tion of FCF is recorded for use in the next step.
derivatives; in fact, for many business risks, it
may be impossible to find either insurance or a Keep in mind that remediation strategies
hedge in the financial markets. All the risk focused on mitigating the effect of one risk
remediation strategies together constitute a source may create a new source(s) of risk. For
portfolio of investment choices. To determine example, hedging in the financial markets may
the optimal allocation of investment, the cost create counterparty risks. These unintended
and benefit of each combination of strategies sources of risks should be incorporated into the
must be calculated. financial model if they are deemed significant.

Model effect of each strategy There is typically a cost associated with imple-
on financial metric menting each strategy, which can be measured
Each strategy aims to shape the risk on FCF directly. The cost may vary depending on the
to suit the risk preferences of management and degree to which the strategy is undertaken. For
shareholders. Shaping the risk means altering example, various levels of insurance can be pur-
the shape of the probability distribution for chased, each with a different premium.
FCF. At least three meaningful ways exist to
shape the probability distribution:
Ⅲ Shift the first moment of the distribution,
i.e., increase the expected value of FCF.
Ⅲ Shift the second moment of the distribution,
i.e., decrease the deviations from the expect-
ed value of FCF.

21

Like most manufacturing three alternative strategies
For HypoCom companies, HypoCom’s dis- each for mitigating fire risk,
tribution centers and plants commodity price risk and
optimize their inventory and union strike risk. Loss of sales
trategies for mitigating
S each risk appear in
Figure 16. Note that for risks
production policies to mini-
mize cost. However, the
due to new competition has
only two possible strategies
company did this without in our illustration. (Note that
falling in the traditional
considering the impact of a in each case, one of the alter-
domain of risk management
union strike. As noted above, natives is a default “do noth-
— namely, fire risk and com-
one alternative is to build up ing” strategy.)
modity price volatility — the
inventory beyond optimal
strategies are also conven- Altogether, there are 54 (3 x 3
levels; this would certainly
tional, i.e., insurance and x 3 x 2) possible combina-
mitigate the strike’s impact.
financial hedging, respective- tions or portfolio strategies.
If there is no strike, however,
ly. For mitigating the risk due Each of the 54 possible port-
the buildup of inventory
to a union strike, however, folios was evaluated by run-
beyond optimal levels creates
there are several alternatives: ning simulations using the
a holding cost that can be cal-
Ⅲ build up inventory culated directly. FCF model and recording the
resulting probability distribu-
Ⅲ contract with third parties
Similarly, each strategy alter- tion on FCF. The cost/benefit
to provide a supply of
native listed in Figure 16 has information for each portfolio
products
a cost that can be measured produced in this step will be
Ⅲ satisfy some or all union directly. The benefit of each used in the next step to deter-
demands. strategy is determined mine the optimal portfolio.
through simulations using
the FCF model. There are

FIGURE 16

Classification of Remediation Strategies
Hedge in Mitigate Through
Insure Financial Markets Business Activity
Fire Ⅲ Full range of loss
Ⅲ Catastrophic loss
Commodity Price Ⅲ Upside hedge Ⅲ Acquire supplier
Volatility Ⅲ Full hedge of commodity

Union Strike Ⅲ Build up inventory
Ⅲ Contract with third
parties for product
New Competitor Ⅲ Reduce price

Portfolio of risk remediation strategy alternatives for HypoCom. For each risk, there is also the default strategy of “do nothing.”

22

STEP 4 The weightings would reflect the risk prefer-
Optimize investment across ences of the decision-makers (who may be rep-
remediation strategies resenting shareholder interest).
This step takes the results from the prior steps
An alternative is to use expected utility of FCF
to determine the optimal allocation of invest-
as the objective function. First, a utility function
ment to the risk management portfolio. To do
must be developed that captures management’s
this, we must formulate the decision as a port-
risk preferences for FCF. Development of a
folio optimization problem and solve it using
utility function is well documented in standard
optimization technology. The following will
texts on decision analysis, two of which are
describe how to formulate and solve this port-
included in the References (von Winterfeldt &
folio optimization problem.
Edwards 1986, Clemen 1996). The utility
function is applied to the distribution of FCF
Identify optimization objective(s) to produce a distribution of utility or utiles.
To compare portfolios of different combinations The expected value of this distribution is the
of strategies for risk remediation, first determine expected utility. The relative preferences over
the criteria for the comparison. In optimization the three measures of risk used in the prior
terms, this is called the objective function. method are captured in the shape of the utility
function. One advantage of this method is that
As indicated in Step 3, the risk remediation strate-
it easily extends to a multi-period objective
gies alter risk in at least three meaningful ways:
using multi-attribute utility theory. This is
Ⅲ increase the expected value of FCF explained further in a later section on multi-
period risk management.
Ⅲ decrease the deviation from the expected
value of FCF
Either method can be used to develop the
Ⅲ increase the 5th percentile of FCF distribution objective function of the portfolio optimization
(CFaR) so that there is less than 5% probability problem. The objective is to find the portfolio
of FCF falling below some threshold value. of strategies that maximizes this function.

Therefore, one possibility is to use a weighted Note that this method recognizes that manage-
combination of these three measures as the ment teams often differ in their risk preferences.
objective function for comparing portfolios. We know that some companies are more
aggressive than others in taking on strategic
risks as a way of competing. Thus, the objective
FIGURE 17

Insure Hedge in Mitigate Through Total
Financial Markets Business Activity

Fire 35% 35%

Objective Increase in 10% 10%
Commodity Price

Union Strike 25% Build up inventory 30%
5% Contract with third
parties
New Competitor 25% Reduce price 25%
Total Expenditure/Investment
in Risk Remediation
Total 35% 10% 55% 100%

The efficient frontier is a plot of all the portfolios that maximize the objective function given a fixed level of total risk remediation investment. Each point
represents a unique allocation of the investment across the portfolio of strategies.

23

must be tailored to the unique risk preferences Develop an efficient frontier
of the management team. of remediation strategies
The portfolio optimization problem as formu-
Identify constraints lated above can be solved using optimization
to optimization technology. Given a constraint on the size of
Optimization may include some constraints on the risk management budget, the optimization
the optimum portfolio of strategies. A typical algorithms will determine the allocation of this
constraint may be a limit on the cost of imple- budget to the alternative strategies that maxi-
menting the portfolio of risk management mizes the objective function. This process can
strategies. There may also be constraints on the be repeated for varying levels of risk manage-
minimum/maximum level of insurance pur- ment budget. Plotting the results with the level
chased, use of financial hedging, and/or the of the risk management budget on the x-axis
level of risk mitigated through business activity. and the maximum value of the objective func-
Constraints on the downside risks to FCF may tion on the y-axis produces a graph of the effi-
also be preferred. The constraints narrow the cient frontier. The efficient frontier represents
range of portfolios over which the objective all the portfolios of strategies that constitute
function is maximized. Therefore, constraints the optimal allocation of the risk management
have the effect of lowering the maximum value budget (see Figure 17).
of the objective function.

The objective function was Each of the 54 simulation
For HypoCom based on a weighted com- runs produced a probability
bination of the three risk distribution of FCF. The
measures as follows: objective function value was
s mentioned at the end
A of Step 3, all 54 possible
portfolios of strategies were
.40 * Expected FCF
determined by applying the
above formula to each of the
+ .30 * Length of 90% confi- runs. The results were plot-
simulated and the probability
dence range of FCF ted as an efficient frontier
distribution of FCF was
+ .30 * Value of FCF that has (see Figure 18 ).
recorded. This information
was then used to develop the less than 5% proba-
objective function and the bility of occurring.
efficient frontier.

FIGURE 18
Value of Objective Function

2,500

2,250

2,000

1,750

1,500
0 200 400 600 800
Risk management cost ($M)
Efficient frontier for HypoCom. Connecting all the points on top edge of the plot
will produce an efficient frontier. Each point on the efficient frontier represents an
optimum portfolio of strategies given the risk management cost. Portfolio points
24 within the efficient frontier are suboptimal and should not be chosen.

Extension to multi-period time horizon. The weights applied to each year’s
risk shaping expected utility can be determined by applying
methods based on multi-attribute utility theory.
Although the approach described above was based
Furthermore, budget constraints may vary over
on a one-year decision horizon, in practice, most
time.
companies prefer a multi-year optimization analysis
due to the strategic nature of this allocation. For- In the multi-year time horizon, the output of the
tunately, the method easily extends to a multi-year analysis is a path of risk remediation investments
model. over the time horizon rather than separate opti-
mum portfolios and efficient frontiers — as in the
In essence, all model variables and parameters are
single-year case. Dynamic programming deter-
indexed by time (e.g., years). Thus, in Step 1, the
mines the optimum path of investments in risk
probability distributions are developed for each
remediation strategies.
time period in the investment horizon. Similarly,
linking individual risks to a common financial mea-
sure involves indexing the probability distribution Recap
of FCF by year. Thus, the riskiness of FCF may In summary, the four-step analytical process for
vary from year to year. managing risk across an enterprise includes:

The evolution of risk over time is typically modeled Ⅲ quantifying each risk source by applying the
using a scenario generation system. A scenario gen- appropriate tool and method for developing a
erator uses stochastic differential equations (SDEs) probability distribution
to generate thousands of possible paths that a Ⅲ linking all the risk sources to a common financial
variable may follow over time. An SDE typically metric
expresses a change in the value of a variable (e.g.,
interest rate) over a small time period as the sum of Ⅲ developing a portfolio of strategies to mitigate
a predictable change and an unpredictable change. each risk
The predictable change is typically a deterministic Ⅲ selecting the optimal portfolio of strategies.
function of the current value of the variable, but
can also be a function of other variables with which The first two steps represent the bulk of the analyti-
there is correlation. The unpredictable effect is rep- cal effort and provide crucial information on the
resented as a random variable with a specified underlying dynamics of the enterprise. Different
probability distribution. An SDE is used iteratively tools and methods (see Figure 6) for probability
to produce a scenario of how a variable can change assessment will quantify the risk source and develop
over time. Typically, the scenario generator will correlation among risk sources, depending on the
model several correlated variables together to relative availability of relevant data and domain
develop scenarios that are internally consistent. experts. Aggregating these risks by linking them to
These scenarios are then fed into a financial model a common financial metric provides an assessment
to develop stochastic forecasts of financial metrics of the overall risk to the enterprise and provides a
over time. (Please refer to Section VII, “References method for determining the relative contribution of
and Recommended Reading,” for papers and texts each risk source to the overall risk. Examination of
that describe scenario generation and stochastic the results of these two steps provides valuable
differential equations.) insight into the business dynamics of the enterprise.

The risk remediation strategies in Step 3 may The last two steps are necessary to determine the
involve phased implementation of the strategy or optimal total expenditure for risk management
there may be a time lag between incurring the cost and the most efficient allocation of that capital.
for a strategy and its impact on the volatility of Optimization also reflects constraints imposed by
cash flow. In particular, the time lag may extend exogenous factors — the timing of expenditures,
to more than a year. level of insurance, level of financial hedging and
value-at-risk. In combination, the four-step analyti-
Finally, in Step 4, the objective function based on cal process lays a firm foundation for management
expected utility can be extended to a weighted decision making with respect to ERM.
sum of the expected utility for each year in the
25

A Brief Discussion of Exploiting Risk
and Keeping Ahead
Risk has two faces. This monograph has A robust ERM assessment process will be alert
focused on risk as a threat. But risk also repre- to both faces of risk and will form the organiza-
sents an opportunity. In fact, organizations rou- tion’s strategic response accordingly.
tinely pursue risk for the chance of increased
reward. Companies achieve competitive advan- In the dynamic risk environment, change is
tage by correctly identifying which risks the constant. It occurs in the organization’s under-
organization can pursue better than its peers. lying risk factors, in the economic, political/
regulatory and competitive landscapes within
This advantage can arise in at least two ways which the organization operates, and in the
(see Figure 19). The first relates to the nature organization itself (e.g., its business objectives,
of the risk itself. Certain risks, due to their pre- the skill sets of its managers and key employees,
dictability and/or effect on company financials, and even its makeup after such events as down-
provide more of a risk to your competition sizing, divestitures, mergers and acquisitions).
than to your own organization. For example, Continual monitoring of this risk environment
currency translation risk is less of a concern to is therefore crucial if the organization’s ERM
the organization whose distribution of cost of program, however successful to date, is to
goods sold by country is similar to its distribu- remain relevant. Depending on the nature and
tion of revenue by country. The second way degree of these inevitable changes, farseeing
risk advantage arises relates to the organiza- management reenters the ERM process at the
tion’s understanding of the risk and its capabil- appropriate step(s). Not surprisingly, several
ities to respond. For example, the oil company organizations make ERM an integral part of
that, due to its hiring and training practices, their business and strategic planning processes.
has developed industry-leading capabilities in
commodity risk analysis, can market these
capabilities through a separate profit center.

FIGURE 19

If You Understand Risk, It Can Be a Competitive Advantage

Two scenarios
Is the risk more dangerous Can we manage the risk
to competitors? better than competitors?

Them
High No Them
Them
Have the
Impact? capabilities to Them
Them handle it?
Us
Low Yes Them
Us

High Low Yes No
Predictability? Understand the risk?

ERM includes identifying those risks that represent areas of competitive advantage.

26

Implementing ERM in Phases

Implementing ERM is clearly a challenge. Most have integrated products. Still others begin by
organizations have therefore “started small,” measuring and modeling virtually all sources of
undertaking the implementation in discrete, risk, regardless of their priority and the current
manageable phases. availability of risk financing products.

We can view ERM in three dimensions (see While some of these approaches may appear more
Figure 20). The first represents the range of prudent than others, it is wise to reserve judg-
company operations. Some organizations have ment. We believe no single best approach to ERM
started small by piloting ERM in one, or a small implementation exists that is appropriate for all
number, of their business units or locations, for organizations. Leading companies successfully
real-time fine-tuning and eventual rollout to the employ a number of different phased approaches.
entire enterprise. The second dimension repre- The nature and sequence of these phases depend
sents the sources of risk (hazard, financial, opera- on the culture, strategic imperatives and manage-
tional, etc.). Some organizations confine the initial ment style of the organization. However, it is cer-
scope of their ERM to a selected subset of these tain that for every organization a phased approach
risk sources, for example, property catastrophe of some sort will be more successful than attempt-
risk and currency risk. Eventually, all sources of ing to do too much, too soon.
risk would be layered in, in sequential fashion.
Regardless of their starting point, many organi-
The third dimension represents the types of risk zations include in their implementation plans
management activities or processes (risk identifi- the attempt to ingrain ERM into their cultures
cation, risk measurement, risk financing, etc.). through communication, education, training and
Some organizations confine their initial vision to incentive programs. In some cases, these are
the identification and prioritization of enterprise- coordinated in an extensive formal change man-
wide risks, with subsequent activities dependent agement process to help impose the new order
on the results. Others begin by fashioning an of things and achieve sustainable results. Clearly,
integrated risk financing program around a sub- to be successful, ERM needs to be more than a
set of risk sources; these depend on the risk technique — and needs to be embraced by more
sources for which their financial service providers than just management. These issues will be
explored further in our subsequent publications.
FIGURE 20
The Universe of ERM Is Quite Large...
It spans three dimensions Scope of Operations

Business Business Business Region A Region B Region ...
Unit 1 Unit 2 Unit ...

Risk Source
Hazard Risks
Financial Risks
...
Risk Financing
Political Risks
Risk Mitigation
Operational Risks
Risk Qualification Risk Management
... Processes
Risk Assessment

The scope of ERM is quite large. Organizations have variously “started small” by phasing in their implementation along
one or more of ERM’s three dimensions.
27

References and Recommended Reading

General risk management Schwartz, Eduardo & Smith, James E. (1999).
Bernstein, Peter L. (1996). Against the Gods: Short-Term Variations and Long-Term
The Remarkable Story of Risk. John Wiley & Dynamics in Commodity Prices. Duke
Sons. University, Fuqua School of Business.

Knight, Rory F. & Pretty, Deborah J. (1998). Simulation and optimization
The Impact of Catastrophes on Shareholder
Bazaraa, Mokhtar S., Sherali, Hanif D. &
Value. The Oxford Executive Research
Shetty, C. M. (1993). Nonlinear Programming,
Briefings. A Research Report Sponsored by
Theory and Algorithms. 2nd edition. John
Sedgwick Group.
Wiley & Sons, Inc.

Probability assessment and Fourer, R., Gay, D. M. & Kernighan, B. W.
utility theory (1993). AMPL, A Modeling Language for
Clemen, Robert T. (1996). Making Hard Mathematical Programming. Duxbury Press
Decisions. 2nd edition. Duxbury Press. (includes disk with AMPL and optimization
solvers).
Linstone, H. A. & Turoff, M. (1975). The
Delphi Method: Techniques and Applications. Hillier, Frederick S. & Lieberman, Gerald J.
Addison-Wesley Publishing Company Inc. (1986). Introduction to Operations Research.
4th edition. Holden-Day, Inc., Oakland,
Oliver, R. M. & Smith, J. Q. (1990). Influence California; Cambridge: Cambridge University
Diagrams, Belief Nets, and Decision Analysis Press.
(Wiley Series in Probability and Mathematical
Statistics). John Wiley & Sons. Nelson, Barry L. (1995). Stochastic Modeling:
Analysis & Simulation. McGraw-Hill, Inc.
von Winterfeldt, D. & Edwards, W. (1986).
Decision Analysis and Behavioral Research. Simulation and optimization
Cambridge: Cambridge University Press. software
@RISK and @RiskOptimizer, MS Excel add-in
Scenario generation and for simulation and optimization, developed by
stochastic differential equations Palisade Corp., Newfield, New York.
Merton, Robert C. (1992). Continuous-Time
Finance. 2nd edition. Blackwell Publishers, Inc. Fourer, R., Gay, D. M. & Kernighan, B. W.
(1993). AMPL, A Modeling Language for
Mulvey, John M. (1996). “Generating Mathematical Programming. Duxbury Press
Scenarios for the Towers Perrin Investment (includes disk with AMPL and optimization
System.” Interfaces, An International Journal solvers).
of INFORMS. March-April 1996, Vol. 26,
Number 2. Global CAP:Link, scenario generator for
macroeconomic variables worldwide (such as
Neftci, Salih N. (1996). An Introduction To interest rates, exchange rates and major asset
The Mathematics of Financial Derivatives. classes), developed by Tillinghast – Towers
Academic Press. Perrin, New York.

Service Model, discrete-event stochastic simu-
lation software, developed by Promodel Corp,
Orem, Utah.

28

Acknowledgments

The authors wish to acknowledge the invalu- We also extend our heartfelt appreciation to
able assistance of their colleagues: the following individuals who constituted our
Editorial Review Board:
Ⅲ Robert Schneier and David Watkins,
who shared their expertise and ideas on strat- Ⅲ Stephen D’Arcy, Professor of Finance,
egy, organization and corporate culture — University of Illinois
and their connection to ERM
Ⅲ William Fealey, Executive Director,
Ⅲ Andrew Berry and Julian Phillips, Corporate Risk Management, Estée Lauder
who contributed the corporate governance Companies, Inc.
research
Ⅲ Felix Kloman, Editor & Publisher, Risk
Ⅲ Peter Watson and Brian Merkley, who Management Reports
analyzed the linkage between performance
Ⅲ André-Richard Marcil, Director,
consistency and share value
Control and Integrated Risk Management,
Ⅲ Kathleen Waslov, who contributed infor- Hydro Quebec
mation on probability assessment methods
Ⅲ Robert Markman, Vice President, Risk
based on expert testimony
Management, United Parcel Service
Ⅲ Ravin Jesuthasan and Emory Todd,
Ⅲ John Mulvey, Professor of Engineering &
who contributed to the development of the
Management Systems, Princeton University.
stochastic financial model
Ⅲ Anne McKneally, who helped edit the This monograph was immeasurably improved
text. by the generous contributions of these individ-
uals. Any errors that readers may find remain
the sole responsibility of the authors.

29

Appendix The Value of Consistency
A Ⅲ Earnings consistency typically explains 25%
of annual change in share price
Ⅲ Primarily affects premium over “warranted”
multiple. Example (from the Integrated
Petroleum Industry):

Low-Return Companies High-Return Companies

23
Market Market
15
Value Value
Added Added
3 4

Low High Low High
Earnings Consistency Earnings Consistency

Low-Growth Companies High-Growth Companies
32

Market Market 22
Value 13 Value
Added Added
5

Low High Low High
Earnings Consistency Earnings Consistency

The market reacts to perceptions of how well risk is handled.

Source: Towers Perrin consistency analysis of selected industries
(see following background information).

30

Background Information on Towers Perrin
Consistency Analysis

Overview approach to avoid biases caused by point-to-
Consistency analysis empirically estimates point methodology, and average returns on
whether companies with more consistent earn- capital over the measurement window (typical-
ings receive a premium market valuation relative ly 10 years). To measure the market premium,
to peers. Since many other factors — in addition we employ a standardized market value-added
to earnings consistency — shape market valua- metric since it properly distinguishes between
tions, we use a series of basic analytic steps to the capital that investors have placed in the
attempt to control for the influence of other business and the market value added to this
factors (e.g., earnings growth and return on capital.
capital) and isolate a consistency premium or
Unlike market-to-book ratios, standardized
discount. We use a relatively simple control
market value added also captures the dollar
process since (1) we find that more complicated
growth in the value premium over time. Since
methods introduce other sources of “noise”
the measure is standardized (indexed), it can
into the process and (2) consistency premiums
be meaningfully compared across companies.
are fairly robust across many industry groups
Finally, Valueline’s earnings predictability score
and emerge readily with relatively simple con-
(0%-100%) is used as the measure of earnings
trol techniques.
consistency.
A general description of the control process is
We then calculate a median growth rate and
provided below. For specific definitions and
return on capital for the peers and break the
data sources used in the analysis, please see the
sample into “high growth” (growth ≥ median)
Methodology section that follows.
and “low growth” (growth < median) and
high-return (return ≥ median) and low-return
Basic methodology (return < median) subsets.
In performing consistency analysis, Towers
Perrin’s first step is to identify a relevant indus- The process is repeated one more time by cal-
try peer sample for a given company. Using an culating the median earnings predictability
industry peer group helps filter out the effect of score for each of the four subsets and then fur-
common industry factors (e.g., commodity ther breaking each subset into a high earnings
price movements, regulatory risk) on market consistency (earnings predictability ≥ subset
valuations. We typically use published industry median) and low earnings consistency (earn-
groupings provided by Valueline or Standard & ings predictability < subset median). A total of
Poor’s. eight subsets results from both steps.

Next, we create a data set including a market Finally, an average market premium (standard-
premium measure, earnings growth rate, return ized market value added) is calculated for each
on capital and earnings consistency for each of the eight subsets, and the results are sum-
peer. We employ historical growth rates and marized in bar chart form.
returns as surrogates for the future growth rates
and returns that drive valuations. We calculate
growth rates, using a least squares (regression)

31

Towers Perrin Consistency Analysis
Methodology
Data Sources “Earnings Consistency”
Ⅲ Compustat PC Plus database Ⅲ Definition

Ⅲ Valueline Investment Survey (earnings Ⅲ Valueline Earnings Predictability score as
consistency only) reported in Valueline Investment survey
Ⅲ Formula
Performance Metric Definitions Ⅲ Valueline earnings predictability scoring
“Return on Capital” based on stability of year-to-year compar-
Ⅲ Definition isons, with recent years being weighted
more heavily than earlier ones. The earnings
Ⅲ 10-year (1989-98) average Return on stability is derived from the standard devia-
Capital Employed (ROCE) tion of the percentage changes in quarterly
Ⅲ Formula earnings over an eight-year period. Special
adjustments are made for comparisons
Ⅲ (Income before Extraordinary Items + around zero and from plus to minus.
Special items) (Beginning Stockholders’
Equity + Beginning Total Debt) “Market Premium”
Ⅲ Definition
Ⅲ Perform same calculation for 10 years and
take average Ⅲ 1998 Standardized Market Value Added
(MVA) based on 1988 ending invested
Ⅲ Comment
capital base
Ⅲ Simplified return on invested capital
Ⅲ Formula
definition (provides some adjustment for
restructuring charges and other one-offs Ⅲ Std MVA = MVA % Capital x Indexed
but makes simplifying assumption that Capital = (M/C - 1) x Indexed Capital
special items receive no tax deduction)
Ⅲ M/C = (Stock price * Common shares out-
Ⅲ Note: Compustat does not report after-tax standing + Preferred stock + Total
special items debt)/(Shareholders’ equity + Total debt)
— All data reflect year-end 1998
“Earnings Growth”
Ⅲ Definition Ⅲ Indexed Capital = (1998 Shareholders’
equity + 1998 Total debt)/(1988
Ⅲ 10-year (1989-98) least-squares EBIT Shareholders’ equity + 1988 Total debt)
growth rate
Ⅲ Comment
Ⅲ Formula
Ⅲ MVA captures value of growth (unlike
Ⅲ Regress log adjusted operating income M/B ratio) since it is measured in dollars.
after depreciation against time to deter- Standardizing MVA (by indexing every
mine growth rate company’s capital to same base year) cor-
Ⅲ Comment rects size bias of measure (so big companies
with lots of capital but low M/C don’t
Ⅲ Growth rate based on regression more
dominate smaller companies with higher
accurate than CAGR (which is biased by
M/C).
endpoints)

32

Appendix Probability Assessment Methods
B Based on Expert Testimony
Approaches to modeling risk methods from the other two categories). The
To model risk, it is necessary to understand the choice of method depends significantly on the
nature of risk itself. Risk arises from the fact amount and type of historical data that are
that actual future results could differ from available. The methods also require varying
expected or projected results, often materially; analytical skills and experience. Each method
one does not know with certainty what will has advantages and disadvantages over the
happen in the future. In projecting into the other methods, so it is important to match the
future, one must consider a range of potential method to the facts and circumstances of the
outcomes from a given event. Risk assessment particular risk type.
aims to evaluate both the impact (financial,
Building a probability distribution of outcomes
reputational, etc.) of each outcome and the
for each risk type is the first stage in developing
likelihood or probability of each outcome
an entire risk profile for the organization. In
occurring. The process develops a probability
financial terms, each of these distributions
distribution that captures the impact and likeli-
needs to be combined with the others — taking
hood of given risk types or events.
into account correlations among risk types —
There is a continuum of methods for develop- and applied to the organization’s financial
ing probability distributions. These methods value tree to develop a unique probability dis-
can be grouped into three principal categories: tribution of future financial results for that
data analysis approaches, expert testimony and organization.
modeling (whose methods are often hybrids of

Data Analysis Modeling Expert Testimony

Empirically from Stochastic Direct assessment
historical data simulation Influence of relative likelihood
diagrams or fractiles

Assume theoretical
Probability Density Preference
Analytical model
Function and use data among bets or
to get parameters Bayesian
approach lotteries

Regression over Decompose into Delphi method
variables that component risks
affect risk that are easier to
assess

33

Estimating probabilities The payoffs for the bet, amounts $x and $y,
through expert testimony are adjusted until the expert is indifferent to
taking a position on either side of the bet. At
Probability distributions for events for which
this point, the expected values for each side of
there is sparse data can be estimated through
the bet are equal in the expert’s opinion.
expert testimony. A naive method for assess-
Therefore,
ing probabilities is to ask the expert, e.g.,
“What is the probability that a new competi- $x P(C) - $y (1-P(C)) = - $x P(C) + $y (1-P(C))
tor will enter the market?” However, the
expert may have difficulty answering direct where P(C) is the probability of a new com-
questions and the answers may not be reliable. petitor entering the market. Solving this equal-
ity for P(C):
Behavioral scientists have learned from exten-
sive research that the naive method can pro- P(C) = $y/($x + $y)
duce unreliable results due to heuristics and
biases. For example, individuals tend to esti- For example, if the expert is indifferent to
mate higher probabilities for events that can taking a position on either side of the following
be easily recalled or imagined. Individuals bet:
also tend to anchor their assessments on
some obvious or convenient number resulting Win $900 if a competitor enters the market
in distributions that are too narrow. (See
Lose $100 if no new competition
Clemen 1996 and von Winterfeldt &
Edwards 1986 in the list of references for fur- then the estimated subjective probability of a
ther examples.) Decision and risk analysts have new competitor entering the market is
developed several methods for accounting for $100/($100 + $900) = 0.10.
these biases. Several of these methods are
described below. Judgments of relative likelihood
This method involves asking the expert to pro-
Preference among bets vide information on the likelihood of an event
Probabilities are determined by asking the relative to a reference lottery. The expert is
expert to choose which side is preferred on a asked to indicate whether the probability of
bet on the underlying events. To avoid issues of the event occurring is more likely, less likely
risk aversion, the amounts wagered should not or equally likely compared to a lottery with
be too large. For example, a choice is offered known probabilities. Typically, a spinning
between the following bet and its opposite: wheel (a software implementation of the bet-
ting wheels in casinos) is used on which a por-
tion of the wheel is colored to represent the
Bet Opposite Side of Bet event occurring. The relative size of the col-
ored portion is specified. The expert is asked to
Win $x if a competitor enters Lose $x if a competitor enters
the market the market indicate whether the event is more, less or
equally likely to occur than the pointer landing
Lose $y if no new competition Win $y if no new competition on the colored area if the wheel was spun fairly.
The colored area is reduced or increased as
necessary depending on the answers until the
expert indicates that the two events are equally
likely. This method is often used with subjects
who are naive about probability assessments.

34

Decomposition to aid The probability of a new competitor, P(C) can
probability assessment be estimated, using a Bayesian approach. The
approach uses Bayes’ Rule, which is a formal,
Often, decomposing an event into conditional
optimal equation for the revision of probabili-
causal events helps experts assess risk of com-
ties in light of new evidence contained in con-
plex systems. The structure of the conditional
ditional or causal probabilities.
causal events can be represented by an influ-
ence diagram. Influence diagrams illustrate the P(C) = Σi P(Ci | Ri, Ti ) P(Ri, Ti)
interdependencies between known events
(inputs), scenarios and uncertainties (interme- where i is a product index, P(Ri, Ti) is the
diate variables) and an event of interest (out- joint probability of an adverse change in regu-
put). An influence diagram model comprises lation and introduction of new technology, and
risk nodes representing the uncertain condi- P(Ci | Ri, Ti) is the conditional probability of a
tions surrounding an event or outcome. new competitor entering a market for product
Relationships among nodes are indicated by i. This formula is useful when assessing the
connecting arrows, referred to as arcs of influ- conditional probabilities P(Ci | Ri, Ti) and is
ence. The graphical display of risks and their easier than a direct calculation of P(C).
relationships to process components and out-
comes facilitates visualization of the impacts of Several different experts may be asked to assess
external uncertainties. the conditional and joint probabilities. For
example, one expert (or group of experts) may
While this approach increases the number of assess the probability of adverse regulation for
probability assessments, it also allows input a specific product, another expert may assess
from multiple experts or specialists and helps probability of introduction of new technology,
combine empirical data with subjective data. and yet a third may assess the probability of a
For example, a new competitor entering the new competitor given the state of new regula-
market may be decomposed using an influence tion and technology.
diagram such as this one:

The Delphi technique
Scientists at the Rand Institute developed the
Adverse “Delphi process” in the 1950s for forecasting
change in future military scenarios. Since then it has been
regulation
used as a generic strategy for developing con-
sensus and making group decisions, and can be
New
Product used to assess probabilities from a group of
competitor
individuals. This process structures group com-
Introduction munication and usually involves anonymity of
of new responses, feedback to the group as collective
technology views, and the opportunity for any respondent
to modify an earlier judgment. The Delphi
process leader poses a series of questions to a
group; the answers are tabulated, and the
results are used to form the basis for the next
round. Through several iterations, the process
synthesizes the responses, resulting in a con-
sensus that reflects the participants’ combined
intuition, experience and expert knowledge.

35

The Delphi technique can be used to explore Ⅲ To increase consistency, experts should be
or expose underlying assumptions or informa- asked to assess both the probability of an
tion leading to differing judgments and to cor- event and separately the probability of the
relate informed judgments on a topic spanning complement of the event. The two should
a wide range of disciplines. It is useful for always add up to 1.0; however, in practice
problems that can benefit from subjective they seldom do without repeated application
judgments on a collective basis. of the assessment method.
Ⅲ The events must be defined clearly to elimi-
Pitfalls and biases nate ambiguity. “What is the probability of a
Estimating subjective probabilities is never as new competitor entering the market?” is not
straightforward as implied in the description of unambiguous. “What is the probability that a
the methods above. There are several pitfalls new competitor will take more than 5% mar-
and biases to be aware of: ket share of product A in the next two
years?” more clearly defines the event.
Ⅲ None of the methods works extremely well
by itself. Typically, multiple techniques must Ⅲ When assessing probabilities for rare events,
be used. it is generally better to assess odds. Odds of
event E is [P(E)/P(complement of E)].

The Authors
Jerry Miccolis, a risk management consultant and consulting actuary with Tillinghast – Towers
Perrin in its Parsippany, New Jersey office, has 20 years of consulting experience. He is a principal
of Towers Perrin and is architect of several of Towers Perrin’s multidisciplinary service offerings,
including workers compensation cost management, strategic risk financing and enterprise risk
management. He has served in a number of practice leadership positions, including practice leader
for the worldwide risk management practice. He is a widely quoted speaker and author on risk man-
agement issues. A Fellow of the Casualty Actuarial Society (CAS) and a Member of the American
Academy of Actuaries, Mr. Miccolis has served both groups on a number of professional commit-
tees, chairing several, and sitting on the Actuarial Standards Board. Mr. Miccolis also has authored
and reviewed/refereed professional papers in actuarial literature and has served as an editor of CAS
and Towers Perrin publications. He holds a B.S. degree in mathematics from Drexel University.

Samir Shah, a managing consultant with Towers Perrin’s Strategy and Organization practice in
the Washington, D.C. office, has over 15 years of consulting experience. He has provided a wide
range of services to clients, including risk management, workforce planning, organizational design,
process improvement and actuarial. He specializes in the application of Operations Research
methods, such as computer-based simulation and optimization, to management decision making.
Mr. Shah is a Fellow of the Society of Actuaries and holds an M.S. degree in Industrial Engineering
and Management Sciences from Northwestern University. He is currently pursuing a Ph.D. in
Operations Research with applications to Enterprise Risk Management at Northwestern. He is a
member of the International Association of Financial Engineers, the Institute for Operations
Research and Management Sciences, and the American Academy of Actuaries.

36

About Tillinghast – Towers Perrin

Tillinghast – Towers Perrin is a global firm that provides management and actuarial
consulting to the insurance and financial services industries as well as risk management
consulting to the public and private sectors. Tillinghast – Towers Perrin is part of Towers Perrin,
one of the world’s largest management consulting firms, with more than 8,000 employees and
80 offices in 23 countries.

If you would like to discuss specific aspects of this monograph in greater detail, or to explore
the implications for your company, please contact:
Mr. Jerry Miccolis Mr. Samir Shah
Principal Managing Consultant
Tillinghast – Towers Perrin Tillinghast – Towers Perrin
Morris Corporate Center II 1001 19th Street North
Building F Suite 1500
One Upper Pond Road Rosslyn, VA 22209-1722
Parsippany, NJ 07054-1050
Direct dial: 703-351-4875
Direct dial: 973-331-3524 Fax: 703-351-4848
Fax: 973-331-3576 E-mail: shahsa@towers.com
E-mail: miccolj@towers.com

Argentina The Netherlands Other Towers
Buenos Aires Amsterdam Perrin Locations
Auckland
Australia Singapore Austin
Melbourne Bern
Sydney South Africa Bristol
Cape Town Brussels
Bermuda Calgary
South Korea Canberra
Brazil Seoul Charlotte
Rio de Janeiro Chesapeake, Va.
São Paulo Spain Cincinnati
Madrid Cleveland
Canada Houston
Montreal Sweden Johannesburg
Toronto Stockholm
Los Angeles
Memphis
China Switzerland
Miami
Hong Kong Geneva
Milwaukee
Zurich
Mississauga
France
United Kingdom Phoenix
Paris
London Pittsburgh
Germany Providence
Cologne United States Rotterdam
Frankfurt Atlanta St. Albans
Boston San Antonio
Italy Chicago San Diego
Milan Dallas São Paulo
Denver Seattle
Japan Detroit Tampa
Tokyo Hartford Valhalla, N.Y.
Indianapolis Vancouver
Malaysia Irvine, Calif. Voorhees, N.J.
Kuala Lumpur Jacksonville Wellington
Minneapolis
Mexico New York
Mexico City Parsippany, N.J.
Philadelphia
St. Louis
San Francisco
Stamford
Washington, D.C.

Internet: www.tillinghast.com

© 1/2000 Towers Perrin

Erm2000

More Related Content

Similar to Erm2000 (20)

Erm2000