AD 610 MIDTERM REVIEW
I. ORGANIZATIONAL SURVIVAL
a. Response & Resilience
i. Risk management
ii. Business continuity
iii. Emergency management
iv. Change management
b. Strategic Efficacy
i. Market responsiveness
ii. Competitive efficacy
c. System contributors
i. Economic conditions
ii. Political developments
II. TOTAL EXPOSURE MANAGEMENT
a. Risk Management Shield – the goal is to deflect the various threats that are posed by internal and external factors b. Organizational Resilience buffer – goal is to absorb and withstand those shots
c. Change Management – internal to the organization; how the organization chooses to change how it operates; organizational restructuring, deployment of new systems, etc.
d. Overall goal = protect assets: people, physical facilities, financial assets, intellectual property i. Knowledge; you have to have learned how to do it
ii. Agility; flexibility to make necessary changes to functions
iii. Communication; without communication you cannot do anything
III. ORGANIZATION EXPOSURES
a. Known Risks: management goal = impact minimization;
b. Unknown Threats: management goal = vulnerability reduction; If you want to learn more check out What is the ultimate goal of anarchy?
c. Self-Transformation: goal = management benefit maximization;
a. Non-Speculative = prescribed; laws say if you do X, this will be the consequence. Black and white. i. Liability
b. Speculative = we do not know what the consequences will be
i. Risk = estimable
ii. Uncertainty = non-estimable
V. RISK AS OPPORTUNITY OR AS THREAT
a. Upside Risk – beneficial outcome; maximize the potential for growth
i. Upside/strategic risk are synonymous; risk associated with the choices we make for the purpose of realizing gains
AD 610 MIDTERM REVIEW
b. Downside Risk – no potential to gain anything; minimizing the likelihood of loss-generating event i. INTERNAL – managerially controlled (compliance, operational, reputational)
1. Controllable (regulatory, professional, supply chain)
2. Not controllable (financial, market, political, economic, natural, socio-cultural, environmental, technological)
c. Competitive Advantage
VI. KEY RISK NOTIONS
a. Risk type – any risk has to be expressed in terms of these two key notions in order for us to estimate the exposure; one without the other results in an undefined/indeterminate exposure. The two are independent of each other i. Likelihood = chance of occurrence We also discuss several other topics like .which school of jurisprudence is incorrectly matched?
ii. Severity = relative impact
VII. RISK ASSESSMENT
a. Identification – clearly defined risk
b. Estimation – analysis of risk on earnings
c. Mapping – matrix of individual risks categorized in the context of estimated likelihood and severity d. Response
i. Accept – do nothing (based on cost and/or options)
ii. Reduce – mitigation; reduces likelihood and/or severity of specific risk types
iii. Avoid – exiting out of activities that give rise to risks
iv. Transfer – insuring, sharing, or otherwise outsourcing specific risks; market transaction – makes sense for whoever is passing it off, and for whomever is receiving it.
e. Capitalization – virtually all non-zero likelihood risk have capital implications
VIII. AGENCY DILEMMA – do you trust what they do? Force managers to provide more information in more detail more frequently
a. Principal hires an agent; agent performs the task on behalf of the principal; principals need to ensure that the agent is going to make good decisions in terms of the tasks their responsible for We also discuss several other topics like What do these objects tell us about human culture?
IX. Call for ERM We also discuss several other topics like What will the water look like if the container is tilted?
a. Securities (1933) / Securities Exchange (1934) – created transparency in financial statements so investors could make informed decisions about investments, and established laws against misrepresentation and fraudulent activities in securities markets Don't forget about the age old question of Which type of attachment reflect the healthiest caregiver-child relationship?
b. Sarbanes-Oxley Act of 2002 Section 404 – companies are required to publish information in their annual reports concerning the scope and adequacy of internal control structure and procedures for financial reporting c. Creditworthiness scoring – credit ratings for corporate debt; S&P, Moody’s, FitchDon't forget about the age old question of How would you differentiate conditioned stimulus from conditioned response?
AD 610 MIDTERM REVIEW
d. Risk management as a source of firm’s competitive advantage – viewed as an expense that was to be minimized; provide better coverage at a lower cost and maximize your opportunities associated with the upside risk you’ll be better off than your competitors
X. ERM FRAMEWORKS
a. COSO Framework – North American regulatory demands; the composition of it, what goes into it in a very reductive manner in which it breaks everything down into small pieces and one to evaluate piece by piece based on NA regulations
b. ISO 31000 – created to be a worldwide standard; in order for it to be applicable in all 200+ countries in the world it has to be general and vague.
i. Building Blocks:
1. Risk Architecture – specify roles, responsibilities and risk communication
2. Risk Strategy – define risk appetite and philosophy, and develop risk policy
3. Risk Protocol – spell out operational risk guideline to include rules, procedures, tools and
c. Limitations to ERM – it is still very early in its maturity as an academic body of knowledge and applied practice i. Although the term ‘enterprise’ suggests an all-inclusive scope, substantive ERM research has focused predominately on risks with well-defined statistical properties (e.g., accidents, credit risk), which means that ‘soft’ risks (e.g., cultural, innovation) and those that do not lend themselves to mathematical analyses have been overlooked…
ii. Reliance on mathematically complex, obscure methods diminished the utility of risk estimation tools…The Great Recession, credit default swaps and the Gaussian copula function…
iii. ERM acceptance by an organization is not a panacea – for example, the Institute of Internal Auditors praised Countrywide Mortgage as an exemplar of ERM adaption, but a year later Countrywide was in bankruptcy…
d. RISK ESTIMATION: ERM Framework ???? Risk Assessment Approach ???? Knowledge Creation ???? Risk-specific Estimation
e. Facts (past) versus Estimates (future)
f. The Notion of Volatility – dispersion or variability about the average (e.g., mean); degree to which we expect the outcome going forward based on previous facts/events
i. Upside Variance; outcome tends to be above the mean
ii. Downside Variance; outcome tends to be below the mean
g. Probability estimation - an expression of historical (i.e., past) volatility applied to expectations regarding the future (probability and likelihood are synonymous); univariate vs. multivariate
i. Frequentist: historical data is a good representation of events going forward; adequate amounts of data to calculate probability, based strictly on projecting past occurrences into the future
ii. Bayesian: not much historical data available; combines prior events/beliefs with expert opinion to project an estimate of how likely something is to happen into the future
AD 610 MIDTERM REVIEW
XI. RISK PROFILING
a. An organization’s risk profile can be viewed as a bundle of characteristics, some of which represent traits that the organization shares with high risk prototype, while others represent traits that the organization shares with low risk prototype.
b. Competitive advantage: to manage risk is to exploit downside threats as well as upside opportunities in a manner that makes positive contribution to the firm’s competitiveness.
c. Good risk taker – firm’s value increases as a result of its risk management
d. Poor Risk Taker – firm’s value decreases as a result of its risk management
e. Estimate individual risks and then evaluate the exposure in terms of those individual risks by relating them to a meaningful benchmark
XII. THREAT EXPOSURE
a. From the standpoint of competition, an organization-specific exposure to individual threats needs to be evaluated in relation to that organization’s peers.
XIII. LOGIC OF RISK ANALYTICS
a. Estimable risk – meaningful way of estimating the likelihood and severity of the event so we can analyze it
XIV. RISK MAPPING: ERM Framework ???? Risk Assessment Approach ???? Knowledge Creation ???? Risk-Specific Estimation ???? Risk Mapping
a. managing the totality of an organization’s risk exposures
i. SEVERITY (impact) – low/high
ii. RISK (probability) – low/high
iii. Risk Indexing combines