How can you model the impact of potential risks?
It’s important to mimic the potential for event occurrence and impact ranges during model construction through a well-thought-out set of assumptions. For a workers’ comp casualty risk model, distributions and parameters for occurrence and impact can be based on historical events and future exposure trends. For more complex models, or those with less data to rely on, assumptions regarding event sequencing, interdependencies, occurrence and impact need to be carefully vetted to ensure they are providing a good proxy for the system or series of risks under investigation.
Assume an organization wishes to measure the impact of several operational and political risks to understand the potential disruption impact. To do this, the underlying exposure or potential causes of loss (or gain) need to be understood, including natural disasters, sovereign agreements and underlying elements, nationalization, terrorism and expropriation. Next, consider the organization’s specific operations to understand the magnitude of potential gain (or loss); get a sense of how events can occur based on the asset, operations and relationship profile; and understand any operational or event sequence interdependencies.
Finally, information regarding additional occurrence and impact assumptions needs to be incorporated to construct a more appropriate proxy of reality. Potential sources include engineering reports, incident reports, inventory information, supply chain redundancies and political risk information. This may serve as the justification to modify model parameters.
The graph below shows the measurement of a specific set of operational risks for an organization. On the Y axis is an impact scale, shown as the total cost of risk (net retained risk given the mitigation under consideration plus the cost of the mitigation strategy). The X axis is the confidence level. The graph shows the raw impact of risk (red line) and also the net impact given the risk management strategies incorporated measurement in the ‘as-is’ risk profile. This comparison allows organizations to identify alternative risk response strategies that may be better suited than the ‘as-is’ strategy. The blue line represents risk tolerance for the operational risks under investigation. This is a static value derived from the risk appetite measurement and provides a constraint for decision-making for these operational risks. In addition to the quantification output shown, it is also possible to add the key risk to the risk appetite model to see how various treatments of risk can impact enterprise volatility.
Next month: Part three.
Keith DeCoster is managing director of Aon Risk Services. Reach him at (317) 237-2400 or [email protected].