Cpcu 500

SECTION 8.
OPTIMIZING RISK FOR

STRATEGIC ADVANTAGE
Topic 18. Strategic Risk and Management

Topic 19. Applying Strategic Risk Management
125
Section 8. Optimizing Risk for Strategic Advantage

Reference: CPCU 500 Online 1st edition, Assignment 8. Module 1,
18.a.
Put simply, strategic risks are any factors that could affect the business. They
include the upside and downside associated not only with a business strategy
itself but also with the implementation of a strategy. Strategic risks can be
created and affected by external factors such as economic conditions,
consumer demand, or government regulations, or by internal factors such as
an organization’s structure, culture, or processes. Because strategic risks may
have far reaching rami cations that can alter the course of an organization's
future, illustrating their importance can be an effective tool in convincing
decision makers of the value of a holistic risk management program.
People often confuse strategic risk with operational risk, but here’s a good
way to distinguish the two: With operational risks, the focus is often on
making sure that things (whether they are products or processes) are done
right; with strategic risks, the focus is on doing the right things and making
the right decisions to ensure the organization achieves its strategic goals.
126
fi
2
18.b. Strategic Risk Factors

Strategic risks are often associated with external factors that are beyond a
single organization’s control, such as shifts in consumer demand, changes in
regulations, nancial crises, in ation, changes in the labor market, competitive
pressures, societal shifts, politics, and international trade agreements or
restrictions. However, strategic risks can also arise from internal factors such
as business decisions, business policies and processes, hiring practices,
resource allocation, culture, and stakeholder pressure.
1. Competition An electronics manufacturer signi cantly changes the

and innovation operating system used in its devices (cell phones,
risk tablets, computers, and so on) in an attempt to
differentiate its products from the competition.
2. Liquidity and A restaurant chain decides to build and open two new
nancial risk locations in the same city using its own capital.
3. Acquisition A large insurance company acquires an innovative
and economic software company, thinking that the acquisition will
risk help it analyze claims data to better predict risk and
price insurance policies.
4. Marketing risk A clothing retailer agrees to market and sell a line of
clothing from a new, unknown fashion designer.
5. Foreign An automotive manufacturer decides to introduce an
economic risk expensive sport utility vehicle (SUV) to a new foreign
market.
6. Procurement A steel fabricator switches from its long-time supplier
risk of raw materials to a new, up-and-coming supplier
that promises lower prices and faster delivery.
7. Regulatory A pharmaceutical company launches a new
risk medication in several foreign markets simultaneously.
127
fi
fi
fl
fi
18.c. Assessing Strategic Ris

With strategic risk, the goal isn’t to eliminate negative risks and/or their
consequences; it’s to use information about strategic risks to make holistically
informed decisions that optimize the risk-reward ratio. This can be dif cult
because strategic risk is the most intangible and abstract of the four risk
quadrants. Therefore, it’s more dif cult to put a dollar value on a strategic risk
than it is a hazard, operational, or nancial risk. Still, it’s important to attempt
to measure the amount of negative risk and/or opportunity associated with a
business decision. The metrics used to quantify strategic risk include these:
Economic The amount of capital required by an organization to

capital ensure solvency at a given probability level, such as
99 percent, based on the fair value of its assets minus
the fair value of its liabilities.
Risk-adjusted A measure of the return on investment after
return on capital accounting for risk. Often used as a measure of
(RAROC) pro tability, RAROC is calculated by taking the total
return on an asset or initiative, subtracting taxes, and
dividing it by its economic capital.
Shareholder A measure of pro tability after funding costs are
value added considered. It’s often used to measure a corporation’s
worth to shareholders, and it can be an indicator of
management effectiveness.
Two metrics that play a big role in assessing strategic risks are risk appetite
and risk threshold. Risk appetite represents how much risk the organization
wants to take on. It’s essentially a target. Meanwhile, risk threshold represents
the total range of uncertainty the organization is able to accept.
128
fi
fi
k
fi
fi
fi
18.d. Strategic Management

Strategic management de nes the organization’s strategies. All business
decisions carry some risk, but an effective strategic management process
drives an organization to make decisions that have an optimal risk-reward
ratio. Strategic management is the responsibility of senior-level executives,
who make strategic decisions based on input from the board of directors. The
strategic management process includes ve interdependent stages:
developing short- and long-term goals, analyzing internal and external
environments, formulating strategies, implementing the strategies, and
evaluating the strategies. This section will examine each of these stages.
Developing Before determining speci c short- and long-term goals,

Goals senior-level executives must establish the
organization’s vision statement and mission statement.
Analyzing Internal and external issues that could positively or
Environments negatively affect the organization’s ability to achieve its
goals must be examined.
Formulating Factors this team should consider when developing a
Strategies long-term strategy include changes needed to
implement the strategy, cost (including the cost of
delaying or diverting resources from other projects to
pursue the strategy), overall return on investment, risks
involved, and risk appetite.
Implementing Strategy implementation, also called execution, is the
Strategies process of making strategies work. This stage is more
dif cult to complete and requires more time than the
strategy formulation stage.
Evaluating The accomplishment of senior-level goals may be
Strategies derailed by unexpected circumstances. Strategy
evaluation, also called strategic control, involves
monitoring progress toward goals and follows these
three steps: (1) Establish performance standards and
measurements (usually completed during the strategy
implementation stage) (2) Compare actual results with
established standards (3) Identify and implement
corrective actions when goals are not being met
129
fi
fi
fi
fi
18.e. SWOT, PESTLE, and Porter’s Five Forces Analysis

In a SWOT analysis, strengths can be paired with opportunities to identify
areas of competitive advantage, and weaknesses can be paired with threats to
identify risks that should be avoided. This analysis helps construct a
framework for a high-level strategic plan.
Similarly, a PESTLE analysis (political, economic, sociological, technological,
legal, and environmental) can be used to analyze an organization’s external
environment to identify opportunities and threats—and a SWOT analysis can
be used to take a deeper dive into each of the six PESTLE categories.
Porter’s Five Forces Analysis is another example of the many methods that
risk professionals use to assess success factors. It focuses on ve forces within
an organization’s competitive environment to analyze how successful an
organization, product, or service might be. It’s often used to identify
opportunities or threats within a SWOT.
Rivalry Among Existing Firms

Threat of New Entrants
The Five
Bargaining Powers of Buyers
Forces Model
Threat of Substitute Products, or Services
Bargaining Power of Suppliers
130
fi
18.1. Question: Strategic Risk and Management
1. Strategic risk is the most intangible and abstract of the four risk
quadrants.
2. The goal is to use information about strategic risks to make informed
decisions that optimize the risk-reward ratio.
3. During Analyzing Environments stages of the strategic management
process would an organization use methods such as Porter's Five Forces
Analysis and PESTLE Analysis.
4. Porter's Five Forces analysis methods concentrates on an organization's
competitive environment.
5. Strategic risk can be created and affected by external factors or internal
factors. Resource allocation is considered an internal factor.
6. Clark's Electronics is considering launching new technology for the
medical industry. Before investing major resources in the project, the
company decided to perform a SWOT analysis. The fact that there are new
medical industry regulations pending would fall under Threats of a SWOT
analysis.
7. The four SWOT headings are strengths, weaknesses, threats and
Opportunities.
8. Taylor owns Paoli Hardware, a mid-sized hardware store with 25
employees. Paoli Hardware has won best local hardware store 3 years in a
row. Taylor would like to expand operations and has undertaken a SWOT
analysis.
131
9. His most dedicated customers are generally over 40 years old and
engaged in small house projects, but his biggest revenue generator continues
to be the sale of lumber. He would like to obtain more commercial customers
and increase lumber sales. One of the major complaints Taylor hears from his
customers is the dif culty nding local contractors. So, he is considering hiring
a general contractor at the store who would also make house calls to assist
customers. This will allow him to bill for labor and increase the sale of his
products, but he is concerned it may increase his insurance claims and
premiums. One of the younger store employees suggested they create a
website to expand sales to on-line purchases and target electronic
advertisements to commercial accounts. Taylor is not sure that he has the
expertise to maintain a website and run the store. The employee claims to
know a company that can maintain a website for Paoli at minimal cost. Taylor
believes the website is a good idea and will increase sales of lumber. To
protect Paoli from increases in the cost of lumber, Taylor is considering a
forward contract with the lumber yard. When Taylor completes his SWOT
analysis, Strength of the SWOT analysis will he place reputation. Technological
advancements could Taylor’s SWOT analysis consider an opportunity or a
threat, or both an opportunity and a threat. The suppliers bargaining power
to drive prices up, affected by Paoli’s ability to negotiate a forward contract
with a lumber supplier. If Taylor completed a PESTLE analysis instead of a
SWOT analysis, the PESTLE analysis would include Increase in competition
132
fi
fi

19.a. Risk and Strategy

To maximize performance, executives need to understand how to account
for strategic risks as they formulate strategies. If management fails to do so, it
will have to deal with risks as they come to fruition—when it may be too late
to minimize their consequences or fully capitalize on their opportunities.
Strategic risks are a necessary part of doing business. An organization can deal
with them either after consequences have occurred (downstream) or before, as
the organization develops its business strategies (upstream).
Tackling strategic risks upstream by incorporating them into the strategic
management process helps prevent negative consequences. It also helps
senior executives make business decisions that offer the greatest potential
risk-reward trade-off and best help the organization meet its goals.
133
4
19.b. Incorporating Risk Into Strategy

When a business doesn’t consider risks while forming its business strategy,
it runs the risk of having to be too reactionary downstream, rather than being
able to proactively explore risks and proper treatment options before
resources are dedicated elsewhere. Having a plan in place to deal with risks
early will signi cantly lower the chances that negative risks will harm the
organization. It also increases the chances that the business will be able to
fully exploit opportunities.
The rst component of incorporating risk into an organization’s strategic
decisions involves the strategic management process, when an organization
analyzes its internal and external environments. A SWOT and a PESTLE
analysis can be linked together, and each may reveal similar opportunities and
threats.
The second component is assessing the risks associated with the strategic
plans senior executives are considering to meet organizational goals.
Techniques an organization can use to assess risks as they develop strategic
plans include a scenario analysis and strategy map.
The third component is determining the organization’s risk threshold, risk
appetite, key risk indicators (KRIs), and treatment trigger levels for identi ed
risks.
In addition to KRIs, organizations also use key performance indicators (KPIs)
to inform their strategies. The difference between them is that KPIs measure
an organization’s progress toward achieving its goals, while KRIs measure
risks and volatility that can affect whether those goals can be achieved—KPIs
measure what has occurred rather than predicting the future, while KRIs are
predictive. KRIs help an organization maintain a level of risk within its de ned
risk appetite. Thresholds de ne the boundaries of risk appetite. KRIs indicate
when the thresholds are, or are about to be, breached. Treatment trigger levels
indicate when an organization must take corrective action to prevent risk-
appetite thresholds from being breached.
134
fi
fi
fi
fi
fi
19.c. Meeting Strategic Goals

The nal component is to decide which strategies the organization will use
to meet its goals. This includes planning how to avoid, exploit, or manage risks
associated with those strategies. For example, if an organization decides to
enter a foreign market, risk management should be applied to the strategy to
plan for hazard, political, exchange rate, and other risks.
What this does is merge what are often two separate discussions—about
broad goals/strategies and risk-treatment prioritization—into the same
process so that they aren’t each conducted in their own silo. By combining the
two, they can be used to in uence each other and enable the organization to
determine where capital, employees, and other resources should be allocated
to produce the best possible returns.
Even when strategic risks are properly integrated into the strategy-
formation process, it’s important that an organization remain alert to
emerging risks when executing a new strategy. For example, if an organization
is planning to acquire another company and either that company's nancial
results or the market in general changes, the organization may want to cancel,
pause, or revise its plan.
19.d. Strategic Management Process

When properly applied to the overall strategic management process,
strategic risk management identi es, assesses, and manages risks that could
affect the formulation and execution of organizational strategies. As a result,
knowing how to implement strategic risk management is key to making and
executing business decisions that maximize bene ts for the organization.
Risk tolerance, risk capacity, and risk appetite are closely related and often
confused with one another. Risk tolerance and risk capacity are often used
interchangeably. They represent the same thing: the total amount of risk an
organization can accept. Risk appetite, on the other hand, represents the
amount of risk the organization is willing to (or wants to) accept.
135
fi
fl
fi
fi
fi
19.e. Risk Appetite and Risk Tolerance

When formulating strategic decisions, an organization’s senior executives
should identify and articulate risk appetites. Risk appetites can be de ned
both quantitatively and qualitatively. Quantitative measures may include
nancial targets, while qualitative measures may include things such as
reputation and management/workforce capabilities.
An organization’s risk tolerance is closely related to its risk appetite. Think
of risk appetite as the amount of risk the organization wants to accept to
achieve a goal. Risk tolerance is broader than that; it’s the total amount of risk
the organization can accept.
Unlike risk appetite, risk tolerance is always stated in quantitative terms.
Risk tolerance levels have high-end thresholds, low-end thresholds, or both. A
zero-risk tolerance level typically results in risk-based decisions that are very
rigid. For example, if an organization has a zero-risk tolerance level for cost
overruns on a product development project, it may make achieving a
successful product more dif cult.
An organization’s risk appetite rests between the high-end and low-end risk
tolerance thresholds. This area also contains high-end and low-end appetite
thresholds as well as treatment trigger levels to indicate when a corrective
action must be taken to prevent the risk appetite thresholds from being
breached.
136
fi
fi
fi
19.f. Risk Assessment

After senior executives determine the organization’s strategic goals, risk
tolerance, and risk appetite, they need to determine possible strategies that
will achieve the goals and yet fall within the risk tolerance and appetite. This
should include a scenario analysis based on current trends as well as an
assessment of the risks associated with each scenario.
Here’s an approach that can help an organization assess strategic risks: (1)
List risks that could affect (positively or negatively) a proposed decision or
activity. (2) Use a risk map to assess the likelihood and potential consequences
for each risk. (3) Identify the ve highest-priority risks.
19.g. Risk Contro

After an organization has developed and implemented its strategic plan, it
will need processes and procedures in place for controlling risks at various
levels and ensuring that risks stay within its risk tolerance and risk appetite.
A control process like this promotes consistency in risk-taking and risk-
avoidance activities at all levels. Without controls that direct managers and
employees to determine which risks are worth taking and how to balance risk
levels through smart decision making and effective risk treatments, an
organization could nd itself assuming too much risk or unacceptable types of
risks.
Control measures are typically designed around a framework structured to
facilitate understanding, communication, and appropriate action. Control
measures should be implemented at all levels of the organization and include
reporting systems structured to allow senior management to determine
whether goals are being met.
137
fi
l
fi
19.1. Question: Applying Strategic Risk Management
1. The strategic management process can be applied to any type of

organization, including business, not-for-pro t organizations, and government
entities.
2. After an organization develops and implements its strategic plan, it needs
to determine how risk taking will be controlled. A factor in strategic decision
making is whether an organization has an advantage in controlling risk with a
given activity.
3. When assessing strategic risk, Risk appetite represents the amount of risk
an organization is willing to take on in order to achieve an anticipated result
or return.
4. Strategy development is an important element of the strategic
management process. Strategies should re ect an understanding of the
business, including its identity, customers, and purpose.
5. Risk tolerance levels can have high-end thresholds, low-end thresholds,
or both.
6. Risk appetite is an important component of strategic risk management
(SRM). Regulatory conditions, political risks, and anti-trust or other legal
concerns can reduce an organization’s risk appetite.
7. Hi-Tech Phones has been working on two new models of their agship
smart phone. The Research and Development department has been working
on a touch-based phone and a voice-activated phone. A risk map is a tool that
could be used to assess the risks of developing and marketing either or both
of these phones.
8. Widget Manufacturing board of directors recently adopted a zero-risk
tolerance for work place accidents. Initially the chief risk of cer thought this
was a great idea, however, he has found it very hard to implement. One reason
that a zero-risk tolerance policy is hard to implement is because zero-risk
tolerance Will typically result in risk-based decisions that are too rigid and
counter-productive.
9. A company's management team is preparing to conduct a SWOT analysis
as part of its strategic management process. Will this organization's current
business strategies still allow it to achieve its goals, or is a change required?
can the management team expect to answer as a result of the SWOT analysis.
138
fl
fi
fi
fl
SECTION 9. BREAKING DOWN RISK
MODELING
Topic 20. Probability Analysis

Topic 21. Value at Risk and Trend Analysis
139
Section 9. Breaking Down Risk Modeling

20.a. Nature of Probabilit

The probability of an event is the relative frequency that is expected to
occur in the long term in a stable environment. Any probability can be
expressed as a fraction, percentage, or decimal. Theoretical probabilities are
always constant under conditions where the ideal physical environment is
maintained. Empirical probabilities are estimated based on actual experience,
and the accuracy varies depending on the size of the sample and the
representation of the population. Insurance professionals are mainly dealing
with empirical probabilities that are based on past accident data and can
change as new data is added.
(1) For example, the odds of a dice throwing 1 are expressed as 1/6 or
16.667% or 0.1668. Theoretically, if you throw the dice six times, it comes out
once, and if you throw it 60 times, it comes out ten times. The reason for
expressing it as "relative frequency" is because it expressed how many times it
was thrown and how many times it came out.
(2) For example, theoretical probabilities are throwing dice in an ideal
environment that you can imagine mathematically. Empirical probabilities are
actually calculated by throwing dice. It depends on the material of the dice,
the slope of the oor, and the skill of the dice thrower. The empirical
probabilities are usually closer to theoretical probabilities as the number of
throws increases and more ideal environments are given.
(3) In the test, it is the empirical probability, which is used when historical
data or actual experience is mentioned, or when estimating the speci c cause
of loss that may actually occur. Theoretical probability is the answer to
throwing dice and coins. There are many cases where the precondition of ideal
environment is not mentioned. However, you should answer the empirical
probability if you read the material of the die or coin, the state of the oor, and
the actual number of throws.
140
fl
y
fi
fl
20.b. Law of Large Numbers

Law of large numbers is a mathematical principle, and if the number of
trials is large enough, the empirical probability is close to the theoretical
probability, so that past results can predict the future more accurately.
However, in order for the law of large numbers to be established, the
environment must be suf ciently similar and the events must be independent.
The term independent events means that the rst event does not affect the
next event.
The probability analysis in the risk management is based on the assumption
that patterns of past losses will continue in the future, subject to a suf ciently
large amount of historical data, a suf ciently similar operating environment,
and independent events.
With the application of the law of large numbers, events must meet the
following three conditions to enable accurate forecasts of future events. First,
it should have occurred in a similar environment and unchanging, basic causal
forces in the past. Secondly, a suf ciently similar environment should be
maintained in the future. Third, both the past and the future must occur
independently one another and suf ciently large numbers.
(1) A simple example of the Law of large numbers is that if you throw a
dice six times, the odds are not exactly 1/6, but if you throw 60,000 times, the
odds are close to 1/7.
(2) It is not independent events, for example, a free throw of basketball or a
penalty kick of football. The change of athlete 's psychology affects the next
events.
(3) What can be gained through the law of large numbers is that the
accuracy of predictions increases. It is a misleading statement to describe the
fact that a large number of historical data have been acquired, describing that
more events occur in the future. A large number of historical data can only
predict future events more accurately.
141
fi
fi
fi
fi
fi
fi
20.c. Probability Distributio

A properly constructed probability distribution is a summary of the
probability of possible outcomes, which can be expressed in charts, charts, and
graphs. The common characteristic of outcomes of both theoretical and
empirical probabilities is that they are mutually exclusive and collectively
exhaustive.
Discrete probability distributions consist of a nite number of possible
outcomes. The results of throwing a die are all limited to six, and numbers
such as 1.5 or 2.8 are not allowed. Continuous probability distributions consist
of an unlimited number of possible outcomes. Students can have a height
equal to 175.32cm. There are unlimited numbers between 175 and 176cm.
Therefore, in risk management, discrete probability distributions are mainly
used for frequency analysis, and continuous probability distributions are
mainly used for severity analysis. The type of cause of loss in a particular
industry is limited, so use discrete probability distributions to see how often a
cause of loss occurs (loss frequency). Since the dollar loss amounts are
unlimited numbers, we use continuous probability distributions to determine
how much loss occurs (loss severity).
Continuous probability distributions are represented graphically as follows.
The possible outcomes are displayed on the x-axis, and the likelihood of those
outcomes are displayed on the y-axis. The height of the line or curve above
the outcome means the likelihood of that outcome. The sum of possible
probabilities is 100%, so the sum of the areas under the line or curve is 100%.
The line or curve itself is called probability density functions.
142
n
fi
The cumulative probability distribution is only a cumulative plot of the

continuous probability distribution. The values on the y axis cumulatively
represent the sum of individual probabilities for each outcome. Because the
cumulative probability for each loss amount can be seen at a glance, risk
managers use it to determine the effect of various deductible and policy limits
when purchasing insurance.
(1) For example, the outcomes (called random variables) that can be cast
from a die are 1, 2, 3, 4, 5, 6 and each probability is 1/7. By plotting the
possible outcomes 1, 2, 3, 4, 5, 6 on the X axis of the graph and the probability
of each outcome on the Y axis, a probability distribution graph is obtained.
(2) 'Mutually exclusive' means that outcomes do not overlap. The result of
throwing a die cannot be 1 and 2 at the same time. 'Collectively exhaustive'
means that the probability of all outcomes is 1 or 100%.
(3) A probability distribution shows a probabilistic estimate of a particular
set of circumstances or each possible outcome. Afterwards, central tendency or
dispersion shows likelihood of particular future events. As a result, we can say
that it is possible to see likelihood of particular future events through a
probability distribution. Note, however, that the CPCU 500 sometimes
distinguishes strictly what a probability distribution shows.
(4) A continuous probability distribution can sometimes appear to be
discrete probability distributions using a countable number of bins (event
categories). For example, the probability distribution for students' height can
be expressed in groups of 161 to 170 cm, 171 to 180 cm, and 181 to 190 cm.
Discrete probability distributions are characterized by a nite number of
possible outcomes, but this is a continuous probability distribution.
143
fi
20.d. Central Tendency and Dispersio

The expected value is the sum of the possible outcomes multiplied by the
corresponding probabilities. It is expressed as the weighted average of all the
possible outcomes in a theoretical probability distribution. For example, the
mean of 10, 20, 20, 30 is 20. 20 = (10 + 20 + 20 + 30) / 4. Risk managers
consider the mean as the single best guess when estimating future events as
a single value. For example, if the mean for past loss amounts is $ 20,000, the
single best guess for future loss amounts is $ 20,000, despite several other
possibilities. The future loss amounts can be $ 10,000 or $ 30,000, but the
least error is the mean when estimating unknown future outcomes with a
single value.
Dispersion represents the degree of spread out around the expected value
of the probability distribution. Risk managers use dispersion to assess the
credibility of the measures of central tendency. The greater the dispersion, the
lower the credibility of the measures of central tendency. This is because it
may result in values that are much larger or smaller than expected.
The standard deviation (σ) represents the dispersion of the probability
distribution. For example, the standard deviation of 10, 20, 30 is 10. 10 =
[{(10-20)2 + (20-20)2 +(30-20)2} / (3-1)]0.5 = [(100 + 0 + 100)/2]0.5.
Coef cient of variation (σ / µ) is the standard deviation divided by the mean,

which is used when comparing different distributions to each other.
(1) The larger the dispersion, the higher the likelihood that the actual
outcome is larger or smaller than the expected value. For risk managers or
insurance companies, this is not desirable because the risks are greater.
(2) Risk managers view the standard deviation as the magnitude of the risk.
Historical data were used to construct probability distributions and predicted
expected values. However, it is the standard deviation that indicates how the
future actual results may differ from the expected value. The degree to which
the frequency or severity of the loss deviates from what is expected is
considered a risk.
(3) When the probability distributions are plotted on a graph, the smaller
the dispersion, the sharply peaked curve is drawn.
(4) For example, A distribution is mean 10, standard deviation 100, and B
distribution is mean 100 and standard deviation 500. Which is the greater
dispersion between A and B? The standard deviation of the B distribution is
large in numbers, but the dispersion of the A distribution is larger when the
mean is taken into account. Coef cient of variation of A distribution is 100/10
= 10 and Coef cient of variation of B distribution is 500/100 = 5.
144
fi
fi
fi
n
20.e. Normal Distributio

A normal distribution is a probability distribution, drawn as a bell-shape
curve. As the outcome values become larger or smaller around the center
mean, the probability of occurrence gradually decreases. Theoretically, a very
large value or a small value has some probability greater than zero. If the
outcome of a phenomenon follows a normal distribution, the probability of
possible outcomes can be estimated by a predictable measure of standard
deviations from the mean.
145
n
(1) The mathematical understanding of the normal distribution should be

done in statistical classes. In CPCU 500, let's focus on understanding and
exploiting normal distribution characteristics. Numerous natural phenomena
follow a normal distribution when suf cient numbers are investigated. Risk
management also discusses various incidents based on normal distribution.
(2) For example, suppose that the height of a hypothetical 10,000 man is
examined and a mean is 170 cm and a standard deviation is 10 cm. According
to the normal distribution, the height corresponding to the center of the graph
is 170 cm, the height corresponding to one standard deviation is 180 cm, and
the height corresponding to minus one standard deviation is 160 cm. The
number of people between 170 cm and 180 cm is 3,413, accounting for
34.13% of the total. In the same way, the number of persons between 160cm
and 180cm in height is 6,826 persons, which is 68.26% of the total.
(3) To prepare for the test, you must memorize all the gures in the normal
distribution. Unfortunately, 34.13%, 13.59% and 2.15%, as well as 68.26%,
95.44% and 99.74%, respectively, must be memorized.
(4) The following are frequently asked questions. What is the probability
that outcomes exist between the mean and one standard deviation above the
mean in the normal distribution? 34.13 percent. What is the probability that
outcomes exist between the mean and one standard deviations above and
below the mean in the normal distribution? 68.26 percent. In this way, you
have to distinguish whether asking for one side or both sides in the normal
distribution.
146
fi
fi
20.f. Practical Application of Normal Distributio

Let's look at an example where normal distribution is used in risk
management. There is a hypothetical factory that needs to have a large
number of re extinguishers. Replacing the re extinguisher too quickly can
be costly, and replacing it too late can cause malfunctions. As shown in the
gure, re extinguishers have slightly different useful lives depending on the
manufacturing process. The average useful life of re extinguishers is 1,000
days, and the standard deviation is 100 days. If the factory risk manager
chooses a re extinguisher replacement cycle of 1,000 days, the probability of
a re extinguisher operating in a re accident is 50%.
If the factory's risk manager changes the re extinguisher replacement
period to 900 days, what is the probability of a re extinguisher operating in a
re accident? It is important to know exactly what the normal distribution
represents. Here the normal distribution indicates the useful life of the re
extinguisher. That is, a re extinguisher that has a useful life of 900 days or
more works normally. Therefore, the percentage of re extinguishers with
useful life over 900 days in the normal distribution is 84.13% (34.13% + 50%).
(1) Note that even if you use normal distribution in various stories, you only
have to be careful about which values are to be placed on the x-axis. For
example, an insurer wants to hire the appropriate number of underwriters.
One underwriter can have 500 U/W reviews per month. The average number
of U/W reviews is 2,000 monthly and the standard deviation is 500. How many
people should be employed to hire enough underwriters with at least 80%
con dence? The x-axis is the number of U/W reviews, and the cumulative
probability of 84.13% is one standard deviation from the mean of 2,500. 50%
+ 34.13% = 84.13%. To handle 2,500 cases, ve underwriters must be hired.
Since people cannot be split like 4.8 people, the closest value of at least 80%
is 5 people.
147
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
n
fi
20.1. Question: Probability Analysis
1. The weighted average of all the possible outcomes of a theoretical

probability distribution is the Expected value.
2. A coef cient of variation is derived by Dividing a distribution’s standard
deviation by its mean.
3. In using the coef cient of variation when comparing two distributions, if
both distributions have the same mean, then the distribution with the larger
standard deviation will have Greater variability.
4. A group of large life insurance companies pooled their mortality data
over the past 25 years. Based on the pooled mortality data, a mortality table
showing the probability of death at speci ed ages was developed. The
insurers used these probabilities in pricing life insurance products. The
probabilities developed from the pooled mortality experience of the insurers
are best described as Empirical probabilities.
5. Determining the probability that a certain event will occur can be an
important part of exposure analysis in the risk management process.
Empirical probability is the term used for probability that is developed based
on actual experience.
6. An insurer is beginning to write business in a new state. The claim
manager, Carla, wants to know how many new claim representatives to hire to
accommodate the additional volume of claims. Based on the marketing
department's estimate and industry data, Carla has determined the mean
number of new claims to be 2,000, with a standard deviation of 1,000 in a
normal distribution. If a claim representative can typically adjust 600 claims
per year, and Carla wants at least 66% certainty that she has enough
representatives, which one of the following represents how many
representatives she will need to hire? 3
7. Granton Manufacturing uses diamond-point cutting tools to manufacture
metal plates. The diamond points have an average life of 90 days. Some points
last longer and others wear out more quickly; however, overall the average life
of the diamond points follows a normal distribution curve with each standard
deviation equaling 10 days. Replacing a point requires only 15 minutes.
However, if a point fails, Granton often must scrap some of the metal plates,
and the process to return to full operations takes over two hours. In this case,
28%is likely to wear out only after 110 days.
148
fi
fi
fi

21.a. Value at Ris

VaR measures the probability of incurring a loss in value that exceeds a
threshold level. It is typically characterized by measuring over a short time
period and a low probability. For example, let’s say an organization sets a VaR
loss threshold level of $300,000. A one-day, 5 percent VaR of $300,000 means
there is a 5 percent probability of losing $300,000 or more over the next day.
VaR provides these three bene ts as a risk measure: (1) Quanti es the
potential loss associated with an investment decision (2) Articulates complex
positions (typically involving multiple investments) as a single gure (3)
Expresses loss in easy-to-understand monetary terms
However, VaR has a limitation: It doesn’t accurately measure the extent to
which a loss may exceed the VaR threshold. This limitation can be addressed
with conditional value at risk (CVaR). CVaR provides the same bene ts as VaR
but with the added bene t of helping to analyze the extremely large losses
that may occur, usually with very low probabilities, in the tail of a probability
distribution.
149
k
fi
fi
4
fi
fi
fi
21.b. Earnings at Ris

Determining EaR entails modeling the in uence of factors such as changes
in interest rates; sales; production costs; and the prices of products,
commodities, and components used in production. Models are developed
using a Monte Carlo simulation, and the results are presented as a probability
distribution curve or a histogram of individual probabilities.
The EaR threshold is the low end of projected earnings within a speci c
con dence, such as 95 percent. The probability that an organization's earnings
will be greater than the EaR threshold is represented by the area under the
distribution curve to the right of the EaR threshold. The area under the curve
to the left of the EaR threshold represents the probability that earnings will
be below the EaR threshold. For example, if earnings at risk are $100,000 with
95 percent con dence, then earnings are projected to be $100,000 or greater
95 percent of the time and less than $100,000 5 percent of the time. EaR is
helpful in comparing the likely effects of different risk management strategies
on earnings. However, one drawback is that the calculations can be complex.
Explain what it means when an organization has a one-day, 5 percent value
at risk (VaR) of $500,000 and when another organization has earnings at risk
(EaR) of $1,000,000 with 95 percent con dence. An organization with a one-
day, 5 percent VaR of $500,000 has a 5 percent probability of losing $500,000
or more over the next day. An organization that has EaR of $1,000,000 with 95
percent con dence has earnings that are projected to be $1,000,000 or
greater 95 percent of the time and less than $1,000,000 5 percent of the time.
150
fi
fi
fi
k
fi
fl
fi
21.c. Trend Analysi

Organizations use trend analysis techniques to identify predictable patterns
of change in dynamic environments and, from those patterns, develop
forecasts. Regression analysis is one of those techniques, and it can increase
the accuracy of forecasting by examining relationships between the variables
that affect trends. For example, changes in hazard loss frequency might
correlate with changes in some other variable, such as production output, in
such a way that loss frequency can be predicted using production output data.
Many risks vary predictably in relation to another variable, so they can be
forecast using a regression analysis. In a regression analysis, the variable
being forecast is the dependent variable. The variable that determines the
value of the dependent variable is the independent variable. Linear regression
analysis deals with a constant rate of change. For example, if the independent
variable is time that is measured in years, then a linear regression analysis
assumes that the change in the dependent variable is the same from year to
year. In this case, the regression line is straight (linear), not curved.
151
s
21.d. Charting a Linear Regression Line

The exhibit plots machinery losses in relation to the rm’s annual output.
The data points show that 4 losses occurred in Year 1 when output was 35 (x
100,000); 4 losses occurred in Year 2 when output was 60; 5 losses occurred
in Year 3 when output was 72; and 6 losses occurred in Year 4 when output
was 95.
The solid portion of the linear regression line approximates the trend of the
historical data. The dashed extension of the regression line projects annual
numbers of machinery losses for levels of output (in units of 100,000) beyond
the range of this particular historical data.
In this example, the indicated value for b is 2.46 machinery losses. The
indicated value for m is 0.035, implying that with each 100,000-ton increase
in output, 0.035 additional machinery losses can be expected. y = 0.035x +
2.46, where: y is the dependent variable, x is the independent variable, b is the
y-intercept, m is the slope of the line
152
fi
21.e. Analyzing Event Consequences

Organizations use decision tree analysis and event tree analysis to predict
the likelihood and severity of consequences or gains arising from decisions
and events. This helps managers make decisions that will best propel an
organization toward its strategic goals, as well as manage its risks.
Decision tree analysis examines the consequences, including costs and
gains, of decisions. A risk management professional may use decision tree
analysis to compare different decisions and select the one most likely to help
the organization obtain a strategic goal.
Event tree analysis examines all possible consequences of an accidental
event, their probabilities, and existing measures to prevent or control them. A
risk manager may use this approach to examine the effectiveness of systems,
risk treatment, or risk control measures and to identify, recommend, and justify
expenditures of money, time, or resources for improvements.
21.f. Decision Tree Analysi

Decision trees can provide both qualitative and quantitative analysis.
Qualitatively, they can help generate scenarios, progressions, and
consequences that could potentially result from a decision. Quantitatively, they
can estimate probabilities and frequencies of various scenarios resulting from
a decision.
Constructing a decision tree begins with identifying the decision under
consideration—for example, whether to develop a product. From that point,
various sequences of events (pathways) are charted for each potential
decision. Each pathway then leads to an outcome. For a quantitative analysis,
probabilities are assigned to each pathway, and expected values (costs or
gains) of each pathway can be estimated for the outcome. The probabilities of
each pathway and the value of its outcome can be compared to determine the
pathway that produces the highest expected value. Decision tree analysis
offers the advantages of visual portrayal of event sequences and outcomes
and a means to calculate the best pathway through a problem.
153
s
21.g. Event Tree Analysi

Event trees are similar to decision trees in their portrayal and analysis of
various pathways and their outcomes. However, event trees analyze the
consequences of accidental events rather than decisions. The rst step in
building an event tree is identifying the rst accidental event related to a
product or process that could result in unwanted consequences. It’s typically
the rst signi cant unwanted departure from a normal series of events. The
various progressions of events that could follow the accidental event are then
identi ed, along with any barriers to those consequences (such as alarm or
detection systems, emergency procedures, or other loss control measures). The
progression of events that are identi ed could be based on factors such as
human responses, interaction with other systems, weather, or the performance
or failure of barriers to consequences. The analysis ends in a list of potential
consequences of the initial event.
For each pathway in the diagram, the end probability represents the
likelihood that every event in the pathway will occur. This probability is
calculated by multiplying together the probability of each event in the
pathway that occurs after the initial accidental event (for example, in the
worst case scenario .80 × .10 × .05 = .004). The sum of all probabilities at the
end of the diagram should equal 1 (for example, .004 + .076 + .036 + .684 +
.20 = 1).
Like a decision tree, an event tree creates a visual portrayal of event
sequences and outcomes. Speci cally, it illustrates the potential effectiveness
of control systems following accidental events and accounts for timing, other
contributing factors, and domino effects. But one of the limitations of event
tree analysis is that it typically provides only two options—success or failure—
and thereby fails to re ect the complexity of some processes or products (for
example, some components or barriers may not fail completely).
154
fi
fi
fi
fl
s
fi
fi
fi
fi
21.1. Question: Value at Risk and Trend Analysis
1. A bene t of the conditional value at risk (CVaR) method is that It takes

into account the extremely large losses that may occur.
2. Decision tree analysis and event tree analysis are similar in a number of
ways, but differ in their Purpose.
3. Determining earnings-at-risk (EaR) entails modeling the in uence of
factors such as Changes in the prices of products and production costs on an
organization's earnings.
4. Event trees analyze the consequences of accidental events.
5. The regression line represents the "best t" of a straight or smoothly
curved line to actual historical data from prior periods.
6. If earnings at risk are $200,000 with 90% con dence, Earnings at risk are
projected to be less than $200,000 10% of the time.
7. A main difference between decision trees and event trees is That event
trees analyze the consequences of accidental events rather than decisions.
8. Widget Manufacturing Company has noticed that its loss frequency and
severity has increased in the past two years as its production has increased. In
order to better forecast loss frequency and severity, Widget Manufacturing
Company should consider using Trend analysis.
9. A nancial analyst wants to evaluate the effect that a predicted increase
in the cost of steel will have on the net income of East Side Manufacturing.
the analyst should use Earnings at risk
10. Magruder Company would like to estimate the number of workers
compensation claims to expect next year. Magruder’s risk manager ran a
regression analysis in which the number of workers compensation claims was
the dependent variable and the number of payroll hours worked (in
thousands) was the independent variable. The y-intercept from the regression
was 3.8. The slope coef cient was 1.4. The risk manager believes that next
year Magruder workers will work 80,000 payroll hours. Based on this
information, approximately 116 workers compensation claims should the risk
manager expect next year.
155
fi
fi
fi
fi
fi
fl
156
SECTION 10. DIVING INTO DATA
Topic 22. Big Data and Traditional Data Analysis

Topic 23. Modern Data Analysis and Data-Driven Decision
Making
157
Section 10. Diving Into Data

22.a. Big Data Characteristics

Big data and risk management are business partners, in a sense. But data
stripped of its context—even at high volume—won’t necessarily help you
answer critical questions or make faster, better risk management decisions.
You have to also be able to trust the data being used to make those decisions.
Part of developing that trust lies in understanding the sources of the myriad
streams of data that ow into and out of your organization and the
distinguishing features of the types of information those sources offer. Before
we examine the ways that big data can be categorized for analysis, let’s rst
look at ve characteristics that make data big:
1. Volume Businesses have access to an enormous amount of data.

Organizations collect data from a variety of sources,
including business transactions, social media, sensors. In
the past, storing current volumes of data would’ve been a
problem— but today’s cloud storage technologies have
minimized that issue.
2. Variety Big data comes in all types of formats, from structured,
numeric, transactional data and social media.
3. Velocity The speed at which data grows and becomes available to
a business is unprecedented. Velocity includes the growing
rate of change in the types of data and the need to deal
with it in a timely manner. Technology, such as radio-
frequency identi cation (RFID) tags, sensors, and smart
metering are helping companies deal with torrents of data
in near-real time.
4. Veracity This refers to the completeness and accuracy of the data.
Unstructured data, by de nition, can be uncertain and
imprecise. Structured, transactional, and master data may
also have aws because of inadequate edits or user error.
5. Value Big data has great potential to add business value
(certainly for risk management), but it must be obtained
and analyzed with techniques that provide meaningful
results.
158
fi
fl
fi
fl
fi
2
fi
22.b. Internal and External Dat

Data captured and stored by organizations, categorized as internal data,
includes master data identifying customers, vendors, and prospects;
accounting records (sales and purchases, for example); Human Resources
records (payroll, vacations, bene ts); and employee/customer correspondence
(emails, contracts, and so on). Internal data also includes les speci c to the
type of business. Manufacturers deal with inventory and process controls.
Banks maintain customer nancial records. Software companies have feature
enhancement logs and project tracking records.
External data belongs to an entity other than the organization that would
like to acquire and use it. Open data is one type of external data, and anyone
can freely use it, as there are no existing legal restrictions on access or usage.
Wikipedia is a well-known source of open data. Similarly, public data generally
refers to open government records. Sometimes there’s a ne line between
internal and external data. For example, external data may become stored as
internal data, depending on how it’s to be used.
One example of overlapping internal/external data is the use of vehicle
telematics technology. Transportation companies use eet telematics to
monitor a wealth of data about both the vehicle and its operator, captured
over cellular connections. Data collected can provide clues for a broad range
of improvements, from increasing fuel ef ciency and optimizing routes to
reducing collisions and saving lives. Transportation companies are investing
heavily in telematics to protect their human and physical assets. Vehicle data
is more likely internal data, while the driver’s driving habits should probably
be categorized as external data.
Privacy issues constitute legal and regulatory concerns when personal
information is obtained from public sources, including social media. For
example, companies might access credit les or public records of a
prospective employee, and in such instances they need to be diligent about
informing and, in most cases, gaining consent from a job applicant. The same
caution is necessary for banks that must obtain and use credit ratings for both
personal and commercial loan applications. Other sources of external data
include published statistical data related to demographics, industry trends,
survey results, and other subjects. Economic data, such as interest rates, asset
prices, and exchange rates, is a commonly used type of third-party data.
Consumer Price Index and other information about global, national, or regional
economies is also valuable risk analysis data.
159
fi
fi
a
fi
fi
fl
fi
fi
fi
22.c. Structured and Unstructured Dat

The format of data is described as structured or unstructured. Traditional
internal master and transactional data is structured; that is, organized into
speci c elds in databases. The structure allows for easily linking les to each
other. Telematics provides an example of structured external data. A database
contains formatted elds for information that transportation companies
receive from telematics, such as distance traveled, location, engine
temperature, distance from other vehicles or objects, and road conditions.
Unstructured data is not organized into de ned elds and is not consistent
in format. Prospect notes are an example of internal unstructured data.
Although the notes may be contained in a customer relationship management
(CRM) database, they’re not likely to be categorized or consistent from one
sales rep to another. Unstructured external data includes information from the
internet, such as social media sites.
Data analytics is used for both structured and unstructured data, but it’s
especially useful for the latter. Information that’s not uniformly formatted or
may need contextual interpretation is more dif cult to analyze. Risk managers
have to use various techniques to gather, categorize, and analyze unstructured
data. Two graphs about interest rates, for example, may have different
contexts: one may represent historic trends, while the other is related to home
mortgages.
Structured data is instrumental in what is known as business intelligence
(BI) because it’s quanti able. It’s formatted in a database, making it easier to
search and analyze. Too often, however, business leaders default to snapshots
of structured data to make decisions, which can be shortsighted. A strong BI
plan also relies on unstructured data for additional insights.
160
fi
fi
fi
fi
fi
a
fi
fi
fi
22.d. Traditional Data Analysi

Businesses have long relied on data analysis techniques to evaluate and
improve their risk management decisions. Risk management professionals
measure all kinds of data— nancial data to improve the bottom line,
production data to bolster ef ciency, customer feedback data to meet or
exceed service standards—and use countless other sources of information to
increase the certainty associated with their forecasts. Analytical techniques
are therefore vital tools for solving the business problems you’ll confront as a
risk management professional. Data analysis is typically used to determine
one of these types of outcomes:
A nonnumerical For example, a food-products manufacturer may

category to which want to identify product categories that would
data belongs compete with a potential new product.
A numerical A retail chain uses existing data to measure day
answer and hour customer traf c by store.
A probability score A manufacturer may want to determine the
based on historical probability that a safety solution will reduce the
data frequency of worker accidents.
A prediction of Revenue predictions for a new product or new
future results market, for example, based on previous similar
based on current product sales.
and past data
161
fi
fi
fi
s
22.e. Common Data Analysis Technique

Exploratory data The techniques used for exploratory data analysis are
analysis relatively simple. They involve charts and graphs that
show data patterns and correlations among data.
Classi cation A supervised learning technique that uses a structure
trees similar to a tree to segment data according to known
attributes to determine the value of a categorical
target variable.
Regression Regression analysis is a statistical technique used to
analysis estimate relationships between variables. Two types
of regression analysis are linear regression and a
generalized linear model. The second type of
regression analysis is a generalized linear model
(GLM), a statistical technique that increases the
exibility of a linear model by linking it with a
nonlinear function.
Cluster analysis. A model that determines previously unknown
groupings of data.
162
fl
fi
s
22.f. Exploratory Data Analysis

For example, a scatter plot (and its close relative, a bubble plot) is a two-
dimensional plot of point values that represent the relationship (or
correlation) between two attributes. A correlation matrix is another type of
exploratory data analysis technique.
Say a risk management professional identi es a few attributes to test driver
safety. By building a correlation matrix of selected attributes, the graph may
indicate that certain combinations of attributes such as variable shifts, age,
and overtime, correlate strongly with driver accidents. That, in turn, can lead to
revisions in shift assignments and overtime and, subsequently, fewer accidents.
163
fi
22.g. Classi cation Tree

To solve business problems using data analysis, the data used must usually
have certain relevant characteristics. For example, to determine whether an
employee is likely to be able to return to work after an accident, a risk
management professional might use such attributes as type of occupation,
age, quali cations for retraining, and available positions with lighter physical
requirements.
In this example, a classi cation tree (also known as a decision tree) could
be used to segment workers compensation data. The tree would contain
nodes, arrows, and leaf nodes. The leaf nodes of the tree indicate the values of
the target variable. Each worker’s attributes would follow the arrows of the
tree through leaf nodes that segment the data by attribute to an ultimate leaf
node labeled “Return to work” or “No return to work.” It is important to
understand that these classi cations are not necessarily what the actual
outcomes will be.
22.h. Cluster Analysi

Sometimes, risk management professionals want more information but do
not know the precise nature of that information. For example, to determine
whether there is a relationship between the time lag in reporting employee
injury claims and the size of those claims, data analytics techniques that use
known variables would not be effective. Cluster analysis can be used to search
data for previously unknown information or relationships.
There are different methods of cluster analysis that segment data according
to similarities in various attributes. And to provide more granular information,
several iterations of cluster analysis can be applied to further subdivide
clusters. So if an organization identi es segments of customers according to
age, it may want to identify characteristics of, for example, millennial
customers in an effort to gain insight into applicable products and effective
marketing approaches for that group.
Cluster analysis is not so much a typical statistical test as a collection of
algorithms that put data into groups or clusters according to well-de ned
similarity rules. It’s commonly used when a risk management professional has
a general problem to solve but does not know the variables a predictive
model must analyze to do so.
164
fi
fi
fi
s
fi
fi
fi
22.1. Question: Big Data and Traditional Data Analysi
1. Velocity is a characteristic that differentiates big data from traditional

data.
2. Data analytics is especially useful for Unstructured data.
3. Big data includes Both structured and unstructured data.
4. If an insurer wants to determine the numerical value for a known target
variable, it is most likely to use Regression.
5. Technological advancements have led to access to unprecedented
volumes and types of data. Social media posts are an example of External
unstructured data.
6. Tania works in the fraud unit for Greatview Insurance. There is a claimant
who appears to be involved in multiple cases of insurance fraud. Tania
decides to use social media to obtain information that may be used to develop
a pro le of the claimant. Tania's use of social media is an example of
Unstructured external data.
7. A risk manager for a grocery store wants to see if there is a correlation
between the frequency of customer slip and fall accidents, and the time of day.
Bubble plot is a relatively simple data analysis technique that the risk
manager could use to determine this correlation.
8. Nancy, the general liability claims manager, is concerned about a
signi cant rise in claim frequency in the state of New Jersey during the past
18 months. She cannot identify the cause of the increase and has asked
James, a data analyst, to help. James decides to develop a model to analyze
the dataset of New Jersey claims, and see if any previously unknown grouping
can be identi ed for further analysis. James is using Cluster analysis
165
fi
fi
fi
s
Topic 23. Modern Data Analysis and Data-Driven

Decision Making
23.a. Modern Data Analysis

Risk managers have always known that they need to acquire information
continually and re ne their ability to interpret it in more meaningful ways.
Data mining techniques, which are constantly evolving and improving, provide
incredible amounts of data, but once an organization amasses data, it must
know what to do with it, how to glean insights from it, and then how to
transform that awareness into constructive outcomes.
Modern data analysis techniques such as text mining, neural networks, and
social network analysis evaluate and attempt to replicate human
communication and thinking in order to predict human behavior. Scientists
delve deeper into the workings of the human brain, which allows them to
re ne computer processing and machine learning. In turn, these developing
technologies provide risk managers with an expanding supply of resources
they can use to better serve their customer.
23.b. Text Minin

Text mining turns text into numbers that are then used in mathematical
equations or models. The rst step of the text mining process is to retrieve
and prepare the text. Usually, this data is considered unstructured. What that
means is that is the data has no basic, universal organization that makes it
easy to put in a matrix format.
By its nature, unstructured data is very dif cult to analyze. Therefore, during
the second step of the text mining process, the unstructured data needs to be
converted into structured data before a modeling algorithm can analyze it.
Structured data stores information in a precise, consistent format that can be
searched much more easily. Examples of structured text-based data include
names, street addresses, and genders.
During the third step, different techniques are used to create a data mining
model to help the organization achieve its goals. These techniques involve
identifying previously undetected groups of data, nding the most similar
instances of data, and prede ning certain attributes as target variables.
The fourth step in the text mining model is to evaluate its effectiveness in
multiple areas. Obviously, no single approach to collecting and examining
data will give an organization all the answers it seeks, and a text mining
model's predictions are not always correct. For example, an organization could
mine text to rate written customer feedback as positive, negative, or neutral,
but context would not be taken into account.
166
fi
fi
g
fi
fi
fi
fi
4
Topic 23. Modern Data Analysis and Data-Driven Decision Making
Examples of Unstructured Data
23.c. Neural Network

Neural networks, another modern data analysis technique risk managers
should be familiar with, are a form of arti cial intelligence (AI) that enable a
computer to learn as it accumulates more data. A neural network's analysis is
also referred to as deep learning.
Neural networks comprise three layers: input, hidden, and output. The input
layer collects the data to be analyzed, and the output layer offers the results
of the analysis. The hidden layer is where all the work takes place. During the
input phase, relevant information is entered into the model and assigned an
importance level. In the hidden phase, the network executes the mathematical
processes it was programmed to perform. The organization reviews the results
and compares them with the outcomes it had anticipated. From there, the
organization can determine how accurate the model is based on the gap
between anticipations and actual results.
The network can then learn from any inaccuracies in its calculations by
reversing the process—in other words, entering information that shows what
end result is desired and running the process backwards. Alternately running
the forward and backward processes numerous times (sometimes hundreds of
times) allows the network to teach itself how to arrive at the desired result.
One drawback of neural networks is that they can be overtrained. This
occurs when a network reviews data in so much detail that it is unable to
operate in a larger framework with other types of data. Another drawback is
that the processes undertaken by the network during the hidden phase may
be too incomprehensible to be evaluated thoroughly enough.
167
s
fi
23.d. Social Network Analysi

In the context of social network analysis, a social network is a group of
individuals who share relationships and the ow of information. The network
can consist of humans or websites, computers, animals, organizations,
countries, etc., which are referred to as nodes. Each link between two nodes
represents their relationship.
Social network analysis measures and charts the relationships between the
nodes in a network, along with the ow of communication between them. The
effectiveness of the analysis is based on quantifying the relationships
between the nodes. The ef ciency of the ow between social network
connections can be determined through these centrality measures:
Degree A measure of the connections each node has. For

example, degree would measure the number of external
webpages the organization’s webpage links to or the
number of Facebook friends one of its sales associates
has.
Closeness The measure of the average distance, or path length,
between a particular node and the other nodes in a
network. For example, John and Anne both nd out that a
company policy is changing. Because Anne has a higher
closeness to the company’s other employees than does
John, as measured through the company’s email traf c, it
is reasonable to assume that Anne will spread the news
to more people more quickly through email than will
John.
Betweenness The measure of how many times a particular node is part
of the shortest path between two other nodes in a
network. If a scholarly article is posted online and most
of its readers click on one of its cited references, read the
graduate thesis it cites, and then connect with the
thesis’s authors, the article has a high degree of
betweenness because it connects two groups of people:
the authors of the thesis and the readers of the scholarly
article.
168
fi
s
fl
fl
fi
fl
fi
Topic 23. Modern Data Analysis and Data-Driven Decision Making
23.e. Data Science and Data-Driven Decision Making

To gain competitive advantage and operate more effectively, risk managers
must be able to properly frame business problems and questions, and then
use data science techniques to perform analysis that will improve results.
Descriptive, data-driven approaches are used to resolve particular problems.
Predictive approaches are used when a risk management team must look
forward to evaluate the level of risk and opportunity involved in a business
strategy decision that will be repeated.
The Descriptive Approach: The descriptive approach is usually a one-time
solution that a risk manager uses to solve a speci c problem. Data science is
used to provide data that will help solve the problem. Once a resolution to the
problem is reached, the particular data-driven model that was used is, at least
theoretically, no longer needed. However, if there is a case where the same or
a similar problem occurs, the risk manager could perhaps use that model as a
template to create a new model.
The Predictive Approach: A predictive approach to data analytics is a
method that can be used repeatedly to provide information for data-driven
decision making by humans, computers, or both. Predictive modeling involves
the use of data, statistical algorithms, and machine learning techniques to
identify the likelihood of future outcomes based on historical data. For
example, predictive modeling is often used in online advertising and
marketing. Predicting responses to a coupon offer or sales from a pay-per-
click advertising campaign can be replicated periodically as a marketing
strategy.
23.f. A Model for Data-Driven Decision Making in Risk

Managemen
Following an ordered process in decision making will help ensure the best
results. The process for data-driven decisions involves these ve steps: (1)
De ning the risk management problem (2) Gathering quality data (3)
Analyzing and modeling (descriptive or predictive) (4) Determining insights:
trends, relationships, behavior, events (5) Making decisions.
169
fi
t
fi
fi
23.1. Question: Modern Data Analysis and Data-Driven Decision

Making
1. The predictive approach to data-driven decision making would be most

appropriate for that A transportation company is looking for a way to optimize
routes and improve fuel ef ciency.
2. The text in organizational les, social media posts, news stories,
consumer reviews, and so forth is not automatically meaningful to a machine
or an algorithm.
3. The important rst step in a decision-making model is to De ne the
problem.
4. A data analysis technique that an insurer would likely use to analyze
claims adjusters' notes is Text mining.
5. Neural networks is a data analysis technique that operates in a way
similar to the human brain.
6. Discovering new relationships in data is a way that insurers and risk
managers can use data science to improve their results through data-driven
decision making.
7. Tom, the regional manager at Westfork Mutual, has planned a community
service day for all employees. He has asked his two assistant managers, Julian
and Leah, to spread the word to other employees and encourage them to
attend. Based on centrality measures of the company's email traf c, Tom is
con dent that Julian will spread the word to more employees more quickly
through email than will Leah. Tom's con dence is based on Julian's high score
in Closeness.
170
fi
fi
fi
fi
fi
fi
fi
SECTION 11. BUILDING CONSENSUS
Topic 24. Communicating and Collaborating About Risk

Topic 25. Collaborating With Experts About Risk and Delivering
Your Message
171
Section 11. Building Consensus
Topic 24. Communicating and Collaborating

About Risk
24.a. Fundamentals of Effective Communication

Effective communication habits are essential to business success. Good
communication increases productivity, reduces confusion, mitigates con ict,
and improves morale. The communication process includes speaking,
analytical, and organizational skills. In addition to helping the listener obtain
information, active listening develops trust and positive relationships. Good
communicators foster two-way communication by sending "I" messages and
supporting diversity through nondirective techniques.
When disagreeing or identifying dif culties with someone, it's best to send
"I" messages. However, people tend to do the opposite in such situations,
instead stating their dissatisfaction through "you" messages. For example,
when talking with a subordinate who is underperforming, a manager may
want to say something like, "Rebecca, you're not doing a good job managing
your clients." While this may be accurate, the more constructive and less-
de ating way to deliver the same criticism is by sending an "I" message, such
as, "Rebecca, I think there is room for improvement in the way you manage
your clients."
24.b. The Communication Process

Before speaking with a group or individual, it's important to step back and
establish a plan that ensures the most clear and productive communication
process. Here are some ways to do this: (1) Set a clear communication
objective. Prior to the conversation, ask yourself, What do you want the other
person(s) to do as a result of this message? Having an objective in mind will
help you best present your message. (2) Analyze your audience. What's the
person or group's knowledge of the subject or background of the situation?
Using so-called big words and complex phrases does not make you sound
smarter or more professional. (3) Decide when and where to talk. The length
and importance of your message should be the determining factors. (4) Pay
attention to your body language. Your posture, tone of voice, and movements
play a key role in connecting with your audience and conveying con dence. (5)
Ask for feedback. To determine whether your message has been understood,
request feedback. Asking questions such as, "Do you see any problems with
this?"
172
fl
fi
2
fi
fl
24.c. Delivering Dif cult Message

At times, you will have to deliver messages that recipients won't want to
hear. These messages bring with them a high potential for con ict. But there
are ways to minimize or even prevent defensive reactions. For starters, don't
blame the other person. Instead, make it clear that you object to a speci c
kind of behavior, action, or (if you are a manager) performance level or that
you disagree with a speci c position or decision.
It's also important to avoid broad generalizations. Avoid words such as
"always," "never," and "all." Instead, state speci cally what you disagree with.
Lastly, it's good practice to avoid sounding hostile while trying to be assertive.
It's OK to show conviction about how you feel and con dence in your
perceptions. Hostility, however, implies that the other person is to blame and
increases con ict.
24.d. Active Listening

Becoming an effective listener requires mastering the techniques of active
listening, which encourage the expression of ideas and feelings. Active
listening consists of three elements: attention, suspension of judgment, and
response.
(1) Attention: Most people admit to having a short attention span. We're
easily distracted by the sights and sounds around us and by our own thoughts.
Active listening demands a concentrated effort to pay complete attention to
what the other person is saying.
(2) Suspension of Judgment: You must withhold judgments, especially good/
bad and right/wrong ones about the message or speaker, during the
presentation. Any hint of disapproval can give the person reason to hesitate
sharing with you.
(3) Response: Active listening requires giving appropriate responses. The
overall guideline is to avoid introducing a new idea. The Paraphrase Response:
How can you practice active listening in your day-to-day communication with
others? Active listening often employs three steps: (a) listening to a message,
(b) paraphrasing, or restating in your own words the message you received,
and (c) “feeding” the paraphrased message back to the speaker for
con rmation. For example, you might say, “What I hear you saying is ____. Is
this correct?”
173
fi
fl
fi
fi
s
fi
fi
fl
fi
24.e. Communicating and Collaborating About Risk

Every step in the risk management process, from scanning the environment
to monitoring and reviewing the chosen risk management strategies, is
dependent on communicating and collaborating with internal and external
stakeholders. This holistic approach that results is referred to as enterprise
risk management (ERM).
Scan the Scanning the environment cannot be completed without

Environment seeking input from experts within and outside the risk
professional’s organization. Internally, communications
should focus on the organization’s objectives and how
they could be affected by possible risks.
Identify Because the purpose of risk identi cation is to determine
Risks the cause, likelihood, and potential consequences of any
identi ed risks, risk professionals often seek advice and
insights from various experts.
Analyze Risk analysis can be straightforward or complex. Data
Risks analysts often collaborate with risk professionals to help
them understand certain complex risks. Even if the risk
professional is acquainted with the organization’s risk
appetite, he or she also needs to take into account the
specialized knowledge of outside experts to identify the
organization's key risks.
Treat Risks When determining how risks should be treated, whether
by avoiding them, modifying their likelihood or impact, or
transferring them, risk professionals should take
advantage of the organization's internal expertise. After
deciding which course of action to take, it is just as
important to communicate the decision up the
organization's chain of command. The decision has to be
supported by the available data, which should be
summarized as clearly and concisely as possible.
Monitor and Given that the advice and consultation of internal and
Review external experts has been crucial to risk management up
to this point, it may be obvious that continued
consultation is crucial to the continued monitoring and
review of the chosen risk treatment solutions.
174
fi
fi
24.1. Question: Communicating and Collaborating About Risk
1. Having the wrong people attend is a common problem with meetings

that leaders should try to avoid.
2. Julian was having a conversation with Tania, one of his employees. At
one point, Julian said, "What I hear you say is that you would like to take on
more responsibility. Is that correct?" Julian was illustrating Response as one of
the elements of active listening.
3. Asking a question such as "How do you think this will work out?" can help
a speaker do Request feedback and determine if the message has been
understood.
4. Before speaking with a group or individual, the speaker should think
about what he or she wants the other person(s) to do as a result of the
conversation. By doing this, Setting a clear communication objective in the
communication process complete.
5. Internal auditing is an internal source that can often provide information
regarding risks that aren't obvious.
6. Risk management professionals must collaborate with data analysts
during Analyze risks and monitor risk treatments steps of the risk
management process.
7. Collaboration occurs when individuals, departments, or teams from
different areas work together to accomplish a shared organizational goal.
8. Conor needs to deliver an important message to his staff. He has
scheduled a meeting in a conference room with his staff of 10 individuals. The
best way for Conor to use his body language to convey con dence in his
message and interest in his staff is that Conor should sit up and lean slightly
toward the audience.
9. Samuel was recently hired as a risk management professional for Parker
Property Management. He has been asked by senior management to review
the organization's current insurance policies to make sure that the
organization is adequately protected, and also see if there are any
opportunities to save on the premiums. Samuel must Determine the
organization's risk appetite through internal communication before he will be
able to complete this task.
10. Hanna is preparing her presentation for a meeting. She has a very
speci c objective which has been shared with the audience. Hanna wants to
include several slides in her presentation because she has read that people
tend to learn more from presentations that are accompanied by visual aids.
Hanna should use the slides to Emphasize key points.
175
fi
fi
11. Carla, the risk manager, was asked by senior management to deliver a
presentation on cyber risk at an all employees meeting. Even though she was
only allotted 30 minutes for her presentation, Carla felt that cyber risk was a
very real risk for the corporation and she wanted employees to leave with
some fear of it. She wanted to provide employees with as much technical
information as possible, and familiarize them with all of the important jargon.
Less than 20 minutes into her presentation, Carla could tell that many of the
employees were not paying any attention to her presentation. Analyze your
audience steps in the communication process had Carla failed to consider.
176
Topic 25. Collaborating With Experts About Risk and Delivering Your Message
Topic 25. Collaborating With Experts About Risk

and Delivering Your Message
Reference: CPCU 500 Online 1st edition, Assignment 11. Module 3, 4,
25.a. The Importance of Collaboration in Risk Management

Holistic risk management requires the entire organization to be on the
same page when it comes to managing risks—i.e., risk management needs to
be a collaborative effort. Cyber risk provides a good example of why
collaboration is needed. Virtually every business unit faces some cyber risk,
and the risk arising from any one unit could also affect other units or the
organization as a whole.
The rst step to fostering collaboration with internal and external
stakeholders is developing a broad perspective of the organization and its
interactions with stakeholders. In particular, it requires understanding what
demands are placed on them from their managers and what their work
environments look like. Collaboration requires knowing about the work
performed by other units in the organization and external stakeholders.
Gaining a holistic perspective requires ongoing two-way communication
with other business units and stakeholders. Develop a conviction for
establishing and maintaining good communications and relations with those
stakeholders. In addition, cultivate a sensitivity to lapses in effective
communication. When key stakeholders fail to communicate with each other,
reestablish the connection.
25.b. Motivate Worker

An essential part of getting people to collaborate is motivating them to
work with others. These are some effective techniques for motivating
supervisors, employees, customers, and other third parties to collaborate to
achieve a shared goal: (1) Get to know as much as possible about the other
stakeholders. When people know that you're open to their point of view, it
makes them more inclined to work with you. (2) Seek stakeholder input when
making decisions. Being consulted is in itself a motivator. Plus, seeking input
from everyone fosters greater acceptance of decisions. (3) Examine how
collaborators want to be rewarded. (4) Seek feedback on yourself from peers,
managers, and subordinates. People want to team up with others who are
accountable and amenable to criticism. (5) When revising job duties, try to
enrich individuals' work rather than merely expand it. (6) Request (and, if
necessary, ght for) equipment, staff, and other resources needed to support
stakeholders. (7) Help team members see the big picture. Help team members
understand how their work contributes to the achievement of a shared goal.
177
fi
fi
s
25.c. Collaborating With Experts About Risk

Collaboration with internal and external experts plays a major role in
updating and enhancing an organization's risk management approach. There
are two key tasks at which a risk professional needs to excel when working
with subject-matter experts:
Asking the Right Questions of the Right People: Before conducting research
by asking questions of experts, a risk professional needs to research what
kinds of questions should be asked and of whom. For an organization to put
information to use, it must have the necessary skills and resources to gather,
manage, and understand the data. It's common for the risk professional to take
on this role. When soliciting input from external subject-matter experts, risk
professionals should research the applicable eld to get a working
understanding of the topics to be discussed.
Understanding the Answers: Beyond understanding the answers to his or
her questions, a risk professional must understand how the answers relate to
the objectives and concerns of the organization. The risk professional will
need to lay out all of the potential risks cited by the subject-matter experts,
identify those that are most likely to affect the organization, assess their
potential severity, and recommend a treatment technique, such as avoidance,
transfer, or reduction. In this effort, predictive modeling can help triage
potential risks for treatment.
25.d. Delivering Your Message

In business, being a willing and open communicator has little value unless
you can also convey messages clearly. Learning how to get internal and
external stakeholders to grasp your point of view and knowing how to create
persuasive messages will help you gain buy-in from decision makers and
forge team collaboration.
The three modes of persuasion are ethos, logos, and pathos. Greek words
coined by Aristotle, they are considered the three artistic proofs for convincing
people. Ethos means "character" and refers to the need to establish the
speaker's credibility. Logos means "reason" and refers to the need to support a
message, claim, or argument with evidence. Pathos means "emotion" and refers
to the need to make an emotional appeal to the audience. This section will
detail these modes of persuasion.
178
fi
Topic 25. Collaborating With Experts About Risk and Delivering Your Message
25.e. Convey Nonverbal Message and Lead Effective Meetings

Convey the Right Nonverbal Message: How you say something is often as
important as what you say, so you need to complement verbal messages with
appropriate, effective nonverbal messages. People send nonverbal messages
through tone of voice, level of eye contact, and body language.
Lead Effective Meetings: Effective meetings don't happen by chance. They
are carefully planned. To ensure an effective meeting, you must de ne speci c
objectives. Then you can decide who to invite to the meeting. A plan for
meeting your objectives should exist at the end of the meeting. Three
additional keys to effective meetings are a strong opening, succinct
supporting material, and a powerful conclusion.
25.f. Resolve Common Problem

Now let's take a look at how to tackle two of the most common problems
that create confusion and communication breakdowns: hidden agendas and
status differences.
Hidden Agendas: A hidden agenda is a concern that affects a person’s
behavior but isn't openly stated by the person. Hidden agendas can be
detrimental to the communication process because people who employ them
may attempt to steer conversations down paths that bene t them—without
informing others of their intent. This can lead to a dismissal of your message.
Therefore, you should attempt to bring hidden agendas into the open. If you
suspect that a person’s comments are the result of a hidden agenda, ask
questions or state your observations and ask for the person’s reaction.
Status Differences: Differences in the informal status and formal rank of
participants often hamper communication. People hesitate to contradict
people with greater knowledge, standing, or experience. This can lead to a lack
of engagement from those who disagree with someone's message but are
reluctant to speak up. One way to avoid this is by asking for ideas from lower-
level persons before turning to those of higher standing. You could also ask
higher-ranking individuals to concentrate only on certain aspects of the topic.
179
s
fi
fi
fi
25.1. Question: Collaborating With Experts About Risk and

Delivering Your Message
1. In order to achieve collaboration, group leaders must Remain focused on

preventing stakeholders from straying from the common goal.
2. When communicating a decision up the organization's chain of command,
consulting with outside experts can help a risk management professional
Enhance stakeholders' con dence in the process.
3. William is a project manager for Parker International. He has been
assigned a key project with a short deadline. William realizes that this project
is going to require revising the job duties of some individuals and a
collaborative effort from of all team members. When revising job duties,
William should Try to enrich individuals' work rather than merely expand it.
4. Lucas, a risk professional for Jones Incorporated, recently met with
experts from the utility industry to discuss the potential loss of supply and
risks to the infrastructure. Lucas must now decide which risks, and proposed
treatments, need to be communicated to the board of Jones Incorporated.
Lucas should make this decision based on The organization's risk appetite and
tolerance levels.
5. Gaining a holistic perspective requires Developing a thorough
understanding of each unit's role and how it supports or depends on other
units and stakeholders.
6. After meeting with an external expert on climate change, an
organization's risk professional will need to do all of the following: Identify
those risks that are most likely to affect the organization, Assess the potential
severity of the risks to the organization, Recommend a treatment technique for
risks with severe potential.
7. When addressing individuals of different status levels, it is best to ask for
ideas from lower-level persons before turning to those of higher standing.
8. Shelton Manufacturing executives are growing increasingly concerned
about wild res and the potential effects on supply chain management. As the
risk professional, Carla has been asked to meet with experts on the subject
and report back to the executive team. Carla should research the eld and get
a working understanding of wild res, before meeting with external wild re
experts
9. Olivia is planning a meeting to explain a new cyber security procedure.
She expects that the meeting will be impeded by hidden agendas. The best
way for Olivia to deal with potential hidden agendas is that Olivia should start
the meeting by asking participants to state their concerns or feeling about the
procedure.
[THE END]
180
fi
fi
fi
fi
fi

Cpcu 500

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cpcu 500

Uploaded by

Copyright:

Available Formats

SECTION 8.

OPTIMIZING RISK FOR

Topic 18. Strategic Risk and Management

Topic 18. Strategic Risk and Management

Topic 18. Strategic Risk and Management

18.b. Strategic Risk Factors

1. Competition An electronics manufacturer signi cantly changes the

18.c. Assessing Strategic Ris

Economic The amount of capital required by an organization to

18.d. Strategic Management

Developing Before determining speci c short- and long-term goals,

18.e. SWOT, PESTLE, and Porter’s Five Forces Analysis

Rivalry Among Existing Firms

18.1. Question: Strategic Risk and Management

Topic 19. Applying Strategic Risk Management

19.a. Risk and Strategy

Section 8. Optimizing Risk for Strategic Advantage

19.b. Incorporating Risk Into Strategy

19.c. Meeting Strategic Goals

19.d. Strategic Management Process

19.e. Risk Appetite and Risk Tolerance

19.f. Risk Assessment

19.g. Risk Contro

19.1. Question: Applying Strategic Risk Management

1. The strategic management process can be applied to any type of

Topic 20. Probability Analysis

Topic 20. Probability Analysis

20.a. Nature of Probabilit

20.b. Law of Large Numbers

20.c. Probability Distributio

The cumulative probability distribution is only a cumulative plot of the

20.d. Central Tendency and Dispersio

Coef cient of variation (σ / µ) is the standard deviation divided by the mean,

Topic 20. Probability Analysis

20.e. Normal Distributio

Section 9. Breaking Down Risk Modeling

(1) The mathematical understanding of the normal distribution should be

20.f. Practical Application of Normal Distributio

20.1. Question: Probability Analysis

1. The weighted average of all the possible outcomes of a theoretical

Topic 21. Value at Risk and Trend Analysis

21.a. Value at Ris

21.b. Earnings at Ris

21.c. Trend Analysi

Section 9. Breaking Down Risk Modeling

21.d. Charting a Linear Regression Line

21.e. Analyzing Event Consequences

21.f. Decision Tree Analysi

Section 9. Breaking Down Risk Modeling

21.g. Event Tree Analysi

21.1. Question: Value at Risk and Trend Analysis

1. A bene t of the conditional value at risk (CVaR) method is that It takes

Topic 22. Big Data and Traditional Data Analysis

Topic 22. Big Data and Traditional Data Analysis

22.a. Big Data Characteristics

1. Volume Businesses have access to an enormous amount of data.

22.b. Internal and External Dat

22.c. Structured and Unstructured Dat

22.d. Traditional Data Analysi

A nonnumerical For example, a food-products manufacturer may

Section 10. Diving Into Data

22.e. Common Data Analysis Technique

Topic 22. Big Data and Traditional Data Analysis