CGE 4023

Topic 6: Risk Analysis

Risk analysis
 Risk analysis is a critical part of risk governance, and advanced
methods help organizations better understand and manage risks.

 Risk analysis is the process of identifying and analyzing potential

issues that could negatively impact key business initiatives or
projects. This process is done to help organizations avoid or mitigate
those risks.

 This topic covers different methods of assessing and managing risk,

from quantitative to subjective approaches.
6.1 Risk Appetite
 Risk appetite refers to the level of risk that an organization or
individual is willing to accept in pursuit of its objectives. It serves as a
guide for decision-making, helping to balance opportunities with
potential downsides.

Defining Risk Appetite

 Organizations must clearly define their risk appetite, which often

involves understanding their strategic goals, industry norms,
regulatory requirements, and overall risk tolerance.

 Risk appetite varies across different areas of a business. For instance,

an organization might have a high appetite for financial risk in pursuit
of growth but a low appetite for operational risks that could disrupt
daily activities.
Framework for Determining Risk Appetite

 Strategic Objectives: The organization’s overall strategy—whether

it seeks aggressive growth, innovation, or stability—guides how much
risk is tolerable.

 Stakeholder Considerations: Customers, shareholders, and

regulators may have their own risk tolerance, which influences how
much risk the organization can take on without alienating these
groups.

 Legal and Regulatory Requirements: In highly regulated

industries, such as financial services or healthcare, risk appetite is
often constrained by legal mandates to protect public safety, fairness,
and transparency.
Factors Influencing Risk
Appetite
 Strategic Objectives: How ambitious the organization’s goals are
(e.g., entering new markets, launching new products).

 Stakeholder Expectations: The tolerance for risk by shareholders,

regulators, and customers.

 Regulatory Requirements: Laws or industry regulations that impose

limits on risk-taking, such as in the banking or pharmaceutical sectors.

 Organizational Culture: The organization’s historical approach to risk

and how it values caution versus innovation.
Communication of Risk Appetite
 Once established, the risk appetite must be communicated throughout
the organization so that decisions align with the level of risk the
organization is prepared to take.

 For example, investment policies, strategic planning, and operational

decisions should all reflect the defined risk appetite.
6.2 Quantitative Risk Analysis
 Quantitative risk analysis involves using numerical data and statistical
methods to measure and evaluate risk. This approach provides more
objective insights into potential risks and their financial or operational
impacts.

 Common Techniques:
1. Expected Monetary Value (EMV): This calculates the average
outcome when accounting for all possible scenarios, weighted by their
probabilities.
2. Monte Carlo Simulation: A computational method that uses repeated
random sampling to model the probability of different outcomes in
processes that involve uncertainty.
3. Value at Risk (VaR): Often used in finance, VaR estimates the
maximum potential loss over a given period at a specified confidence
level.
4. Sensitivity Analysis: Identifies how different variables affect a
particular outcome, helping to understand which risks have the most
Advantages of Quantitative Risk Analysis

 Objectivity: It provides a clear, data-driven picture of risks, making it

easier to justify decisions.

 Precision: Numbers allow for a more precise understanding of the

potential financial impacts of risks.

 Comparability: Quantitative analysis enables easy comparison of

different risks, allowing for prioritization based on severity or likelihood.
Challenges of Quantitative Risk Analysis

 Data Quality: Reliable results depend on high-quality, relevant data,

which may not always be available.

 Model Limitations: Models often make assumptions that simplify

reality, which could lead to incorrect conclusions if not carefully
managed.
6.3 Analyzing Risk Interactions
 In complex systems, risks do not operate in isolation. Risk interactions
refer to how different risks can influence each other, either amplifying
or mitigating overall risk.

Understanding Dependencies

 Risks are often interdependent. For example, a natural disaster (e.g.,

an earthquake) can trigger other risks like infrastructure failure,
financial losses, and public safety concerns. It’s important to map out
how risks relate to each other.
Analyzing Risk Interactions
Cascading Risks

 These are risks that lead to a chain reaction of subsequent risks. For
instance, a supply chain disruption could lead to production delays,
missed delivery deadlines, customer dissatisfaction, and eventually
financial losses.

 Example: During the COVID-19 pandemic, travel restrictions (a health

risk mitigation measure) led to supply chain disruptions, which
cascaded into various operational and financial risks for global
businesses.
Analyzing Risk Interactions
Compound Risks

 Sometimes, different risks occur simultaneously, creating a

compounded effect that is more severe than any single risk. It’s critical
to evaluate how combined risks can affect an organization’s resilience.
Tools for Analyzing Risk
Interactions
1. Network Models: These map out how risks influence each other,
helping to visualize potential cascading effects.

2. Scenario Planning: Evaluating different risk scenarios can help

identify where interactions are most likely to occur and how to
mitigate them.
6.4 Managing Model Risk
 Model risk arises when the models used to assess or predict risk
produce inaccurate or misleading results. This can occur due to
incorrect assumptions, poor data, or inappropriate model usage.

 Sources of Model Risk:

1. Data Quality: Inaccurate or incomplete data can lead to unreliable
model outputs.
2. Assumptions: Models often rely on assumptions (e.g., normal
distribution of events), and if these assumptions are wrong, the model
will not provide useful results.
3. Model Overfitting: This occurs when a model is too closely tailored to
historical data, making it less effective at predicting future events.
4. Technological Limitations: The algorithms or software used in
modeling may have inherent limitations that could affect accuracy.
Mitigating Model Risk
 Validation: Models should be regularly validated and back-tested
using new data to ensure they remain accurate over time.

 Diversity of Models: Relying on multiple models, each with different

assumptions or methodologies, can reduce the risk that one flawed
model leads to poor decisions.

 Stress Testing: Subjecting models to extreme but plausible scenarios

can reveal weaknesses and help organizations prepare for unexpected
situations.

 Governance: Establishing clear oversight and accountability for model

development, validation, and usage is crucial for managing model risk
effectively.
Subjective Risk Analysis
Expert Judgment

 In cases where data is limited or risks are too complex to model, expert
judgment can provide valuable insights. These experts use their
experience and intuition to assess potential risks and outcomes.

 Example: In cybersecurity, where new threats constantly evolve, expert

opinions might be more relevant than relying solely on historical data to
predict future risks.
6.5 Subjective Risk Analysis
Scenario-Based Analysis

 Subjective analysis often involves scenario planning, where experts envision

different risk scenarios and assess their potential impacts based on experience
and qualitative factors.

Qualitative Risk Assessment

 Risk can be assessed using non-numerical methods, such as risk matrices,

which categorize risks based on their likelihood and potential impact. This is
helpful in environments where quantifiable data is scarce.

 Example: A nonprofit organization might use qualitative risk assessment to

evaluate the reputational risks associated with a controversial fundraising
campaign, as these types of risks are hard to measure numerically.
Advantages of Subjective Risk
Analysis
 Flexibility: Subjective risk analysis can be adapted to a wide range of
scenarios, including emerging risks where no historical data exists.

 Broader Perspective: Human judgment allows for consideration of

context, culture, and other intangible factors that purely quantitative
models may miss.
Challenges of Subjective Risk
Analysis
 Bias: Human judgment is subject to biases, such as overconfidence,
groupthink, or focusing on recent events rather than considering a
long-term perspective.

 Lack of Objectivity: Subjective analysis is inherently less objective

than data-driven approaches, making it harder to defend or justify in
some cases.
Conclusion
 Each of these methods—risk appetite, quantitative risk analysis,
analyzing risk interactions, managing model risk, and subjective risk
analysis—offers a different way to understand and manage risks.

 By combining these approaches, organizations can achieve a more

comprehensive understanding of their risk landscape and make more
informed decisions.
THANK YOU 