(eBook PDF) Key Risk Indicators by Ann Rodriguez
Visit to download the full and correct content document: https://ebookmass.com/product/ebook-pdf-key-risk-indicators-by-ann-rodriguez/
More products digital (pdf, epub, mobi) instant download maybe you interests ...
(eBook PDF) Exploraciones 3rd by Mary Ann Blitt
https://ebookmass.com/product/ebook-pdf-exploraciones-3rd-bymary-ann-blitt/
(eTextbook PDF) for At Risk Youth 6th by J. Jeffries McWhirter
https://ebookmass.com/product/etextbook-pdf-for-at-riskyouth-6th-by-j-jeffries-mcwhirter/
(eTextbook PDF) for Auditing: A Risk Based-Approach 11th Edition by Karla M Johnstone
https://ebookmass.com/product/etextbook-pdf-for-auditing-a-riskbased-approach-11th-edition-by-karla-m-johnstone/
Amplify Your Influence 1st Edition Rene Rodriguez
https://ebookmass.com/product/amplify-your-influence-1st-editionrene-rodriguez/
Key Methods in Geography 3rd Edition, (Ebook PDF)
https://ebookmass.com/product/key-methods-in-geography-3rdedition-ebook-pdf/
Key Concepts in Geomorphology 1st Edition, (Ebook PDF)
https://ebookmass.com/product/key-concepts-in-geomorphology-1stedition-ebook-pdf/
Supervision: Key Link to Productivity – Ebook PDF
Version
https://ebookmass.com/product/supervision-key-link-toproductivity-ebook-pdf-version/
Media Ethics: Key Principles for Responsible Practice (Ebook PDF)
https://ebookmass.com/product/media-ethics-key-principles-forresponsible-practice-ebook-pdf/
Week by Week: Plans for Documenting Children's Development 7th Edition Barbara Ann Nilsen
https://ebookmass.com/product/week-by-week-plans-for-documentingchildrens-development-7th-edition-barbara-ann-nilsen/
Key Risk Indicators
PublishedbyRiskBooks,a Divisionof Incisive Media Investments Ltd
Incisive Media
HaymarketHouse 28–29Haymarket
LondonSW1Y4RX
Tel:+44(0) 2073169000
E-mail:books@incisivemedia.com
Sites:www.riskbooks.com www.incisivemedia.com
©2015Incisive RiskInformationLimited
ISBN 9781782722564
BritishLibraryCataloguinginPublicationData
Acatalogue recordfor this bookis available fromthe BritishLibrary
Publisher:NickCarver
CommissioningEditor:Alice Levick
ManagingEditor:Lewis O’Sullivan
Designer:Lisa Ling
Copyeditor:Laurie Donaldson
TypesetbyMarkHeslingtonLtd,Scarborough,NorthYorkshire
Printedandboundinthe UK byPrintonDemand-Worldwide
Conditions of sale
All rights reserved No part of this publication may be reproduced in any material form whether by photocopying or storing in any medium by electronic means whether or not transiently or incidentally to some other use for this publication without the prior written consent of the copyright owner except in accordance with the provisions of the Copyright, Designs and Patents Act 1988 or under the terms of a licence issued by the Copyright Licensing Agency Limited of Saffron House, 6–10 Kirby Street, London EC1N 8TS, UK.
Warning: the doing of any unauthorised act in relation to this work may result in both civil and criminal liability.
Every effort has been made to ensure the accuracy of the text at the time of publication, this includes efforts to contact each author to ensure the accuracy of their details at publication is correct However, no responsibility for loss occasioned to any person acting or refraining from acting as a result of the material contained in this publication will be accepted by the copyright owner, the editor, the authors or Incisive Media
Many of the product names contained in this publication are registered trade marks, and Risk Books has made every effort to print them with the capitalisation and punctuation used by the trademark owner. For reasons of textual clarity, it is not our house style to use symbols such as TM, ®, etc. However, the absence of such symbols should not be taken to indicate absence of trademark protection; anyone wishing to use product names in the public domain should first clear such use with the product owner.
While best efforts have been intended for the preparation of this book, neither the publisher, the editor nor any of the potentially implicitly affiliated organisations accept responsibility for any errors, mistakes and or omissions it may provide or for any losses howsoever arising from or in reliance upon its information, meanings and interpretations by any parties
About the Authors
Preface
Acknowledgements
1Foundations
2Challenges
3Culture isFoundational
4Enterprise RiskManagement
5The Enterprise RiskManagement Framework
6OperationalRiskManagement
7The KRIFramework
8The KRIProgramme
9The KRIProject
10UsingKRIs
11Reportingthe KRIs
12KRIAssessment Calculator
13Case Studies
14The Future of KRIsandClosingThoughts
Appendix
References
Index
AnnRodriguez hassignificantexperienceacrossfinancial serviceswithinrisk managementandoperations,includingcorporategovernanceandboardreporting,and operational risk,withafocusontechnology,informationsecurityandthirdparty.AtGE Capital,shehasestablishedandprovidedleadershipfor theenterpriseandoperational riskprogrammes,andhadaccountabilityfor theKRIprogramme,implementationrisk, fraudrisk,andrecordsandinformationmanagement.Previously,atWellsFargoAnn workedonriskgovernanceandregulatoryinterface,atWachoviawasheadof operational riskfor thecorporateandinvestmentbank,whileatGoldmanSachsshewas thechiefoperatingofficer for theInvestmentBankingDivisionSystemsGroup.Shehas anextensivebackgroundinconsultingaspresidentofWability,asleadpartner over financial servicesconsultingatBDOSeidmanandatPriceWaterhouse,whereshelead practicesinmarketandoperational risk.Anniscurrentlyperformingadvisoryservices for toptier companiesandisfocusedonfor-profitcorporateboardservice.
VineyChadhaisaglobal riskprofessional withover 26yearsexperiencein commercial finance,particularlyincreditandoperational risk,andaudit.Shehas workedfor organisationssuchasGECapital,ANZGrindlaysBankandICICIinboth developedandemergingeconomiesmanagingandreviewinglargeportfoliosinNorth America,UK,Australia,Japan,France,Germany,ItalyandIndia.Inher 20+yearsat GECapital,Vineyhasheldseveral senior positions,includingcountryriskmanager,GE Capital India,specialisinginimplementinganumber ofprogrammesandprocesses de novo,andhasatrackrecordofusingITsolutionstocreaterobustandsustainable processes.Sheisknownfor her stronganalytical skillsandabilitytocombineher functional expertisewithtechnologyandoutsourcingtodrivemeaningful process improvements.Vineyhasbuilt,developedandledcross-functional,multicultural and multidisciplinaryteamsofhighlyqualifiedprofessionals.
Keyriskindicators(KRIs) havebeentheholygrail ofriskmanagementsincetheearly 2000s.KRIsseemedtoembodythenotionthatweshouldbeabletoforeseethefuture andlookaroundcorners.KRIsshouldallow ustomanageriskandgovernmore effectively,ifonlywecandefineandmeasuretherightmetrics.Sadly,realityhasnot liveduptothehope–mostorganisationsarefar fromwheretheythoughttheywouldbe. Why,then,haveKRIsfailedtoliveuptotheir promise?
WHYAREWE(ONLY) HERE?
TheKRIvisioncanonlyberealisedwhenanorganisationhasattainedanadvanced level ofmaturitywithinriskmanagement: alevel ofmaturitythatriskmanagementasa function,disciplineandculturehassimplynotyetachievedinmostorganisations. Drivingthis(lackof) maturityisalonghistoryofimbalancedriskandrewardcultures, flawedorganisational structuresandfundamental lackofunderstandingoftherisks facingorganisations.Consider that,outsideoffinancial services,companiesinother industriestraditionallydidnothaveformal riskmanagementfunctions.
Evenasriskmanagementhasgainedsomefoothold,legacyorganisational structures andoperationscontinuetobeanimpediment–organisationsstructuredinsiloswith discretebudgetownershipandcompetingobjectives.Mixedmessagesfromleadership thatvariesbetweenrevenue-generatingbusinessesandsupportfunctionsforman environmentthatfragmentsriskaccountability.Theresultisthestockanswer that“risk managementdoesthat”whenitcomestoevaluatingtherisklevelsor design/effectivenessofcontrols.Theview ofcritical controlsandthecostofcontrol areoftenshieldedfromthebusinessareathatreallydoeshavetheaccountabilityfor the negativeoutcomes.
SomeorganisationsembarkingontheimplementationofKRIprogrammeshave experiencedresultsfar lessthanthatenvisioned.Loftyambitionstrumpingpracticality canresultinseveral typesofnegativeperception:
boilingtheocean–namingfar toomanyKRIs,andpossiblyfar toomanypoorly definedKRIs; ifeverythingisspecial,thennothingis–failingtodefinetherelationshiptothingsof consequencewithintheorganisation;and sowhat?–failingtoclearlydefineandhaveorganisational agreementaround responsesleadingtoinaction,andultimatelyaprogrammethatgoesunused.
Therearealsoarangeofchallengesstemmingfrom:
lackoforganisational support; poor riskculture; unformedlinkagestoestablishedriskmanagementprocesses; inconsistentandinaccuratedata;and difficultiesininterpretationofinformationthatisbothartisticandanalytical,which hasalsothwartedthesuccessofkeyriskindicators.
ISTHEREHOPE?
Riskmanagementhasmadegreatstridestowardsbecomingamoreconnected discipline,beyondtransactional reviewsandapproval,or discreteprocessandcontrol oversight.Industriesthathavenever embracedriskasadisciplinearecomingtoterms withachangingworldandthreatsthatrequireadifferentapproach.Thinkaboutall of theinformationsecuritybreachesoccurringinretail stores,healthcareandfinancial services.Thinkabouttheexamplesofscandalspromptedbycultural failuresandquality failuresfor car companies.Thestakeshavebecomehigher.
WHYTHISBOOK?
Theaimofthisbookistodescribetherequiredlevel ofmaturityinaconnectedrisk managementframeworkandtheroleofKRIswithinthatframework.Thevisionfor KRI usageisveryclear: proactiveriskmanagementandviewsoftheriskprofilethatbetter informmanagementdecision-making.
Thisbookwill provideriskpractitionerswithinenterpriseandoperational risk managementthebasistodesignandimplementaproactiveKRIprogramme,andtouse theoutputinapractical manner.Thebookalsooffersinsightsfor boardmemberson how toevaluatetheriskinformationtheyreceive,andideasonwhattochallengein order toimproveboardreporting.
Several whitepapersareavailableinthepublicdomainthatdescribethevalue propositionofusingkeyriskindicatorstoaccomplishstrategicandproactiverisk management.ThepathtoachievethisistolinkbusinessstrategywiththeKRIs.Simple, right?Conceptually,yes–however,aconsolidatedsetofbestpracticesisnotreadily available,particularlyonethataddressesstrategyandKRIlinkage.
Thisbookthereforeaimstohelpreaderswiththinkingabouttheplacekeyrisk indicatorshaveinriskmanagementandtheir importancetoboards,aswell asto addresssomeofthechallengesthathavepreventedcompaniesfromclaimingsuccess whenitcomestotheir implementations.
Wealsoprovideinsightsintothebalancingofartandsciencewhenusingkeyrisk indicatorstotell astoryaboutrisk.Latitudeexistsinthedefinition,alignmentand interpretationofKRIs.Latitudeapplied,however,withdisciplineandintegrity.Simple andpractical examplesonhow torelatestrategicobjectivestokeyriskindicatorsare presented,inadditiontoexplorationofthemultidimensional natureofthese
associations.
Finally,wedescribecasestudiesofbadoutcomes.Whilethecasestudiesdiscussed maybesomewhatextremeinorder tohighlightparticular failings,readersare encouragedtoconsider “whatifs”inthecontextofkeyriskindicators–toenvision whatwouldhavebeenavaluableview oftheriskprofiletopreventthesituationor to mitigateitsseverity.Thisconsiderationwill behelpful asyouestablishsystemsof relatedKRIsthatspecifysomethingaboutyour organisations’objectives.
Manythankstokeycontributor CathyCarolan.
Thanksalsogotothosewhoprovidedinsightsandperspectivesthroughoutthis project: MargotLyons,EndaCollins,KevinOsinski,CraigSpielmannandSpyro Karetsos.
Andspecial thankstoGeneRodriguezfor formatting,editingandpatience.
Inthischapter,wewill laythegroundworkfor several importanttermsandconcepts thatwill beusedthroughoutthebook.Thechapter will alsodescribesomebroad challengesinimplementingandusingaKRIframeworkandprogramme,challengesthat playacentral roleintheexistingstateofmaturityofKRIsinfinancial servicesand other industries.
EVERYBODYMEASURESSOMETHING
“If someone separatedthe artof countingandmeasuringandweighingfromallthe other arts,whatwas leftof each(of the others) wouldbe,sotospeak,insignificant.” Plato
Mostorganisationsmeasuresomecombinationofmetricsthatprovideinsightinto performance,control andrisk.Theseinsightsoftenfall under theheadingof“profile”or “view”.Wewill usethetermsprofile,view,eventandrisksomewhatinterchangeably torefer tothenon-specificobjectthatametricismeasuring.Arguably,all ofthese metricsinformaboutpotential risktotheachievementofenterpriseobjectives,either directlyor indirectly!
Businessesmeasurethingstotrytoanswer thesefour questions:
1.areweontracktomeetour businessobjectives?
2.isour riskwithinappetite?
3.isthereanythingonthehorizonthatcouldcauseaproblem?
4.areour controlsworkingsowedon’tgetsurprised?
DEFINITIONS
Letusbeginbysettingthestagewithafew definitionsthatwill clarifytherangeof practiceinreferringtometrics,andthenatureofthemetricsbasedonhow theyare used.First,itisimportanttoclarifywhatweareultimatelymeasuring: riskandcontrol. Riskispotential,anarrayofpossiblenegativeoutcomestobeavoidedor calculated, choicestobetakentoachieveobjectives.Thequantificationofriskoccursintermsof inherentandresidual dimensions,andaview intoeachiscritical todrivingdecisionmakingandrisk-taking.
Inherentriskistheriskoflossthatexistsinthecontextofanorganisation.Ascenario ofpotential lossalongsidefactorsthathaveabearingonthesizeofthatloss(eg,
businessmodel,external environment,precedentfor losslevelsoccurringelsewhere) providescontext.Thescenarioappliesthecontextanddeterminesalevel ofpotential lossshouldtheeventoccur.Inherentriskprovidesinsightintowhereanorganisation shouldfocusremediationactivitiesandongoinggovernance,andisoftendescribedas riskintheabsenceofcontrols.Theterm“absentcontrols”helpstoclarifyhow the scenariooflossoccurred.
Residual riskisaview ofexposurethatconsiderscontrol levelsandlikelihood. Residual riskisuseful toprovideasnapshotofcurrentexposure,andcansupportthe optimisationofcontrol.Appliedsystematically,controlsmitigateinherentrisk.Metrics measuretheeffectivenessofindividual,aswell asaggregate,controls.
Ametricor indicator isanythingthatgetsmeasured.Itbecomesakeyindicator ifit measuressomethingimportanttotheorganisation.Themainindicatorsaredetailed below.
Keyriskindicator: AKRIisametricthatpermitsabusinesstomonitor changesinthe level ofriskinorder totakeaction.KRIshighlightpressurepointsandcanbe effectiveleadingindicatorsofemergingrisks.Thesearetypicallyforward-lookingor leadingindicators.
Keyperformanceindicator (KPI): AKPIisametricthatevaluateshow abusinessis performingagainstobjectives.Adefinedtarget(typically) providesthebenchmark for evaluationofaKPImetric.Thesemetricsareusuallybackward-lookingor laggingindicators.
Keycontrol indicator (KCI): AKCIisametricthatevaluatestheeffectivenesslevel ofacontrol (or setofcontrols) thathavebeenimplementedtoreduceor mitigatea givenriskexposure.Acalibratedthresholdor trigger (typically) bracketsaKCI metric.Thesemetricsareusuallybackward-lookingor laggingindicators.Control indicatorslinkwithoperational or processobjectives.
Thebottomlineis: ametricisametricisametric!ThedifferentiationbetweenaKRI,a KPIor aKCIissimplyintheusage.Theusageofthemetricprovidescontext,whether itinformsrisk,performanceor control.Thedescriptionofthemetricisareflectionof itsusageinthereportingandthenarrativethatgoesalongwithit.Therefore,a performanceindicator couldalsobeariskor control indicator;ariskindicator could alsobeaperformanceor control indicator;andacontrol indicator couldalsobearisk or performanceindicator.For theremainder ofthisbook,wewill usethefollowing termssynonymously: metric,indicator andKRI,andwill focusonrepresentingor informingtheriskprofilewiththesemetrics,andtheabilitytorespondtochangesin metricsinorder tobetter managearisk.
WHATMAKESANINDICATOR“KEY”?
Indicatorsaremetricsusedtomonitor identifiedriskexposuresover time.Therefore, anypieceofdatathatcanperformthisfunctioncouldbeariskindicator.Theindicator becomes“key”whenittracksanespeciallyimportantriskexposure(akeyrisk),or it doessoespeciallywell (akeyindicator),or ideallyboth.Morespecifically,ametric maybeconsideredariskindicator whenitcanbeusedtomeasurethequantum(amount) ofexposuretoagivenriskor setofrisks.KRIsmaybealignedtotheevaluationof inherentriskandresidual risk.
However,thereisabitofsubjectivitybuiltintotheassessmentofkey.InChapter 12, wewill walkthroughasimpletool (KRIassessmentcalculator) thatprovidesa documentedandconsistentdesignationofstrengthtoanindicator –whichisuseful in determiningwhether anindicator isindeedkey.
CONCLUSION(WHAT’STHEPOINT?)
“If a measurementmatters atall,itis because itmusthave some conceivable effectondecisions andbehaviour. If we can’tidentifya decisionthatcouldbe affectedbya proposedmeasurementandhow itcouldchange those decisions,thenthe measurementsimplyhas novalue ”1
“Measurementis the firststepthatleads tocontrolandeventuallytoimprovement. If youcan’tmeasure something,youcan’tunderstandit. If youcan’tunderstandit,youcan’tcontrolit. If youcan’tcontrolit,you can’timprove it.” H. James Harrington
Theimportantconceptsfromthesetwoquotesaredecision-making,control and improvement.Thepointistohaveaclear,refined,dynamicsetofmetricsthat: illustrate potential troublespotsintheorganisation;highlightnegative(andpositive) trends;and areresponsivetochange.Thisistocontrol,improveandchangedecision-makingina positiveway.Boardsandsenior managementcravethissortofview,asitprovidesa synthesisofasignificantamountofinformationandallowsfor focuseddiscussionon theareasofsignificantpotential risks.
1Hubbard(2007).
Thereareseveral challengesthathaveimpededKRIsfromachievingtheir value proposition.Muchoftheproblemhasbeenthelaggingmaturityofenterpriserisk managementasafunctionanddiscipline.Therearediscreteorganisational challengesin implementingKRIsaspartofanERMframework,suchasorganisational silosanda poor riskculture,whichwill bediscussedinmoredetail later inthebook.Thischapter will focusonoperational challengesthatanorganisationfacesasitimplementsaKRI programme.
OPERATIONALCHALLENGES
Dataandsocial challengescanbothmakethefirststepstowarddevelopingaKRI frameworkseemdaunting.Managingtheseissues,however,caninsurethelong-term successoftheprogramme.Sincewewill spendtimethroughoutthebooktalkingabout culture,itisworthnotingthatsocial challengesdiffer fromcultural challenges.Social challengesarethosethatareinherenttohumanbeings: how our personal experiences moldour interpretationofinformationandeventsbothbeforeandafter theyoccur. Mindfulnessandawillingnesstochallengeassumptionscanhelpmitigatesocial challenges.Cultural challengesaremoreorganisational,withcorrectionachievedby “tonefromthetop”,appropriateincentivesandongoingreinforcement.
Datachallenges
Not enough, too much, just right …
Ofcourse,weall wantour informationtobeideal: defendable,accurate,consistentand complete.Thisistruefor themetricswemeasureandtrack.Certainly,toolittle informationcanbeaproblem,buthistoricallyinmanyorganisationsthemainchallenge istoomuchinformation.ToestablishaKRIframework,werarelygettostartwitha blankpage: theexistenceofmetricsispervasive,havinggrownover timeandfor variousreasons.Theyhavealifespanthatexistsinsilos,performancereviewsand managementreporting.Inmostorganisations,everybodymeasuressomethingand, typically,everybodymeasureslotsofsomethings.Acritical firststepinestablishinga meaningful KRIframeworkistounderstandtheparametersofmeasurement: what, where,whyandhow.
Potential riskshouldguidetheinventoryandstructureoftheabundanceofthings measuredwithinanorganisation.Itisgenerallyeasier toconstructastorywithfewer
piecesofinformationthanwithmore!However,thereisnomagicnumber or specific answer for how manyistherightnumber ofmetrics.
Asidefromthenumber ofthingstobemeasured,thereistheaspectofhow longyou havebeenmeasuringthem–andstoringthatinformation.Unfortunately,mostcompanies donothavedatabasesofhistorical informationwhenitcomestoKRIs.
Consistency
Consider consistencyasadatachallengeearlyoninthedesignofaKRIframework. Thereareseveral potential pitfallsthatcanresultinhavinganincorrectview represented,either atanaggregatelevel or comparativelyacrossbusinesssegments.
Wementionedearlier thateverybodymeasureslotsofsomethings.Consider the scenariowheredifferentpartsofanorganisationmeasurethesame“thing”. Inconsistencycanbemanifestedinseveral ways: itseemsthesame,butisbeinginterpretedasdifferentbythedifferentpeople measuringit; itisthesamething,butisbeingmeasureddifferently(eg,differentfrequency);and itisthesamething,butwhatisbeingmeasuredisdifferent(eg,inclusionofafactor inonemeasurementthatisnotintheother).
Tomanagethispotential pitfall duringthedesignprocessandtheongoingprogramme managementitisbestnottotakeanythingfor granted.Consistencyacrosseachofthe dimensionslistedaboveshouldexistfor eachkeymetricflaggedfor aggregationintoa storylineaboutaparticular risk.
COMMONRISKTAXONOMY
Acommonrisktaxonomyshouldbedevelopedandimplementedtodriveconsistencyin riskdatacollection,analysisandreporting.Dependingonthesizeandcomplexityofan organisation,thiscouldentail designandimplementationofanappropriatedataand systemsinfrastructure,dataaggregationcapabilitiesandoverarchingdatagovernance. Thetaxonomyshouldincludeorganisational representation,risktypes,business processes,riskeventtypes,controls,causal factorsandriskdrivers,tonamejustafew. Thetaxonomyshouldcover all riskswithinthedefinedriskuniverseandextendto additional breakdownsoftheprimaryrisk–for example,operational riskmighthave several sub-categoriesthatareindicatedfor bothdatacollectionandreporting. Definitionofthetaxonomyshouldoccur atthelevel ofmanagementoftheserisks. Onceorganisationshaveestablishedthetaxonomyandsetupprocessestocapture riskdata,KRIspull itall together tocreateinsightful reportsthatwill jumpstart integratedriskthinkingandmanagement,andprovidethebasisfor ariskdialogue acrossmanagementlevels.
Therearecautionarytalesthatillustratethedownsideofnothavingacommon
taxonomy;inonecase,alargeinvestmentbank’sdifferentbusinessunitsuseddifferent criteriafor measuringthefrequencyandseverityofoperational riskevents,leadingto inconsistentclassificationandaninabilitytomakecomparisonsbetweenidentified risks.Consequently,thebankwasunabletoprioritiserisksappropriatelyandoptimise their mitigationprogrammes.Inanother case,thebusinessunitsandcentralisedrisk functionatalargeretail bankuseddifferenttoolstomeasureandmonitor operational risk,leadingtosimilar inefficienciesandanineffectivemitigationprocess.1
Socialchallenges(aka,people are people)
Bringingtogether anabundanceofmeasuredthingsintoaclear storyaboutthepotential (forward-looking) risksfacinganorganisationismoreofanartthanascience. Experienceshowsthatnomatter how meticulousor extensiveyour datamightbe,there isnoguaranteeofprediction.Thisdoesnotalter theimportantobjectiveofcreatinga KRIprogrammethatprovidesforward-lookinginsightsintorisk,includingperspective onthescaleor magnitudeoftherisknotindicatedotherwise.
Mostorganisationswill nothaveafull historical databasefor metrics.Withoutthis historical perspectiveitisevenhardtoknow whatKRIshaveagoodtrackrecordfor actuallybeingpredictiveaboutaparticular risk,andwithoutthisdatahistorytherecan bearelianceonother sourcesfor relatingaKRItoarisk.Weall havethose“goto” peopleintheorganisation: thesubjectmatter experts,thegurus,thefountsof institutional knowledge.Theyprovideasocial pool ofinformationor intuitionthat comesintoplaywhenevaluatingthe“somethings”wechoosetomeasure.Thesepeople providekeyperspectivesandreal inputsintothedefinitionofKRIs.Whilethisinputis critical,itisnotwithoutchallenges.Humanbeingsbringpersonal valuesandbeliefs, formingattitudesandinfluencingbehavior: inthiscase,theassessmentofanysituation. AsFigure2.1shows,thiscognitiveschemataenvelopsarangeofcognitivebiases.
Theroleofriskmanagementistoweavedataandprocessintotheassessmentofthe informationasmuchaspossibleinorder tomitigatebias,andtoconfrontthebiasesthat will creepinifleftunexamined.Thischallengeprocess,whichisalsomoreartthan science,shouldcomefromtheknowledgeofheuristics,bias,existingdatalimitations andindustryinformationthatgoesbeyondthewallsoftheorganisation.
Biases
Therearenumerousbiasesthatareintroducedsimplybyvirtueofthewaythathuman beingsthink.Below aresomebiasesthatriskmanagersshouldbeawareofduringthe assessmentandinterpretationofrisksgenerally,aswell asduringthesettingofKRI thresholdsandinterpretationofKRIinformation.
Overconfidence: Humanbeingsaregenerallyprogrammedtofeel overconfident.This hasbeenillustratedinquizzesthataskparticipantstopinpointaspecificwithina range.Theresultsindicatethatpeoplewill biastowardsanarrow rather thanawide range,preferringtobepreciselywrongrather thanvaguelyright.
Statusquo: Peoplewouldrather leavethingsastheyare.Oneexplanationofthisbias isaversiontoloss–peoplearemoreconcernedwiththeriskoflossthantheyare withtheprospectofgain.Thisbiascanpreventtherational choicefrombeing selected.
Anchoring: Anchoringisthetendencytorelyheavilyonthefirstpieceofinformation presentedwhenmakingadecision.Onceananchor hasbeenset,all other judgements arethenmadebyadjustingfromthatanchor.
Blindspot: Theblindspotbiasisthetendencytothinkwearelessbiasedthanothers.
Anawarenessandwillingnesstoacceptthisasabiasiscritical toovercomingit.
Confirmation: Confirmationbiasiswhenwetendtofavour informationthatalignsto our preconceptions.Thisisparticularlycritical ininterpretingKRIinformation,as wetendtopaymoreattentiontodatathatsupportsour viewsasopposedtothe alternative.Whenwefindinformationthatiscontrarytoour views,welookfor ways toinvalidateit.Beingopentochallengeandareversal ofviewsisthewayto overcomethisbias.
Framing: Presentingthesameinformationfromadifferentperspectivecanalter –dramatically–thedecisionswemake.
Onthislastpoint,researchbyKahnemanandTversky2 demonstrateframingwiththe followingscenario.
Youneedtoselectapreventativestrategyfor diseasethatsavesasmanylivesas possible.Youhavetwooptions:
A.Tosavethelivesof200people;or
B.Thereisa33% chanceofsavingall 600peopleanda66% chanceofsavingno one.
Whichwouldyoupick?Theresearchindicatedthat72% ofparticipantschoseoptionA. Now consider thesetwooptions:
C.400peopledie;or
DThereisa33% chancethatnopeopledieanda66% chancethatall 600people die.
Only22% oftheparticipantschoseoptionC(whichistheequivalentofoptionA) over optionD(whichistheequivalentofoptionB).Thewaythesituationwasframed changedwhichoptionwasselected.
Itisimportantwhenconsideringtheinterpretationofinformationtoconsider multiple views(gainsversuslosses,riskversusreturn,etc) toeliminatebiastowardone perspective.
Haloeffect: Thisoccursbecauseweallow anoverall impressionofsomething,such asaperson,company,brandor product,toinfluenceour thoughtsor feelingsabout thatentity.
Hindsight: Eventscanleadtohindsightbias,or creepingdeterminism,asrecollection fromanoriginal thoughttosomethingdifferentbasedonnew information.Thiscan alter our view onthecauseoftheevent,andinour casetheindicatorsthatprovide insightthattheeventshouldhavebeenpredicted.Apossiblemitigationfor hindsight biasintherelationshipofKRIstopotential risksistoexaminehow thepotential risk