New research suggests augmenting risk-management decisionmaking with data — all kinds of data.
If you see the phrase “black swan” and immediately think of either a large bird or the psychological thriller starring Natalie Portman, you probably are not in the business of managing organizational risk.
To a risk manager, “black swan” phenomena are highly unlikely events that have massive impacts on a business or society on the rare occasions they occur. The Fukushima disaster in March 2011, brought on by a deadly combination of a powerful earthquake at sea and resultant tsunami, is a sterling example of such a phenomenon. The reactor meltdown that followed was an outcome that some argue could (and should) have been prevented with better planning.
New research suggests that by exploiting many types of data, managers can help prevent (or at least contain) the damage related to black swan events and other risky blind spots. The caveat: organizations should rely less on management experience and intuition and rely more on integrated data to point to potential risks.
How data can help risk managers is the topic of a recent paper, Managing Risks with Data, by Ron Kenett, who is a visiting professor at the University of Ljubljana, Slovenia and holds research positions at the University of Turin, Italy, and and NYU’s Polytechnic School of Engineering.
Kenett suggests that the proper exploitation of organizational data can help prevent some of those hugely disruptive, largely unexpected events. In practical terms, that involves acquiring and merging data, as well as building data-driven risk management decision-support systems that complement and reinforce the more traditional methods used today. According to Kenett:
Risk management is traditionally practiced using subjective assessments and scenario based impact analysis. This common approach is based on experts providing their opinions and is relatively easy to implement …. Modern evidence based management relies however on data, and not only opinions, for achieving effectiveness and efficiency. In that context, risk management can exploit information from structured quantitative sources (numerical data) and semantic unstructured sources (e.g. text, voice or video recordings) for driving risk assessment and risk mitigation strategies.
In his research, Kenett lays out a maturity ladder of risk-management practices:
- Intuitive – no formal methods used.
- Qualitative – risk assessments are based on expert opinions
- Quantitative – some data is collected and used to derive Key Risk Indicators.
- Semantic – unstructured data, like logbooks or blogs reflecting user experience, is analyzed.
- Integrated – data from various sources is integrated into a coherent risk management system.
“Many organizations are at level 1 or 2,” writes Kenett. “Going up the ladder is both a management and technological challenge.” It’s when organizations are able to combine the third and fourth rungs — a combo of quantitative and semantic data — to get the final rung of data integration that unexpected risk is best managed.
Kenett, who is also chairman and chief executive officer of the data analytics firm KPA Group, suggests that operational risk management is a function of the complexity of the business and the environment in which the business operates. “As a consequence, the more complexity increases, the higher is the need for integrating internal and external data sources, and filtering external data according to internal rules and definitions.”
Kennett is not alone in pushing for more data-driven risk management. Bill Pieroni, global chief operating officer at insurance giant Marsh, contends that the best way to manage risk — even black swans — is to use big data.
Pieroni says that while they describe once-in-a-lifetime happenings, black swan events — such as the South and Central American defaults, U.S. savings and loan crisis, the October market crash, the U.S. bond market massacre — are happening with greater frequency than ever. This regularity suggests that some seemingly unknowable events are, in fact, becoming more-or-less predictable. In other words, black swan events are “giving way to shades-of-grey swans.”
This is where data comes into play. “Analytic competitors who leverage big data will increasingly be able to identify, model, and act to mitigate or potentially exploit these risks,” writes Pieroni.
Even so, Pieroni contends that it’s crucial to distinguish the concepts of risk and uncertainty, two related but distinct ideas. In a 2013 blog, Pieroni wrote that the two terms are often used interchangeably, but are actually quite distinct:
Uncertainties pose unknowable and hence unmanageable threats. Risks, however, can be explicitly accepted, avoided, or transferred. Organizations that are fully exploiting big data are actively uncovering and converting uncertainty into known risk as well as addressing and exploiting competitive vulnerabilities.
Large, long-lived and historically successful organizations are often most vulnerable to confusing risk with uncertainty, says Pieroni. One big issue: insular leadership and anecdotal decision-making. “If data and analytics are not explicitly part of decision-making and outcome feedback, the organization will increasingly be in jeopardy. Unchanging strategies and tactics work, until they don’t, with often disastrous outcomes.”