Kathleen Long is using a combination of behavioral analytics, Bayesian engineering and big data to help companies better determine and mitigate business risk.

Kathleen Long, CEO of Montage Analytics

A socio-cybernetician and behavioral scientist, Kathleen Long battles operational risk. As CEO of Montage Analytics, a Mountain View, Calif., consultancy offering risk assessment software services and analytic reports, Long has combined her training with the experience of Montage Analytic's CTO, Doug Campbell, in Bayesian network design. The company helps organizations better understand and mitigate everything from risky business practices and employee fraud to the big, unwieldy, nearly undetectable risks referred to as "black swans."

This isn't an easy undertaking. Part of the problem, according to Long, is that not everyone knows how to define operational risk (if you can't define it, you can't guard against it). At the same time, the risk landscape is changing so fast that what happened yesterday is no longer a marker for what might happen tomorrow.

"We are living in unprecedented times. You can't say the past is a reliable predictor of the future," says Long. "Too many events happen that are black swans that come out of the blue — Bernie Madoff, 9/11. Things have changed dramatically. And the fact that we are living in an increasingly globalized and networked world means that even small events happening somewhere on the other side of the world can quickly cascade around the globe and affect us in places we didn't expect."

In a conversation with Renee Boucher Ferguson, a contributing editor at MIT Sloan Management Review, Long discussed the changing risk landscape and how big data and behavioral science can help.

What are the different types of risk organizations need to think about, from operational risk to the so-called black swans?

A lot of people don't understand what operational risk is, but it has to do with the people, processes and systems in place to produce the company's product or service. That said, there are many different kinds of operational risk. For example: Internal fraud, external fraud, client, products and business practices, damage to physical assets, business disruption and system failures. Then there are execution, delivery and process management risks. Did I mention employment practices and workplace safety? Those are all the kinds of operational risk.

What is a black swan risk?

A black swan risk has been recently defined — it's actually a metaphor that was based on a theory developed by

2 Comments On: Risky Business: How Data Analytics Can Help

  • raguand | August 28, 2012

    Great content. Thanks

    It is a pity that so many Risk Managers are not well versed in the new advantages that technology can bring to the discovery and mitigation of Risk.

  • sanchezjb@attglobal.net | August 28, 2012

    Do “black swan” risks like “Bernie Madoff” and “9/11,” as cited in this post, really “come out of the blue?”

    If you read the history of actions associated with these events, there were pre-event risk indicators that were noted but never acted upon from a leadership and authority perspective. The available data and information did not become actionable insights.

    Ms. Long makes excellent points when she states: “Data-based analytics have limitations in terms of their utility in understanding risk that involves humans. And the actual ironic thing is that operational risk is all about people. It’s caused by people. It’s people who make mistakes, who get greedy, who are inexperienced. And it’s people who design the systems that sometimes fail, and the processes that sometimes don’t work. So at the core, it’s about people.”

    Effective risk management is not just about people. Ultimately, it comes down to leaders taking meaningful actions to mitigate risks. This is alluded to when Ms. Long states, “Oftentimes what these risks come down to is a disincentive to mitigate risk because of the cost. [Leaders] make the decision that a catastrophe is probably unlikely: I don’t think it’s going to happen; we could use the money elsewhere; our numbers were down last quarter; I’ve got to impress my boss — whatever.”

    It would have been great to have seen more emphasis on this aspect of risk management, e.g. what’s the reaction when Ms. Long’s company tells corporate management that, based on their analysis, employees are reluctant to surface risk issues to management?

    Additionally, it’s also important to remember that effective risk management is a direct reflection of risk preparedness. Risk preparedness involves the institutionalization of processes and activities designed to create a culture that mitigates risks that are part of its business processes and enables effective and efficient rescue actions when things go wrong. See http://withintheslipstream.blogspot.com/2012/06/effective-risk-management-prepares.html for a further discussion on this last point.

Add a comment