04 Risk identification and risk assessment (1) = risk identification Flashcards
Risk management in a nutshell?
- Risk identification
- Risk assessment
- Risk handling
What is the general process of risk identification?
1.Scope
- set the limits of the risk identification process
2.Organization
- Who´s involved?
- compose the risk identification team
3.Identification (narrow scope)
- understand unit of analysis
- Use tools to identify risk
4.Documentation
- describe risks
- establish risk register
What is high level done in risk assessment (after risk identificationn)
risk assessment:
- asses the probability and impact of risks
- rank risks
What is the general problem with “risk identification?
Even the most conscientious risk identification process cannot consider all risks, and lists of risks can easily become very long
What is the scope of the risk identification task?
(1. process step of risk identification)
Define scope
set the limits of the risk identification process, it is important to address three aspects “a priori”:
1.Define unit of analysis
- i.e. the entire supply chain for a specific end-product (e.g., a car model) or
- specific geographic locations
- only specific material groups (manf, process indutry, distribution channels)
2.Define risk sources under investigation (i.e. infrastructure)
3.Define supply chain objectives of interest
–>i.e. profit, firm continuity, customer satisfaction
What should be included in the scope statement?
The scope statement should include:
1. A description of the unit of analysis
2. A list of risk sources that are included or excluded in the risk identification process
3. A list of performance objectives that are to be investigated
What is the 2.Step of the risk identification process about?
organization: risk identification is team work!
- Commitment and resources from senior managers are essential
- Identify department and people that are involved in the delineated scope
What are important criteria for the team ? (Organization =2.Step risk identif)
create a well rounded team when identifiying and assesing risks:
- identify people that know the unit of analysis
- Look for different viewpoints
- smaller teams (3-5) are more effective
- establish a common language of risk identifcation
What is the 3. Step of risk identifcation: Identification about? The key of this
The key: to use a framework or strategy that allows to identify all major risks
–>Expose “all” potential risks
3.Step risk identifi.
“Identification”: What is the “de minimis principle? and what are the two common stages?
De minimis principle:
There is a level of risk that is too small to be concerned with (e.g., risk of asteroid crashing into a firm’s annual Christmas party is remote)
two common stages:
- understand/observe
- systematically search for risks
What happens in the identification step, in the first stage of identification?
(understand/observe)
Understnd/observe
- visualize the unit of analysis: map of the supply chan, dependencies –> End-to-end view
- divide the map into a serioe of distinct, related operations
What happens in the 2 stages of identification process in risk identification
(search of possible risk)
Systematically consider the details of each operation
Identify critical paths and critical nodes (bottlenecks, key nodes, “latent” risks)
The choice of appropriate tools depends on circumstances, and particularly:
- the size and complexity of operations
- the organizational experience with risk management
- the type of information needed and already available
- the availability of resources, particularly people and time
- the levels of skills and knowledge
What are the different risk identification techniques?
Progressive
- Checklists
- supplier defaults
- peer-group comparision
Mixed
- delphi method
- surveys
- creativity techniques (brainstoriming)
Retrograde
- cause and effects diagram
- fault tree analysis
- failure modes and effects analysis
What are supply chain checklists? (Progressive)
Where can we get them?
Supply chain checklist can be derived from various sources:
- internal supply chains,
- external firms, or
- standard lists from industry forums and consultants
What are the benefits and drawbacks from supply chain checklists?
Benefits:
- one does not have to work from scratch - build on previous experience
- get results very quickly
Drawback:
- only a general view that does not captura idiosyncratic risks
What is brainstorming?
technique by which a group attempts to generate ideas or find a solution for a specific problem by amassing ideas spontaneously and without judgment
What is the general procedure of brainstorming?
- Large number of ideas are generated while evaluation of the ideas is deferred
- Imagination is encouraged. No idea is too unique)
- Using or building on the ideas of others is encouraged
-
no criticism of any idea
− Evaluation is postponed until the group can no longer think of any new ideas
What are ways of fostering creativity (brainstorming)?
- Diversify teams to include members with different backgrounds, training, and perspectives
- Encourage analogical reasoning
- Stress periods of silent reflection
- Record all ideas so that the same ones arenot rediscovered
- Develop a physical space that encourages fun, divergent ideas
What is the delphi technique?
is used to derive a consensus among a panel of experts who make predictions about future developments
- provides independent and annonymous input (future events)
- uses repeated rounds of questioning
What is a cause and effect diagram? (retrograde)
- Cause-and-effect diagrams trace back the causes for possible risks
- Also called fishbone or Ishikawa diagrams
What is a risk register (for the 4.step of risk ident.: Documentation
used to summarize the identified risks in a structured way
- the main output of the risk identification process
- a document that contains the results of various risk management processes and that is often displayed in a table or spreadsheet format
- … a tool for documenting potential risk events and related information
What are common errors in risk identification?
- Terminology: Lack of a common understanding of what constitutes a risk
- Scope:Lack of a clearly defined scope (unit of analysis)
- Information: Lack of experience and information in a crucial subject area
- Human judgment biases…
What are the two components of risk and how are they assessed?
-
Probability that the risk occurs
(uncertainty) - Impact (in case the risks occurs)
asses by means of:
- qualitative methods
- quantitative methods
When to use qualitative methods for probabiliity assessment?
- when situation is vague and little data exist
-
Subjective analysis based on visualization and discussion:
Expert opinions (interviews), Jury of executives opinion, Delphi technique (and variants) -
Subjective analysis based on psychometric scales:
–>Probability is assessed on a verbal, quasiquantitative rating sc
When to use quantitative methods for probability assessment?
- when data is available
− Historical data
− Simulations based on assumptions - Time series (extrapolation of the past) vs. causal models (correlation/ dependence on other factors)
Examples: simple metrics, advanced risk metric that capture both probability and impact, monte carlo simulation
What is supply side credit risk?
Supplier has trouble raising the cash to meet the payments on its
current financial obligigations ( such as loans, debts to suppliers, salaries)
How to assess the financial health of a supplier?
–>sources of information for the assessment of supplies financial health:
- Past financial statements allow assessments of the supplier’s liquidity, activity, debt, and profitability
- Credit agencies (D&B, Moody’s, S&P’s) provide ratings and reports on the credit worthiness of a supplier
- Own experiences
- local, regeional, and/or national trade associations often serve as clearinghouses for credit information
- possible that a firm´s bank can get credit information from the suppliers banks
What is the interpretation of Altman´s z-score?
the lower the score, the higher the probability of credit default (credit risk):
z- score above: 3.0 –>company is safe
z-score between: 2.7 and 2.99: on alert
z-score between: 1.8 and 2.7: –>good chances of the company going bankrupt within 2 years
z-scores below: 1.8 –>probability of financial embarrassment is very high
When to use qualitative methods for impact assessment?
- when situation is vague and little data exist
- Subjective analysis based on visualization and discussion
- Subjective analysis based on psychometric scales:
When to use quantiative methods for impact assessment?
Based on the analysis of data
− Historical data
− Simulations based on assumptions
Time series (extrapolation of the past) vs. causal models
