- Graeme Keith
Quantitative Risk Assessment in Enterprise Risk Management
Organizations have long recognized the need to standardize risk management practices for consistency in identifying and assessing risks across the organization in enterprise risk management (ERM) programs. Today, most organizations currently use qualitative or semi-quantitative assessments, which are simple and repeatable, so they can be scaled across an entire enterprise. But they can be coarse, unauditable, highly subjective, and ambiguous, and – crucially – they can not be meaningfully aggregated. This leaves a highly fragmented representation of the organization’s risk landscape.
Apart from substantially improving the fidelity and richness of individual risk assessments, quantitative assessment provides a method to aggregate risks, which allows for the defragmentation of this landscape. Risk quantification has become a common objective for risk management teams. In fact, there has been a slow march in that direction for years. Most organizations have transitioned from purely qualitative methods (High, Medium, Low) to placing categorized measures of likelihood and impact, such as estimated probabilities, bands of loss estimates and other semi-quantitative factors. But the incorporation of true quantitative measures using event frequencies and financial exposures to calculate risk has not yet become the norm.
An Enterprise Risk Management (ERM) process should identify risks across an enterprise and assign ownership to them resulting in a register of risks that articulates uncertainties that affect the objectives of the enterprise. A combination of bottom-up and top-down identification can help build this picture. The former captures the immediate concerns and activities of the front line engaged in generating and protecting value in the enterprise; the latter imposes a categorical structure on the uncertainties supposed to influence objectives and uses that to try to drive completeness.
Quantitative assessment allows you more faithfully to depict risks, better to differentiate between risks, and to synthesize risks across the organization to deliver more insightful business information to help guide decisions. The major upside of embracing quantitative assessments is to transform risk management into a much more proactive and less reactive contributor to the business.
Join us for an informative webinar as we discuss the important role and benefits of risk quantification in assessing, representing, and analyzing risks, how you can make informed decisions at an enterprise level through quantification and practical steps to merge quantification techniques into your existing programs and workflows.