Every authoritative guideline on risk management advocates the quantitative (that is, probabilistic) evaluation of risk using Monte Carlo simulation – from ISO1, COSO2, NASA3, RAND Corporation4, AACE International5 and APM6, to Solvency II7 and Basel II/III8. There is some variation in terminology, but a general agreement on the basic process of risk management is shown in the following diagram. Key weak spots in the process are typically: risks are evaluated poorly (either qualitatively or quantitatively); and the low quality of the data collection process that helps identify and evaluate risks and their mitigation. In addition, the key failures in applying this process are: establishing the context; actually implementing the risk mitigation strategies that have been agreed; and checking the mitigations stay in place (highlighted).
Quantitative risk analysis (QRA) forms only a part of the whole risk management process (in the ‘Evaluate the Risks’ section), but it is agreed by all the authorities listed above to be an extremely valuable part. QRA is recommended because it allows one to move beyond describing risks in vague terms like “possible” and “likely” that offer no significant decision-making information, to talking in terms of numbers like “a 10% chance of losing more than $50 million”.
To read more please download the full article.
Contact Vose Risk Consulting and Software to request more information.