• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Risk Managers Of The Universe

Risk Managers Of The Universe



On how the current top-down (command-and-)control approach, and the \'middle-out\' modelling aproach, will and can not work in the end. A new paradigm, bottom-up KISS risk management will be needed.

On how the current top-down (command-and-)control approach, and the \'middle-out\' modelling aproach, will and can not work in the end. A new paradigm, bottom-up KISS risk management will be needed.



Total Views
Views on SlideShare
Embed Views



1 Embed 4

http://www.linkedin.com 4



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

    Risk Managers Of The Universe Risk Managers Of The Universe Presentation Transcript

    • Risk Managers of the universe Jurgen van der VlugtDialogues House, 16 augustus 2012
    • Introductie
    • AgendaRisk Management,• Top-down• Middle-out• Bottom-up
    • Top-down• RM ∆ In control over risico’s • Risico’s ∆ negatieve events • Positieve? risico ↔ rendement • Events: definitie? volledigheid? • In control ∆ geen afwijkingen / correctie • Geen afwijkingen: totale beheersing inputs • Correctie: kosten, schade, positieve resultaten? • Fantasie: Werkelijkheid beheersen
    • In control?
    • In control?
    • JanusResultaten uit het verleden … toekomst
    • De Toekomst…• ALLE risicodiscussie is subjectief• Gaat over de toekomst, • De ∆ van onzekerheid • Bestaat alleen in de verbeelding• RM is speculeren over de toekomst• Toch… amechtige pogingen
    • OverheadEvaluate design & Analysis Monitor & react set-up Operational Risk Problem Management Mgt Incidents ORAP Inherent for analysis Controls Risk indicators risks (Problems) R(S)A (K)ORC KRI Incident (+Audit) (Mgt) (Mgt) Mgt Insu- Near rance Designed, Tuning, Selected for Mandatory misses CLD Mgt efficiency Corrective KRI actions values Incidents Indemnities Process Breach Very, very basically Surprise!
    • Zoals voorspeld
    • Middle-out
    • n:m, feedback, time, continuity
    • Initiële auditissues Forecast ultimo 2011 1 2 3 4 4 3 5 9 7 8 6 9Kans Kans 6 2 7 1 Impact Impact • 1 Kans Kansloos • … per? jaar? transactie? nanoseconde? • 1 Impact Kansloos • … Alleen financieel? reputatie, etc.? tijd; vs ingrijpen? • H x H = 25 Kansloos • 3xM=H Kansloos • ’16’ > ’12’ Kansloos • Wie schat ‘H’; hoe en met welk ‘bewijs’?
    • In particular, for any consistent,effectively generated formal theory thatproves certain basic arithmetic truths,there is an arithmetical statement that istrue, but not provable in the theory.Kurt GödelNo matter how perfect you try to riskmanage, incidents will happenYours Truly
    • ∫ ( Kansfunctie ×? Impactfunctie ) ∑( Kosten van tegenmaatregelen )Voor vele series van functies en parameters, impactschattingsranges (…), variabele sets van tegenmaatregelenInclusief variabele maten van effectiviteit, met vage noties vanrisk appetites in de achterhoofden van sommigen
    • Beter modelleren ..?
    • Resultaat
    • En dan zijn er nog kostenWhat was it astronaut John Glenn saidwent through his mind as he awaitedlift-off?"Youre thinking youre sitting on top ofthe most complex machine ever builtby man, with a million separatecomponents, all supplied by the lowestbidder."
    • Ja Maar …1. Yes we know all that. Nothing’s perfect.2. The assumptions are reasonable.3. The assumptions don’t really matter.4. The assumptions are conservative.5. You cannot prove the assumptions are wrong.6. We only do what everyone else does.7. The decision maker is better off with us than without us.8. The models are not completely useless.9. You gotta make the best of the data you’ve got.10. You need assumptions to make progress.11. The models deserve the benefit of the doubt.12. Models and assumptions don’t do any harm so why bother …?© David Freedman (in Nassim Taleb’s Black Swan)
    • CombinatiesExterne data Scenario´s• Relevantie; toepasselijkheid (modereren vs bias)• Resultaten uit het verleden• Te weinig data (?)• Self-reporting !?• Veel (!) te weinig data; kwaliteit • Te weinig data (?)• Self-reporting !? • Kennis, zicht op risico’s• Resultaten uit het verleden • Zuiver en alleen lokaal bruikbaar • Kennis en kundeInterne data • Percepties van risico RSA´s
    • Tóch blijven proberen…
    • Bottom-up dan ..?In theory, nothing works, In practice, everything works,and everyone knows why. but no-one knows why. We have in our organisation a combination of theory and practice.
    • Klein beginnen
    • Onderaan beginnen
    • Risico’s van alle tijden
    • Dus lat niet te hoog verkopen
    • ‘Stress-testen’• Maar dan goed
    • Management = risico(Management)
    • J. R. Galbraith, "Organization Design: An Information Processing View" Interfaces, 4 (1974), 28-36 SummaryGalbraith believes that "the greater the uncertainty of the task, the greater the amount of information that must be processed between decision makers during the execution of the task to get a given level of performance". Firms can reduce uncertainty through better planning and coordination, often by rules, hierarchy, or goals.Galbraith states that "the critical limiting factor of an organizational form is the ability to handle the non-routine events that cannot be anticipated or planned for".When the "exceptions" become too prevalent, they overwhelm the hierarchys ability to process them. Variations in organization design arise from different strategies to increase planning ability and to reduce the number of exceptional events that management must resolve.Galbraith defines a continuity of organizational forms that firms utilize to reduce uncertainty:1. Creation of Slack Resources. These include extending delivery times, adding more money to the budget, and building inventory (all which have inherent costs). If a firm fails to actively create a higher level strategy to address uncertainty, this strategy will occur by default.2. Creation of Self-Contained Tasks. One strategy at this level is changing from functional to product groups.3. Investment in Vertical Integration Systems. Condensing the flow of information by building specialized languages and computer systems can help analysis and decision making.4. Creation of Lateral Relationships. Moving the decision making power down in the firm to where the information exists can reduce uncertainty at the decision level.There are various strategies of increasing complexity to achieve this:A. Direct contact between managers across groupsB. Liaison personnel between groups.C. Task ForcesD. TeamsE. Cross-group Managers (project managers, program managers, etc.)F. Linked Managers (with power over some cross-group resources)G. Matrix Organization
    • Combinatie
    • Combinatie uitwerken
    • Conclusie• Risk Management op de huidige manier, werkt niet • Gedreven door CYA, angst voor de wereld • RM of the Universe is een fantasie• Idealen bijstellen, via Bottom-up (andere) idealen halen
    • Work In Progress
    • That was all. Thank you. Hope you enjoy(ed) the ride
    • Dank u
    • Contact details• Jurgen = Ir.drs. J. van der Vlugt RE CISA CRISC• Maverisk Consultancy, IS Audit and Advisory services (KPMG, ABN AMRO, Noordbeek, Achmea, ABN AMRO• (IS) Audit, (Info)Security, Y2k, BCM, ERM/ORM• ISSA, NOREA: Various committees• Jvdvlugt@maverisk.nl• LinkedIn, Twitter (etc.etc.)Motivate yourself! www.despair.com/viewall.html