section 8 optimizing risk strategic advantage

SECTION 8. OPTIMIZING RISK FOR STRATEGIC ADVANTAGE

Topic 18. Strategic Risk and Management

Topic 19. Applying Strategic Risk Management

125

Section 8. Optimizing Risk for Strategic Advantage

Topic 18. Strategic Risk and Management Reference: CPCU 500 Online 1st edition, Assignment 8. Module 1, 2

18.a. Put simply, strategic risks are any factors that could affect the business. They

include the upside and downside associated not only with a business strategy itself but also with the implementation of a strategy. Strategic risks can be created and affected by external factors such as economic conditions, consumer demand, or government regulations, or by internal factors such as an organization’s structure, culture, or processes. Because strategic risks may have far reaching ramifications that can alter the course of an organization's future, illustrating their importance can be an effective tool in convincing decision makers of the value of a holistic risk management program.

People often confuse strategic risk with operational risk, but here’s a good way to distinguish the two: With operational risks, the focus is often on making sure that things (whether they are products or processes) are done right; with strategic risks, the focus is on doing the right things and making the right decisions to ensure the organization achieves its strategic goals.

126


18.b. Strategic Risk Factors Strategic risks are often associated with external factors that are beyond a

single organization’s control, such as shifts in consumer demand, changes in regulations, financial crises, inflation, changes in the labor market, competitive pressures, societal shifts, politics, and international trade agreements or restrictions. However, strategic risks can also arise from internal factors such as business decisions, business policies and processes, hiring practices, resource allocation, culture, and stakeholder pressure.

1. Competition and innovation risk

An electronics manufacturer significantly changes the operating system used in its devices (cell phones, tablets, computers, and so on) in an attempt to differentiate its products from the competition.

2. Liquidity and financial risk

A restaurant chain decides to build and open two new locations in the same city using its own capital.

3. Acquisition and economic risk

A large insurance company acquires an innovative software company, thinking that the acquisition will help it analyze claims data to better predict risk and price insurance policies.

4. Marketing risk A clothing retailer agrees to market and sell a line of clothing from a new, unknown fashion designer.

5. Foreign economic risk

An automotive manufacturer decides to introduce an expensive sport utility vehicle (SUV) to a new foreign market.

6. Procurement risk

A steel fabricator switches from its long-time supplier of raw materials to a new, up-and-coming supplier that promises lower prices and faster delivery.

7. Regulatory risk

A pharmaceutical company launches a new medication in several foreign markets simultaneously.

127


18.c. Assessing Strategic RiskWith strategic risk, the goal isn’t to eliminate negative risks and/or their

consequences; it’s to use information about strategic risks to make holistically informed decisions that optimize the risk-reward ratio. This can be difficult because strategic risk is the most intangible and abstract of the four risk quadrants. Therefore, it’s more difficult to put a dollar value on a strategic risk than it is a hazard, operational, or financial risk. Still, it’s important to attempt to measure the amount of negative risk and/or opportunity associated with a business decision. The metrics used to quantify strategic risk include these:

Two metrics that play a big role in assessing strategic risks are risk appetite and risk threshold. Risk appetite represents how much risk the organization wants to take on. It’s essentially a target. Meanwhile, risk threshold represents the total range of uncertainty the organization is able to accept.

Economic capital

The amount of capital required by an organization to ensure solvency at a given probability level, such as 99 percent, based on the fair value of its assets minus the fair value of its liabilities.

Risk-adjusted return on capital (RAROC)

A measure of the return on investment after accounting for risk. Often used as a measure of profitability, RAROC is calculated by taking the total return on an asset or initiative, subtracting taxes, and dividing it by its economic capital.

Shareholder value added

A measure of profitability after funding costs are considered. It’s often used to measure a corporation’s worth to shareholders, and it can be an indicator of management effectiveness.

128


18.d. Strategic Management Strategic management defines the organization’s strategies. All business

decisions carry some risk, but an effective strategic management process drives an organization to make decisions that have an optimal risk-reward ratio. Strategic management is the responsibility of senior-level executives, who make strategic decisions based on input from the board of directors. The strategic management process includes five interdependent stages: developing short- and long-term goals, analyzing internal and external environments, formulating strategies, implementing the strategies, and evaluating the strategies. This section will examine each of these stages.

Developing Goals

Before determining specific short- and long-term goals, senior-level executives must establish the organization’s vision statement and mission statement.

Analyzing Environments

Internal and external issues that could positively or negatively affect the organization’s ability to achieve its goals must be examined.

Formulating Strategies

Factors this team should consider when developing a long-term strategy include changes needed to implement the strategy, cost (including the cost of delaying or diverting resources from other projects to pursue the strategy), overall return on investment, risks involved, and risk appetite.

Implementing Strategies

Strategy implementation, also called execution, is the process of making strategies work. This stage is more difficult to complete and requires more time than the strategy formulation stage.

Evaluating Strategies

The accomplishment of senior-level goals may be derailed by unexpected circumstances. Strategy evaluation, also called strategic control, involves monitoring progress toward goals and follows these three steps: (1) Establish performance standards and measurements (usually completed during the strategy implementation stage) (2) Compare actual results with established standards (3) Identify and implement corrective actions when goals are not being met

129


18.e. SWOT, PESTLE, and Porter’s Five Forces Analysis In a SWOT analysis, strengths can be paired with opportunities to identify

areas of competitive advantage, and weaknesses can be paired with threats to identify risks that should be avoided. This analysis helps construct a framework for a high-level strategic plan.

Similarly, a PESTLE analysis (political, economic, sociological, technological, legal, and environmental) can be used to analyze an organization’s external environment to identify opportunities and threats—and a SWOT analysis can be used to take a deeper dive into each of the six PESTLE categories.

Porter’s Five Forces Analysis is another example of the many methods that risk professionals use to assess success factors. It focuses on five forces within an organization’s competitive environment to analyze how successful an organization, product, or service might be. It’s often used to identify opportunities or threats within a SWOT.

The Five Forces Model

Rivalry Among Existing Firms

Threat of New Entrants

Bargaining Powers of Buyers

Threat of Substitute Products, or Services

Bargaining Power of Suppliers

130


18.1. Question: Strategic Risk and Management

1. Strategic risk is the most intangible and abstract of the four risk quadrants.

2. The goal is to use information about strategic risks to make informed decisions that optimize the risk-reward ratio.

3. During Analyzing Environments stages of the strategic management process would an organization use methods such as Porter's Five Forces Analysis and PESTLE Analysis.

4. Porter's Five Forces analysis methods concentrates on an organization's competitive environment.

5. Strategic risk can be created and affected by external factors or internal factors. Resource allocation is considered an internal factor.

6. Clark's Electronics is considering launching new technology for the medical industry. Before investing major resources in the project, the company decided to perform a SWOT analysis. The fact that there are new medical industry regulations pending would fall under Threats of a SWOT analysis.

7. The four SWOT headings are strengths, weaknesses, threats and Opportunities.

8. Taylor owns Paoli Hardware, a mid-sized hardware store with 25 employees. Paoli Hardware has won best local hardware store 3 years in a row. Taylor would like to expand operations and has undertaken a SWOT analysis.

131


9. His most dedicated customers are generally over 40 years old and engaged in small house projects, but his biggest revenue generator continues to be the sale of lumber. He would like to obtain more commercial customers and increase lumber sales. One of the major complaints Taylor hears from his customers is the difficulty finding local contractors. So, he is considering hiring a general contractor at the store who would also make house calls to assist customers. This will allow him to bill for labor and increase the sale of his products, but he is concerned it may increase his insurance claims and premiums. One of the younger store employees suggested they create a website to expand sales to on-line purchases and target electronic advertisements to commercial accounts. Taylor is not sure that he has the expertise to maintain a website and run the store. The employee claims to know a company that can maintain a website for Paoli at minimal cost. Taylor believes the website is a good idea and will increase sales of lumber. To protect Paoli from increases in the cost of lumber, Taylor is considering a forward contract with the lumber yard. When Taylor completes his SWOT analysis, Strength of the SWOT analysis will he place reputation. Technological advancements could Taylor’s SWOT analysis consider an opportunity or a threat, or both an opportunity and a threat. The suppliers bargaining power to drive prices up, affected by Paoli’s ability to negotiate a forward contract with a lumber supplier. If Taylor completed a PESTLE analysis instead of a SWOT analysis, the PESTLE analysis would include Increase in competition

132


Topic 19. Applying Strategic Risk Management Reference: CPCU 500 Online 1st edition, Assignment 8. Module 3, 4

19.a. Risk and Strategy To maximize performance, executives need to understand how to account

for strategic risks as they formulate strategies. If management fails to do so, it will have to deal with risks as they come to fruition—when it may be too late to minimize their consequences or fully capitalize on their opportunities. Strategic risks are a necessary part of doing business. An organization can deal with them either after consequences have occurred (downstream) or before, as the organization develops its business strategies (upstream).

Tackling strategic risks upstream by incorporating them into the strategic management process helps prevent negative consequences. It also helps senior executives make business decisions that offer the greatest potential risk-reward trade-off and best help the organization meet its goals.

133


19.b. Incorporating Risk Into Strategy When a business doesn’t consider risks while forming its business strategy,

it runs the risk of having to be too reactionary downstream, rather than being able to proactively explore risks and proper treatment options before resources are dedicated elsewhere. Having a plan in place to deal with risks early will significantly lower the chances that negative risks will harm the organization. It also increases the chances that the business will be able to fully exploit opportunities.

The first component of incorporating risk into an organization’s strategic decisions involves the strategic management process, when an organization analyzes its internal and external environments. A SWOT and a PESTLE analysis can be linked together, and each may reveal similar opportunities and threats.

The second component is assessing the risks associated with the strategic plans senior executives are considering to meet organizational goals. Techniques an organization can use to assess risks as they develop strategic plans include a scenario analysis and strategy map.

The third component is determining the organization’s risk threshold, risk appetite, key risk indicators (KRIs), and treatment trigger levels for identified risks.

In addition to KRIs, organizations also use key performance indicators (KPIs) to inform their strategies. The difference between them is that KPIs measure an organization’s progress toward achieving its goals, while KRIs measure risks and volatility that can affect whether those goals can be achieved—KPIs measure what has occurred rather than predicting the future, while KRIs are predictive. KRIs help an organization maintain a level of risk within its defined risk appetite. Thresholds define the boundaries of risk appetite. KRIs indicate when the thresholds are, or are about to be, breached. Treatment trigger levels indicate when an organization must take corrective action to prevent risk-appetite thresholds from being breached.

134


19.c. Meeting Strategic GoalsThe final component is to decide which strategies the organization will use

to meet its goals. This includes planning how to avoid, exploit, or manage risks associated with those strategies. For example, if an organization decides to enter a foreign market, risk management should be applied to the strategy to plan for hazard, political, exchange rate, and other risks.

What this does is merge what are often two separate discussions—about broad goals/strategies and risk-treatment prioritization—into the same process so that they aren’t each conducted in their own silo. By combining the two, they can be used to influence each other and enable the organization to determine where capital, employees, and other resources should be allocated to produce the best possible returns.

Even when strategic risks are properly integrated into the strategy-formation process, it’s important that an organization remain alert to emerging risks when executing a new strategy. For example, if an organization is planning to acquire another company and either that company's financial results or the market in general changes, the organization may want to cancel, pause, or revise its plan.

19.d. Strategic Management Process When properly applied to the overall strategic management process,

strategic risk management identifies, assesses, and manages risks that could affect the formulation and execution of organizational strategies. As a result, knowing how to implement strategic risk management is key to making and executing business decisions that maximize benefits for the organization.

Risk tolerance, risk capacity, and risk appetite are closely related and often confused with one another. Risk tolerance and risk capacity are often used interchangeably. They represent the same thing: the total amount of risk an organization can accept. Risk appetite, on the other hand, represents the amount of risk the organization is willing to (or wants to) accept.

135


19.e. Risk Appetite and Risk Tolerance When formulating strategic decisions, an organization’s senior executives

should identify and articulate risk appetites. Risk appetites can be defined both quantitatively and qualitatively. Quantitative measures may include financial targets, while qualitative measures may include things such as reputation and management/workforce capabilities.

An organization’s risk tolerance is closely related to its risk appetite. Think of risk appetite as the amount of risk the organization wants to accept to achieve a goal. Risk tolerance is broader than that; it’s the total amount of risk the organization can accept.

Unlike risk appetite, risk tolerance is always stated in quantitative terms. Risk tolerance levels have high-end thresholds, low-end thresholds, or both. A zero-risk tolerance level typically results in risk-based decisions that are very rigid. For example, if an organization has a zero-risk tolerance level for cost overruns on a product development project, it may make achieving a successful product more difficult.

An organization’s risk appetite rests between the high-end and low-end risk tolerance thresholds. This area also contains high-end and low-end appetite thresholds as well as treatment trigger levels to indicate when a corrective action must be taken to prevent the risk appetite thresholds from being breached.

136


19.f. Risk AssessmentAfter senior executives determine the organization’s strategic goals, risk

tolerance, and risk appetite, they need to determine possible strategies that will achieve the goals and yet fall within the risk tolerance and appetite. This should include a scenario analysis based on current trends as well as an assessment of the risks associated with each scenario.

Here’s an approach that can help an organization assess strategic risks: (1) List risks that could affect (positively or negatively) a proposed decision or activity. (2) Use a risk map to assess the likelihood and potential consequences for each risk. (3) Identify the five highest-priority risks.

19.g. Risk ControlAfter an organization has developed and implemented its strategic plan, it

will need processes and procedures in place for controlling risks at various levels and ensuring that risks stay within its risk tolerance and risk appetite.

A control process like this promotes consistency in risk-taking and risk-avoidance activities at all levels. Without controls that direct managers and employees to determine which risks are worth taking and how to balance risk levels through smart decision making and effective risk treatments, an organization could find itself assuming too much risk or unacceptable types of risks.

Control measures are typically designed around a framework structured to facilitate understanding, communication, and appropriate action. Control measures should be implemented at all levels of the organization and include reporting systems structured to allow senior management to determine whether goals are being met.

137


19.1. Question: Applying Strategic Risk Management

1. The strategic management process can be applied to any type of organization, including business, not-for-profit organizations, and government entities.

2. After an organization develops and implements its strategic plan, it needs to determine how risk taking will be controlled. A factor in strategic decision making is whether an organization has an advantage in controlling risk with a given activity.

3. When assessing strategic risk, Risk appetite represents the amount of risk an organization is willing to take on in order to achieve an anticipated result or return.

4. Strategy development is an important element of the strategic management process. Strategies should reflect an understanding of the business, including its identity, customers, and purpose.

5. Risk tolerance levels can have high-end thresholds, low-end thresholds, or both.

6. Risk appetite is an important component of strategic risk management (SRM). Regulatory conditions, political risks, and anti-trust or other legal concerns can reduce an organization’s risk appetite.

7. Hi-Tech Phones has been working on two new models of their flagship smart phone. The Research and Development department has been working on a touch-based phone and a voice-activated phone. A risk map is a tool that could be used to assess the risks of developing and marketing either or both of these phones.

8. Widget Manufacturing board of directors recently adopted a zero-risk tolerance for work place accidents. Initially the chief risk officer thought this was a great idea, however, he has found it very hard to implement. One reason that a zero-risk tolerance policy is hard to implement is because zero-risk tolerance Will typically result in risk-based decisions that are too rigid and counter-productive.

9. A company's management team is preparing to conduct a SWOT analysis as part of its strategic management process. Will this organization's current business strategies still allow it to achieve its goals, or is a change required? can the management team expect to answer as a result of the SWOT analysis.

138

SECTION 9. BREAKING DOWN RISK MODELING

Topic 20. Probability Analysis

Topic 21. Value at Risk and Trend Analysis

139

Section 9. Breaking Down Risk Modeling

Topic 20. Probability Analysis Reference: CPCU 500 Online 1st edition, Assignment 9. Module 1, 2

20.a. Nature of ProbabilityThe probability of an event is the relative frequency that is expected to

occur in the long term in a stable environment. Any probability can be expressed as a fraction, percentage, or decimal. Theoretical probabilities are always constant under conditions where the ideal physical environment is maintained. Empirical probabilities are estimated based on actual experience, and the accuracy varies depending on the size of the sample and the representation of the population. Insurance professionals are mainly dealing with empirical probabilities that are based on past accident data and can change as new data is added.

(1) For example, the odds of a dice throwing 1 are expressed as 1/6 or 16.667% or 0.1668. Theoretically, if you throw the dice six times, it comes out once, and if you throw it 60 times, it comes out ten times. The reason for expressing it as "relative frequency" is because it expressed how many times it was thrown and how many times it came out.

(2) For example, theoretical probabilities are throwing dice in an ideal environment that you can imagine mathematically. Empirical probabilities are actually calculated by throwing dice. It depends on the material of the dice, the slope of the floor, and the skill of the dice thrower. The empirical probabilities are usually closer to theoretical probabilities as the number of throws increases and more ideal environments are given.

(3) In the test, it is the empirical probability, which is used when historical data or actual experience is mentioned, or when estimating the specific cause of loss that may actually occur. Theoretical probability is the answer to throwing dice and coins. There are many cases where the precondition of ideal environment is not mentioned. However, you should answer the empirical probability if you read the material of the die or coin, the state of the floor, and the actual number of throws.

140


20.b. Law of Large Numbers Law of large numbers is a mathematical principle, and if the number of

trials is large enough, the empirical probability is close to the theoretical probability, so that past results can predict the future more accurately. However, in order for the law of large numbers to be established, the environment must be sufficiently similar and the events must be independent. The term independent events means that the first event does not affect the next event.

The probability analysis in the risk management is based on the assumption that patterns of past losses will continue in the future, subject to a sufficiently large amount of historical data, a sufficiently similar operating environment, and independent events.

With the application of the law of large numbers, events must meet the following three conditions to enable accurate forecasts of future events. First, it should have occurred in a similar environment and unchanging, basic causal forces in the past. Secondly, a sufficiently similar environment should be maintained in the future. Third, both the past and the future must occur independently one another and sufficiently large numbers.

(1) A simple example of the Law of large numbers is that if you throw a dice six times, the odds are not exactly 1/6, but if you throw 60,000 times, the odds are close to 1/7.

(2) It is not independent events, for example, a free throw of basketball or a penalty kick of football. The change of athlete 's psychology affects the next events.

(3) What can be gained through the law of large numbers is that the accuracy of predictions increases. It is a misleading statement to describe the fact that a large number of historical data have been acquired, describing that more events occur in the future. A large number of historical data can only predict future events more accurately.

141


20.c. Probability DistributionA properly constructed probability distribution is a summary of the

probability of possible outcomes, which can be expressed in charts, charts, and graphs. The common characteristic of outcomes of both theoretical and empirical probabilities is that they are mutually exclusive and collectively exhaustive.

Discrete probability distributions consist of a finite number of possible outcomes. The results of throwing a die are all limited to six, and numbers such as 1.5 or 2.8 are not allowed. Continuous probability distributions consist of an unlimited number of possible outcomes. Students can have a height equal to 175.32cm. There are unlimited numbers between 175 and 176cm.

Therefore, in risk management, discrete probability distributions are mainly used for frequency analysis, and continuous probability distributions are mainly used for severity analysis. The type of cause of loss in a particular industry is limited, so use discrete probability distributions to see how often a cause of loss occurs (loss frequency). Since the dollar loss amounts are unlimited numbers, we use continuous probability distributions to determine how much loss occurs (loss severity).

Continuous probability distributions are represented graphically as follows. The possible outcomes are displayed on the x-axis, and the likelihood of those outcomes are displayed on the y-axis. The height of the line or curve above the outcome means the likelihood of that outcome. The sum of possible probabilities is 100%, so the sum of the areas under the line or curve is 100%. The line or curve itself is called probability density functions.

142


The cumulative probability distribution is only a cumulative plot of the continuous probability distribution. The values on the y axis cumulatively represent the sum of individual probabilities for each outcome. Because the cumulative probability for each loss amount can be seen at a glance, risk managers use it to determine the effect of various deductible and policy limits when purchasing insurance.

(1) For example, the outcomes (called random variables) that can be cast from a die are 1, 2, 3, 4, 5, 6 and each probability is 1/7. By plotting the possible outcomes 1, 2, 3, 4, 5, 6 on the X axis of the graph and the probability of each outcome on the Y axis, a probability distribution graph is obtained.

(2) 'Mutually exclusive' means that outcomes do not overlap. The result of throwing a die cannot be 1 and 2 at the same time. 'Collectively exhaustive' means that the probability of all outcomes is 1 or 100%.

(3) A probability distribution shows a probabilistic estimate of a particular set of circumstances or each possible outcome. Afterwards, central tendency or dispersion shows likelihood of particular future events. As a result, we can say that it is possible to see likelihood of particular future events through a probability distribution. Note, however, that the CPCU 500 sometimes distinguishes strictly what a probability distribution shows.

(4) A continuous probability distribution can sometimes appear to be discrete probability distributions using a countable number of bins (event categories). For example, the probability distribution for students' height can be expressed in groups of 161 to 170 cm, 171 to 180 cm, and 181 to 190 cm. Discrete probability distributions are characterized by a finite number of possible outcomes, but this is a continuous probability distribution.

143


20.d. Central Tendency and DispersionThe expected value is the sum of the possible outcomes multiplied by the

corresponding probabilities. It is expressed as the weighted average of all the possible outcomes in a theoretical probability distribution. For example, the mean of 10, 20, 20, 30 is 20. 20 = (10 + 20 + 20 + 30) / 4. Risk managers consider the mean as the single best guess when estimating future events as a single value. For example, if the mean for past loss amounts is $ 20,000, the single best guess for future loss amounts is $ 20,000, despite several other possibilities. The future loss amounts can be $ 10,000 or $ 30,000, but the least error is the mean when estimating unknown future outcomes with a single value.

Dispersion represents the degree of spread out around the expected value of the probability distribution. Risk managers use dispersion to assess the credibility of the measures of central tendency. The greater the dispersion, the lower the credibility of the measures of central tendency. This is because it may result in values that are much larger or smaller than expected.

The standard deviation (σ) represents the dispersion of the probability distribution. For example, the standard deviation of 10, 20, 30 is 10. 10 = [{(10-20)2 + (20-20)2 +(30-20)2} / (3-1)]0.5 = [(100 + 0 + 100)/2]0.5.

Coefficient of variation (σ / µ) is the standard deviation divided by the mean, which is used when comparing different distributions to each other.

(1) The larger the dispersion, the higher the likelihood that the actual outcome is larger or smaller than the expected value. For risk managers or insurance companies, this is not desirable because the risks are greater.

(2) Risk managers view the standard deviation as the magnitude of the risk. Historical data were used to construct probability distributions and predicted expected values. However, it is the standard deviation that indicates how the future actual results may differ from the expected value. The degree to which the frequency or severity of the loss deviates from what is expected is considered a risk.

(3) When the probability distributions are plotted on a graph, the smaller the dispersion, the sharply peaked curve is drawn.

(4) For example, A distribution is mean 10, standard deviation 100, and B distribution is mean 100 and standard deviation 500. Which is the greater dispersion between A and B? The standard deviation of the B distribution is large in numbers, but the dispersion of the A distribution is larger when the mean is taken into account. Coefficient of variation of A distribution is 100/10 = 10 and Coefficient of variation of B distribution is 500/100 = 5.

144


20.e. Normal DistributionA normal distribution is a probability distribution, drawn as a bell-shape

curve. As the outcome values become larger or smaller around the center mean, the probability of occurrence gradually decreases. Theoretically, a very large value or a small value has some probability greater than zero. If the outcome of a phenomenon follows a normal distribution, the probability of possible outcomes can be estimated by a predictable measure of standard deviations from the mean.

145


(1) The mathematical understanding of the normal distribution should be done in statistical classes. In CPCU 500, let's focus on understanding and exploiting normal distribution characteristics. Numerous natural phenomena follow a normal distribution when sufficient numbers are investigated. Risk management also discusses various incidents based on normal distribution.

(2) For example, suppose that the height of a hypothetical 10,000 man is examined and a mean is 170 cm and a standard deviation is 10 cm. According to the normal distribution, the height corresponding to the center of the graph is 170 cm, the height corresponding to one standard deviation is 180 cm, and the height corresponding to minus one standard deviation is 160 cm. The number of people between 170 cm and 180 cm is 3,413, accounting for 34.13% of the total. In the same way, the number of persons between 160cm and 180cm in height is 6,826 persons, which is 68.26% of the total.

(3) To prepare for the test, you must memorize all the figures in the normal distribution. Unfortunately, 34.13%, 13.59% and 2.15%, as well as 68.26%, 95.44% and 99.74%, respectively, must be memorized.

(4) The following are frequently asked questions. What is the probability that outcomes exist between the mean and one standard deviation above the mean in the normal distribution? 34.13 percent. What is the probability that outcomes exist between the mean and one standard deviations above and below the mean in the normal distribution? 68.26 percent. In this way, you have to distinguish whether asking for one side or both sides in the normal distribution.

146


20.f. Practical Application of Normal DistributionLet's look at an example where normal distribution is used in risk

management. There is a hypothetical factory that needs to have a large number of fire extinguishers. Replacing the fire extinguisher too quickly can be costly, and replacing it too late can cause malfunctions. As shown in the figure, fire extinguishers have slightly different useful lives depending on the manufacturing process. The average useful life of fire extinguishers is 1,000 days, and the standard deviation is 100 days. If the factory risk manager chooses a fire extinguisher replacement cycle of 1,000 days, the probability of a fire extinguisher operating in a fire accident is 50%.

If the factory's risk manager changes the fire extinguisher replacement period to 900 days, what is the probability of a fire extinguisher operating in a fire accident? It is important to know exactly what the normal distribution represents. Here the normal distribution indicates the useful life of the fire extinguisher. That is, a fire extinguisher that has a useful life of 900 days or more works normally. Therefore, the percentage of fire extinguishers with useful life over 900 days in the normal distribution is 84.13% (34.13% + 50%).

(1) Note that even if you use normal distribution in various stories, you only have to be careful about which values are to be placed on the x-axis. For example, an insurer wants to hire the appropriate number of underwriters. One underwriter can have 500 U/W reviews per month. The average number of U/W reviews is 2,000 monthly and the standard deviation is 500. How many people should be employed to hire enough underwriters with at least 80% confidence? The x-axis is the number of U/W reviews, and the cumulative probability of 84.13% is one standard deviation from the mean of 2,500. 50% + 34.13% = 84.13%. To handle 2,500 cases, five underwriters must be hired. Since people cannot be split like 4.8 people, the closest value of at least 80% is 5 people.

147


20.1. Question: Probability Analysis

1. The weighted average of all the possible outcomes of a theoretical probability distribution is the Expected value.

2. A coefficient of variation is derived by Dividing a distribution’s standard deviation by its mean.

3. In using the coefficient of variation when comparing two distributions, if both distributions have the same mean, then the distribution with the larger standard deviation will have Greater variability.

4. A group of large life insurance companies pooled their mortality data over the past 25 years. Based on the pooled mortality data, a mortality table showing the probability of death at specified ages was developed. The insurers used these probabilities in pricing life insurance products. The probabilities developed from the pooled mortality experience of the insurers are best described as Empirical probabilities.

5. Determining the probability that a certain event will occur can be an important part of exposure analysis in the risk management process. Empirical probability is the term used for probability that is developed based on actual experience.

6. An insurer is beginning to write business in a new state. The claim manager, Carla, wants to know how many new claim representatives to hire to accommodate the additional volume of claims. Based on the marketing department's estimate and industry data, Carla has determined the mean number of new claims to be 2,000, with a standard deviation of 1,000 in a normal distribution. If a claim representative can typically adjust 600 claims per year, and Carla wants at least 66% certainty that she has enough representatives, which one of the following represents how many representatives she will need to hire? 3

7. Granton Manufacturing uses diamond-point cutting tools to manufacture metal plates. The diamond points have an average life of 90 days. Some points last longer and others wear out more quickly; however, overall the average life of the diamond points follows a normal distribution curve with each standard deviation equaling 10 days. Replacing a point requires only 15 minutes. However, if a point fails, Granton often must scrap some of the metal plates, and the process to return to full operations takes over two hours. In this case, 28%is likely to wear out only after 110 days.

148


Topic 21. Value at Risk and Trend Analysis Reference: CPCU 500 Online 1st edition, Assignment 9. Module 3, 4

21.a. Value at RiskVaR measures the probability of incurring a loss in value that exceeds a

threshold level. It is typically characterized by measuring over a short time period and a low probability. For example, let’s say an organization sets a VaR loss threshold level of $300,000. A one-day, 5 percent VaR of $300,000 means there is a 5 percent probability of losing $300,000 or more over the next day.

VaR provides these three benefits as a risk measure: (1) Quantifies the potential loss associated with an investment decision (2) Articulates complex positions (typically involving multiple investments) as a single figure (3) Expresses loss in easy-to-understand monetary terms

However, VaR has a limitation: It doesn’t accurately measure the extent to which a loss may exceed the VaR threshold. This limitation can be addressed with conditional value at risk (CVaR). CVaR provides the same benefits as VaR but with the added benefit of helping to analyze the extremely large losses that may occur, usually with very low probabilities, in the tail of a probability distribution.

149


21.b. Earnings at RiskDetermining EaR entails modeling the influence of factors such as changes

in interest rates; sales; production costs; and the prices of products, commodities, and components used in production. Models are developed using a Monte Carlo simulation, and the results are presented as a probability distribution curve or a histogram of individual probabilities.

The EaR threshold is the low end of projected earnings within a specific confidence, such as 95 percent. The probability that an organization's earnings will be greater than the EaR threshold is represented by the area under the distribution curve to the right of the EaR threshold. The area under the curve to the left of the EaR threshold represents the probability that earnings will be below the EaR threshold. For example, if earnings at risk are $100,000 with 95 percent confidence, then earnings are projected to be $100,000 or greater 95 percent of the time and less than $100,000 5 percent of the time. EaR is helpful in comparing the likely effects of different risk management strategies on earnings. However, one drawback is that the calculations can be complex.

Explain what it means when an organization has a one-day, 5 percent value at risk (VaR) of $500,000 and when another organization has earnings at risk (EaR) of $1,000,000 with 95 percent confidence. An organization with a one-day, 5 percent VaR of $500,000 has a 5 percent probability of losing $500,000 or more over the next day. An organization that has EaR of $1,000,000 with 95 percent confidence has earnings that are projected to be $1,000,000 or greater 95 percent of the time and less than $1,000,000 5 percent of the time.

150


21.c. Trend AnalysisOrganizations use trend analysis techniques to identify predictable patterns

of change in dynamic environments and, from those patterns, develop forecasts. Regression analysis is one of those techniques, and it can increase the accuracy of forecasting by examining relationships between the variables that affect trends. For example, changes in hazard loss frequency might correlate with changes in some other variable, such as production output, in such a way that loss frequency can be predicted using production output data.

Many risks vary predictably in relation to another variable, so they can be forecast using a regression analysis. In a regression analysis, the variable being forecast is the dependent variable. The variable that determines the value of the dependent variable is the independent variable. Linear regression analysis deals with a constant rate of change. For example, if the independent variable is time that is measured in years, then a linear regression analysis assumes that the change in the dependent variable is the same from year to year. In this case, the regression line is straight (linear), not curved.

151


21.d. Charting a Linear Regression Line The exhibit plots machinery losses in relation to the firm’s annual output.

The data points show that 4 losses occurred in Year 1 when output was 35 (x 100,000); 4 losses occurred in Year 2 when output was 60; 5 losses occurred in Year 3 when output was 72; and 6 losses occurred in Year 4 when output was 95.

The solid portion of the linear regression line approximates the trend of the historical data. The dashed extension of the regression line projects annual numbers of machinery losses for levels of output (in units of 100,000) beyond the range of this particular historical data.

In this example, the indicated value for b is 2.46 machinery losses. The indicated value for m is 0.035, implying that with each 100,000-ton increase in output, 0.035 additional machinery losses can be expected. y = 0.035x + 2.46, where: y is the dependent variable, x is the independent variable, b is the y-intercept, m is the slope of the line

152


21.e. Analyzing Event Consequences Organizations use decision tree analysis and event tree analysis to predict

the likelihood and severity of consequences or gains arising from decisions and events. This helps managers make decisions that will best propel an organization toward its strategic goals, as well as manage its risks.

Decision tree analysis examines the consequences, including costs and gains, of decisions. A risk management professional may use decision tree analysis to compare different decisions and select the one most likely to help the organization obtain a strategic goal.

Event tree analysis examines all possible consequences of an accidental event, their probabilities, and existing measures to prevent or control them. A risk manager may use this approach to examine the effectiveness of systems, risk treatment, or risk control measures and to identify, recommend, and justify expenditures of money, time, or resources for improvements.

21.f. Decision Tree AnalysisDecision trees can provide both qualitative and quantitative analysis.

Qualitatively, they can help generate scenarios, progressions, and consequences that could potentially result from a decision. Quantitatively, they can estimate probabilities and frequencies of various scenarios resulting from a decision.

Constructing a decision tree begins with identifying the decision under consideration—for example, whether to develop a product. From that point, various sequences of events (pathways) are charted for each potential decision. Each pathway then leads to an outcome. For a quantitative analysis, probabilities are assigned to each pathway, and expected values (costs or gains) of each pathway can be estimated for the outcome. The probabilities of each pathway and the value of its outcome can be compared to determine the pathway that produces the highest expected value. Decision tree analysis offers the advantages of visual portrayal of event sequences and outcomes and a means to calculate the best pathway through a problem.

153


21.g. Event Tree AnalysisEvent trees are similar to decision trees in their portrayal and analysis of

various pathways and their outcomes. However, event trees analyze the consequences of accidental events rather than decisions. The first step in building an event tree is identifying the first accidental event related to a product or process that could result in unwanted consequences. It’s typically the first significant unwanted departure from a normal series of events. The various progressions of events that could follow the accidental event are then identified, along with any barriers to those consequences (such as alarm or detection systems, emergency procedures, or other loss control measures). The progression of events that are identified could be based on factors such as human responses, interaction with other systems, weather, or the performance or failure of barriers to consequences. The analysis ends in a list of potential consequences of the initial event.

For each pathway in the diagram, the end probability represents the likelihood that every event in the pathway will occur. This probability is calculated by multiplying together the probability of each event in the pathway that occurs after the initial accidental event (for example, in the worst case scenario .80 × .10 × .05 = .004). The sum of all probabilities at the end of the diagram should equal 1 (for example, .004 + .076 + .036 + .684 + .20 = 1).

Like a decision tree, an event tree creates a visual portrayal of event sequences and outcomes. Specifically, it illustrates the potential effectiveness of control systems following accidental events and accounts for timing, other contributing factors, and domino effects. But one of the limitations of event tree analysis is that it typically provides only two options—success or failure—and thereby fails to reflect the complexity of some processes or products (for example, some components or barriers may not fail completely).

154


21.1. Question: Value at Risk and Trend Analysis

1. A benefit of the conditional value at risk (CVaR) method is that It takes into account the extremely large losses that may occur.

2. Decision tree analysis and event tree analysis are similar in a number of ways, but differ in their Purpose.

3. Determining earnings-at-risk (EaR) entails modeling the influence of factors such as Changes in the prices of products and production costs on an organization's earnings.

4. Event trees analyze the consequences of accidental events.

5. The regression line represents the "best fit" of a straight or smoothly curved line to actual historical data from prior periods.

6. If earnings at risk are $200,000 with 90% confidence, Earnings at risk are projected to be less than $200,000 10% of the time.

7. A main difference between decision trees and event trees is That event trees analyze the consequences of accidental events rather than decisions.

8. Widget Manufacturing Company has noticed that its loss frequency and severity has increased in the past two years as its production has increased. In order to better forecast loss frequency and severity, Widget Manufacturing Company should consider using Trend analysis.

9. A financial analyst wants to evaluate the effect that a predicted increase in the cost of steel will have on the net income of East Side Manufacturing. the analyst should use Earnings at risk

10. Magruder Company would like to estimate the number of workers compensation claims to expect next year. Magruder’s risk manager ran a regression analysis in which the number of workers compensation claims was the dependent variable and the number of payroll hours worked (in thousands) was the independent variable. The y-intercept from the regression was 3.8. The slope coefficient was 1.4. The risk manager believes that next year Magruder workers will work 80,000 payroll hours. Based on this information, approximately 116 workers compensation claims should the risk manager expect next year.

155


156

SECTION 10. DIVING INTO DATA

Topic 22. Big Data and Traditional Data Analysis

Topic 23. Modern Data Analysis and Data-Driven Decision Making

157

Section 10. Diving Into Data

Topic 22. Big Data and Traditional Data Analysis Reference: CPCU 500 Online 1st edition, Assignment 10. Module 1, 2

22.a. Big Data Characteristics Big data and risk management are business partners, in a sense. But data

stripped of its context—even at high volume—won’t necessarily help you answer critical questions or make faster, better risk management decisions. You have to also be able to trust the data being used to make those decisions. Part of developing that trust lies in understanding the sources of the myriad streams of data that flow into and out of your organization and the distinguishing features of the types of information those sources offer. Before we examine the ways that big data can be categorized for analysis, let’s first look at five characteristics that make data big:

1. Volume Businesses have access to an enormous amount of data. Organizations collect data from a variety of sources, including business transactions, social media, sensors. In the past, storing current volumes of data would’ve been a problem— but today’s cloud storage technologies have minimized that issue.

2. Variety Big data comes in all types of formats, from structured, numeric, transactional data and social media.

3. Velocity The speed at which data grows and becomes available to a business is unprecedented. Velocity includes the growing rate of change in the types of data and the need to deal with it in a timely manner. Technology, such as radio-frequency identification (RFID) tags, sensors, and smart metering are helping companies deal with torrents of data in near-real time.

4. Veracity This refers to the completeness and accuracy of the data. Unstructured data, by definition, can be uncertain and imprecise. Structured, transactional, and master data may also have flaws because of inadequate edits or user error.

5. Value Big data has great potential to add business value (certainly for risk management), but it must be obtained and analyzed with techniques that provide meaningful results.

158


22.b. Internal and External DataData captured and stored by organizations, categorized as internal data,

includes master data identifying customers, vendors, and prospects; accounting records (sales and purchases, for example); Human Resources records (payroll, vacations, benefits); and employee/customer correspondence (emails, contracts, and so on). Internal data also includes files specific to the type of business. Manufacturers deal with inventory and process controls. Banks maintain customer financial records. Software companies have feature enhancement logs and project tracking records.

External data belongs to an entity other than the organization that would like to acquire and use it. Open data is one type of external data, and anyone can freely use it, as there are no existing legal restrictions on access or usage. Wikipedia is a well-known source of open data. Similarly, public data generally refers to open government records. Sometimes there’s a fine line between internal and external data. For example, external data may become stored as internal data, depending on how it’s to be used.

One example of overlapping internal/external data is the use of vehicle telematics technology. Transportation companies use fleet telematics to monitor a wealth of data about both the vehicle and its operator, captured over cellular connections. Data collected can provide clues for a broad range of improvements, from increasing fuel efficiency and optimizing routes to reducing collisions and saving lives. Transportation companies are investing heavily in telematics to protect their human and physical assets. Vehicle data is more likely internal data, while the driver’s driving habits should probably be categorized as external data.

Privacy issues constitute legal and regulatory concerns when personal information is obtained from public sources, including social media. For example, companies might access credit files or public records of a prospective employee, and in such instances they need to be diligent about informing and, in most cases, gaining consent from a job applicant. The same caution is necessary for banks that must obtain and use credit ratings for both personal and commercial loan applications. Other sources of external data include published statistical data related to demographics, industry trends, survey results, and other subjects. Economic data, such as interest rates, asset prices, and exchange rates, is a commonly used type of third-party data. Consumer Price Index and other information about global, national, or regional economies is also valuable risk analysis data.

159


22.c. Structured and Unstructured DataThe format of data is described as structured or unstructured. Traditional

internal master and transactional data is structured; that is, organized into specific fields in databases. The structure allows for easily linking files to each other. Telematics provides an example of structured external data. A database contains formatted fields for information that transportation companies receive from telematics, such as distance traveled, location, engine temperature, distance from other vehicles or objects, and road conditions.

Unstructured data is not organized into defined fields and is not consistent in format. Prospect notes are an example of internal unstructured data. Although the notes may be contained in a customer relationship management (CRM) database, they’re not likely to be categorized or consistent from one sales rep to another. Unstructured external data includes information from the internet, such as social media sites.

Data analytics is used for both structured and unstructured data, but it’s especially useful for the latter. Information that’s not uniformly formatted or may need contextual interpretation is more difficult to analyze. Risk managers have to use various techniques to gather, categorize, and analyze unstructured data. Two graphs about interest rates, for example, may have different contexts: one may represent historic trends, while the other is related to home mortgages.

Structured data is instrumental in what is known as business intelligence (BI) because it’s quantifiable. It’s formatted in a database, making it easier to search and analyze. Too often, however, business leaders default to snapshots of structured data to make decisions, which can be shortsighted. A strong BI plan also relies on unstructured data for additional insights.

160


22.d. Traditional Data AnalysisBusinesses have long relied on data analysis techniques to evaluate and

improve their risk management decisions. Risk management professionals measure all kinds of data—financial data to improve the bottom line, production data to bolster efficiency, customer feedback data to meet or exceed service standards—and use countless other sources of information to increase the certainty associated with their forecasts. Analytical techniques are therefore vital tools for solving the business problems you’ll confront as a risk management professional. Data analysis is typically used to determine one of these types of outcomes:

A nonnumerical category to which data belongs

For example, a food-products manufacturer may want to identify product categories that would compete with a potential new product.

A numerical answer

A retail chain uses existing data to measure day and hour customer traffic by store.

A probability score based on historical data

A manufacturer may want to determine the probability that a safety solution will reduce the frequency of worker accidents.

A prediction of future results based on current and past data

Revenue predictions for a new product or new market, for example, based on previous similar product sales.

161


22.e. Common Data Analysis Techniques

Exploratory data analysis

The techniques used for exploratory data analysis are relatively simple. They involve charts and graphs that show data patterns and correlations among data.

Classification trees

A supervised learning technique that uses a structure similar to a tree to segment data according to known attributes to determine the value of a categorical target variable.

Regression analysis

Regression analysis is a statistical technique used to estimate relationships between variables. Two types of regression analysis are linear regression and a generalized linear model. The second type of regression analysis is a generalized linear model (GLM), a statistical technique that increases the flexibility of a linear model by linking it with a nonlinear function.

Cluster analysis. A model that determines previously unknown groupings of data.

162


22.f. Exploratory Data Analysis For example, a scatter plot (and its close relative, a bubble plot) is a two-

dimensional plot of point values that represent the relationship (or correlation) between two attributes. A correlation matrix is another type of exploratory data analysis technique.

Say a risk management professional identifies a few attributes to test driver safety. By building a correlation matrix of selected attributes, the graph may indicate that certain combinations of attributes such as variable shifts, age, and overtime, correlate strongly with driver accidents. That, in turn, can lead to revisions in shift assignments and overtime and, subsequently, fewer accidents.

163


22.g. Classification TreesTo solve business problems using data analysis, the data used must usually

have certain relevant characteristics. For example, to determine whether an employee is likely to be able to return to work after an accident, a risk management professional might use such attributes as type of occupation, age, qualifications for retraining, and available positions with lighter physical requirements.

In this example, a classification tree (also known as a decision tree) could be used to segment workers compensation data. The tree would contain nodes, arrows, and leaf nodes. The leaf nodes of the tree indicate the values of the target variable. Each worker’s attributes would follow the arrows of the tree through leaf nodes that segment the data by attribute to an ultimate leaf node labeled “Return to work” or “No return to work.” It is important to understand that these classifications are not necessarily what the actual outcomes will be.

22.h. Cluster AnalysisSometimes, risk management professionals want more information but do

not know the precise nature of that information. For example, to determine whether there is a relationship between the time lag in reporting employee injury claims and the size of those claims, data analytics techniques that use known variables would not be effective. Cluster analysis can be used to search data for previously unknown information or relationships.

There are different methods of cluster analysis that segment data according to similarities in various attributes. And to provide more granular information, several iterations of cluster analysis can be applied to further subdivide clusters. So if an organization identifies segments of customers according to age, it may want to identify characteristics of, for example, millennial customers in an effort to gain insight into applicable products and effective marketing approaches for that group.

Cluster analysis is not so much a typical statistical test as a collection of algorithms that put data into groups or clusters according to well-defined similarity rules. It’s commonly used when a risk management professional has a general problem to solve but does not know the variables a predictive model must analyze to do so.

164


22.1. Question: Big Data and Traditional Data Analysis

1. Velocity is a characteristic that differentiates big data from traditional data.

2. Data analytics is especially useful for Unstructured data.

3. Big data includes Both structured and unstructured data.

4. If an insurer wants to determine the numerical value for a known target variable, it is most likely to use Regression.

5. Technological advancements have led to access to unprecedented volumes and types of data. Social media posts are an example of External unstructured data.

6. Tania works in the fraud unit for Greatview Insurance. There is a claimant who appears to be involved in multiple cases of insurance fraud. Tania decides to use social media to obtain information that may be used to develop a profile of the claimant. Tania's use of social media is an example of Unstructured external data.

7. A risk manager for a grocery store wants to see if there is a correlation between the frequency of customer slip and fall accidents, and the time of day. Bubble plot is a relatively simple data analysis technique that the risk manager could use to determine this correlation.

8. Nancy, the general liability claims manager, is concerned about a significant rise in claim frequency in the state of New Jersey during the past 18 months. She cannot identify the cause of the increase and has asked James, a data analyst, to help. James decides to develop a model to analyze the dataset of New Jersey claims, and see if any previously unknown grouping can be identified for further analysis. James is using Cluster analysis

165


Topic 23. Modern Data Analysis and Data-Driven Decision Making Reference: CPCU 500 Online 1st edition, Assignment 10. Module 3, 4

23.a. Modern Data Analysis Risk managers have always known that they need to acquire information

continually and refine their ability to interpret it in more meaningful ways. Data mining techniques, which are constantly evolving and improving, provide incredible amounts of data, but once an organization amasses data, it must know what to do with it, how to glean insights from it, and then how to transform that awareness into constructive outcomes.

Modern data analysis techniques such as text mining, neural networks, and social network analysis evaluate and attempt to replicate human communication and thinking in order to predict human behavior. Scientists delve deeper into the workings of the human brain, which allows them to refine computer processing and machine learning. In turn, these developing technologies provide risk managers with an expanding supply of resources they can use to better serve their customer.

23.b. Text MiningText mining turns text into numbers that are then used in mathematical

equations or models. The first step of the text mining process is to retrieve and prepare the text. Usually, this data is considered unstructured. What that means is that is the data has no basic, universal organization that makes it easy to put in a matrix format.

By its nature, unstructured data is very difficult to analyze. Therefore, during the second step of the text mining process, the unstructured data needs to be converted into structured data before a modeling algorithm can analyze it. Structured data stores information in a precise, consistent format that can be searched much more easily. Examples of structured text-based data include names, street addresses, and genders.

During the third step, different techniques are used to create a data mining model to help the organization achieve its goals. These techniques involve identifying previously undetected groups of data, finding the most similar instances of data, and predefining certain attributes as target variables.

The fourth step in the text mining model is to evaluate its effectiveness in multiple areas. Obviously, no single approach to collecting and examining data will give an organization all the answers it seeks, and a text mining model's predictions are not always correct. For example, an organization could mine text to rate written customer feedback as positive, negative, or neutral, but context would not be taken into account.

166


Examples of Unstructured Data

23.c. Neural NetworksNeural networks, another modern data analysis technique risk managers

should be familiar with, are a form of artificial intelligence (AI) that enable a computer to learn as it accumulates more data. A neural network's analysis is also referred to as deep learning.

Neural networks comprise three layers: input, hidden, and output. The input layer collects the data to be analyzed, and the output layer offers the results of the analysis. The hidden layer is where all the work takes place. During the input phase, relevant information is entered into the model and assigned an importance level. In the hidden phase, the network executes the mathematical processes it was programmed to perform. The organization reviews the results and compares them with the outcomes it had anticipated. From there, the organization can determine how accurate the model is based on the gap between anticipations and actual results.

The network can then learn from any inaccuracies in its calculations by reversing the process—in other words, entering information that shows what end result is desired and running the process backwards. Alternately running the forward and backward processes numerous times (sometimes hundreds of times) allows the network to teach itself how to arrive at the desired result.

One drawback of neural networks is that they can be overtrained. This occurs when a network reviews data in so much detail that it is unable to operate in a larger framework with other types of data. Another drawback is that the processes undertaken by the network during the hidden phase may be too incomprehensible to be evaluated thoroughly enough.

167


23.d. Social Network AnalysisIn the context of social network analysis, a social network is a group of

individuals who share relationships and the flow of information. The network can consist of humans or websites, computers, animals, organizations, countries, etc., which are referred to as nodes. Each link between two nodes represents their relationship.

Social network analysis measures and charts the relationships between the nodes in a network, along with the flow of communication between them. The effectiveness of the analysis is based on quantifying the relationships between the nodes. The efficiency of the flow between social network connections can be determined through these centrality measures:

Degree A measure of the connections each node has. For example, degree would measure the number of external webpages the organization’s webpage links to or the number of Facebook friends one of its sales associates has.

Closeness The measure of the average distance, or path length, between a particular node and the other nodes in a network. For example, John and Anne both find out that a company policy is changing. Because Anne has a higher closeness to the company’s other employees than does John, as measured through the company’s email traffic, it is reasonable to assume that Anne will spread the news to more people more quickly through email than will John.

Betweenness The measure of how many times a particular node is part of the shortest path between two other nodes in a network. If a scholarly article is posted online and most of its readers click on one of its cited references, read the graduate thesis it cites, and then connect with the thesis’s authors, the article has a high degree of betweenness because it connects two groups of people: the authors of the thesis and the readers of the scholarly article.

168


23.e. Data Science and Data-Driven Decision Making To gain competitive advantage and operate more effectively, risk managers

must be able to properly frame business problems and questions, and then use data science techniques to perform analysis that will improve results. Descriptive, data-driven approaches are used to resolve particular problems. Predictive approaches are used when a risk management team must look forward to evaluate the level of risk and opportunity involved in a business strategy decision that will be repeated.

The Descriptive Approach: The descriptive approach is usually a one-time solution that a risk manager uses to solve a specific problem. Data science is used to provide data that will help solve the problem. Once a resolution to the problem is reached, the particular data-driven model that was used is, at least theoretically, no longer needed. However, if there is a case where the same or a similar problem occurs, the risk manager could perhaps use that model as a template to create a new model.

The Predictive Approach: A predictive approach to data analytics is a method that can be used repeatedly to provide information for data-driven decision making by humans, computers, or both. Predictive modeling involves the use of data, statistical algorithms, and machine learning techniques to identify the likelihood of future outcomes based on historical data. For example, predictive modeling is often used in online advertising and marketing. Predicting responses to a coupon offer or sales from a pay-per-click advertising campaign can be replicated periodically as a marketing strategy.

23.f. A Model for Data-Driven Decision Making in Risk Management

Following an ordered process in decision making will help ensure the best results. The process for data-driven decisions involves these five steps: (1) Defining the risk management problem (2) Gathering quality data (3) Analyzing and modeling (descriptive or predictive) (4) Determining insights: trends, relationships, behavior, events (5) Making decisions.

169


23.1. Question: Modern Data Analysis and Data-Driven Decision Making

1. The predictive approach to data-driven decision making would be most appropriate for that A transportation company is looking for a way to optimize routes and improve fuel efficiency.

2. The text in organizational files, social media posts, news stories, consumer reviews, and so forth is not automatically meaningful to a machine or an algorithm.

3. The important first step in a decision-making model is to Define the problem.

4. A data analysis technique that an insurer would likely use to analyze claims adjusters' notes is Text mining.

5. Neural networks is a data analysis technique that operates in a way similar to the human brain.

6. Discovering new relationships in data is a way that insurers and risk managers can use data science to improve their results through data-driven decision making.

7. Tom, the regional manager at Westfork Mutual, has planned a community service day for all employees. He has asked his two assistant managers, Julian and Leah, to spread the word to other employees and encourage them to attend. Based on centrality measures of the company's email traffic, Tom is confident that Julian will spread the word to more employees more quickly through email than will Leah. Tom's confidence is based on Julian's high score in Closeness.

170

SECTION 11. BUILDING CONSENSUS

Topic 24. Communicating and Collaborating About Risk

Topic 25. Collaborating With Experts About Risk and Delivering Your Message

171

Section 11. Building Consensus

Topic 24. Communicating and Collaborating About Risk Reference: CPCU 500 Online 1st edition, Assignment 11. Module 1, 2

24.a. Fundamentals of Effective Communication Effective communication habits are essential to business success. Good

communication increases productivity, reduces confusion, mitigates conflict, and improves morale. The communication process includes speaking, analytical, and organizational skills. In addition to helping the listener obtain information, active listening develops trust and positive relationships. Good communicators foster two-way communication by sending "I" messages and supporting diversity through nondirective techniques.

When disagreeing or identifying difficulties with someone, it's best to send "I" messages. However, people tend to do the opposite in such situations, instead stating their dissatisfaction through "you" messages. For example, when talking with a subordinate who is underperforming, a manager may want to say something like, "Rebecca, you're not doing a good job managing your clients." While this may be accurate, the more constructive and less-deflating way to deliver the same criticism is by sending an "I" message, such as, "Rebecca, I think there is room for improvement in the way you manage your clients."

24.b. The Communication ProcessBefore speaking with a group or individual, it's important to step back and

establish a plan that ensures the most clear and productive communication process. Here are some ways to do this: (1) Set a clear communication objective. Prior to the conversation, ask yourself, What do you want the other person(s) to do as a result of this message? Having an objective in mind will help you best present your message. (2) Analyze your audience. What's the person or group's knowledge of the subject or background of the situation? Using so-called big words and complex phrases does not make you sound smarter or more professional. (3) Decide when and where to talk. The length and importance of your message should be the determining factors. (4) Pay attention to your body language. Your posture, tone of voice, and movements play a key role in connecting with your audience and conveying confidence. (5) Ask for feedback. To determine whether your message has been understood, request feedback. Asking questions such as, "Do you see any problems with this?"

172


24.c. Delivering Difficult MessagesAt times, you will have to deliver messages that recipients won't want to

hear. These messages bring with them a high potential for conflict. But there are ways to minimize or even prevent defensive reactions. For starters, don't blame the other person. Instead, make it clear that you object to a specific kind of behavior, action, or (if you are a manager) performance level or that you disagree with a specific position or decision.

It's also important to avoid broad generalizations. Avoid words such as "always," "never," and "all." Instead, state specifically what you disagree with. Lastly, it's good practice to avoid sounding hostile while trying to be assertive. It's OK to show conviction about how you feel and confidence in your perceptions. Hostility, however, implies that the other person is to blame and increases conflict.

24.d. Active Listening Becoming an effective listener requires mastering the techniques of active

listening, which encourage the expression of ideas and feelings. Active listening consists of three elements: attention, suspension of judgment, and response.

(1) Attention: Most people admit to having a short attention span. We're easily distracted by the sights and sounds around us and by our own thoughts. Active listening demands a concentrated effort to pay complete attention to what the other person is saying.

(2) Suspension of Judgment: You must withhold judgments, especially good/bad and right/wrong ones about the message or speaker, during the presentation. Any hint of disapproval can give the person reason to hesitate sharing with you.

(3) Response: Active listening requires giving appropriate responses. The overall guideline is to avoid introducing a new idea. The Paraphrase Response: How can you practice active listening in your day-to-day communication with others? Active listening often employs three steps: (a) listening to a message, (b) paraphrasing, or restating in your own words the message you received, and (c) “feeding” the paraphrased message back to the speaker for confirmation. For example, you might say, “What I hear you saying is ____. Is this correct?”

173


24.e. Communicating and Collaborating About Risk Every step in the risk management process, from scanning the environment

to monitoring and reviewing the chosen risk management strategies, is dependent on communicating and collaborating with internal and external stakeholders. This holistic approach that results is referred to as enterprise risk management (ERM).

Scan the Environment

Scanning the environment cannot be completed without seeking input from experts within and outside the risk professional’s organization. Internally, communications should focus on the organization’s objectives and how they could be affected by possible risks.

Identify Risks

Because the purpose of risk identification is to determine the cause, likelihood, and potential consequences of any identified risks, risk professionals often seek advice and insights from various experts.

Analyze Risks

Risk analysis can be straightforward or complex. Data analysts often collaborate with risk professionals to help them understand certain complex risks. Even if the risk professional is acquainted with the organization’s risk appetite, he or she also needs to take into account the specialized knowledge of outside experts to identify the organization's key risks.

Treat Risks When determining how risks should be treated, whether by avoiding them, modifying their likelihood or impact, or transferring them, risk professionals should take advantage of the organization's internal expertise. After deciding which course of action to take, it is just as important to communicate the decision up the organization's chain of command. The decision has to be supported by the available data, which should be summarized as clearly and concisely as possible.

Monitor and Review

Given that the advice and consultation of internal and external experts has been crucial to risk management up to this point, it may be obvious that continued consultation is crucial to the continued monitoring and review of the chosen risk treatment solutions.

174


24.1. Question: Communicating and Collaborating About Risk

1. Having the wrong people attend is a common problem with meetings that leaders should try to avoid.

2. Julian was having a conversation with Tania, one of his employees. At one point, Julian said, "What I hear you say is that you would like to take on more responsibility. Is that correct?" Julian was illustrating Response as one of the elements of active listening.

3. Asking a question such as "How do you think this will work out?" can help a speaker do Request feedback and determine if the message has been understood.

4. Before speaking with a group or individual, the speaker should think about what he or she wants the other person(s) to do as a result of the conversation. By doing this, Setting a clear communication objective in the communication process complete.

5. Internal auditing is an internal source that can often provide information regarding risks that aren't obvious.

6. Risk management professionals must collaborate with data analysts during Analyze risks and monitor risk treatments steps of the risk management process.

7. Collaboration occurs when individuals, departments, or teams from different areas work together to accomplish a shared organizational goal.

8. Conor needs to deliver an important message to his staff. He has scheduled a meeting in a conference room with his staff of 10 individuals. The best way for Conor to use his body language to convey confidence in his message and interest in his staff is that Conor should sit up and lean slightly toward the audience.

9. Samuel was recently hired as a risk management professional for Parker Property Management. He has been asked by senior management to review the organization's current insurance policies to make sure that the organization is adequately protected, and also see if there are any opportunities to save on the premiums. Samuel must Determine the organization's risk appetite through internal communication before he will be able to complete this task.

10. Hanna is preparing her presentation for a meeting. She has a very specific objective which has been shared with the audience. Hanna wants to include several slides in her presentation because she has read that people tend to learn more from presentations that are accompanied by visual aids. Hanna should use the slides to Emphasize key points.

175


11. Carla, the risk manager, was asked by senior management to deliver a presentation on cyber risk at an all employees meeting. Even though she was only allotted 30 minutes for her presentation, Carla felt that cyber risk was a very real risk for the corporation and she wanted employees to leave with some fear of it. She wanted to provide employees with as much technical information as possible, and familiarize them with all of the important jargon. Less than 20 minutes into her presentation, Carla could tell that many of the employees were not paying any attention to her presentation. Analyze your audience steps in the communication process had Carla failed to consider.

176


Topic 25. Collaborating With Experts About Risk and Delivering Your Message Reference: CPCU 500 Online 1st edition, Assignment 11. Module 3, 4, 5

25.a. The Importance of Collaboration in Risk Management Holistic risk management requires the entire organization to be on the

same page when it comes to managing risks—i.e., risk management needs to be a collaborative effort. Cyber risk provides a good example of why collaboration is needed. Virtually every business unit faces some cyber risk, and the risk arising from any one unit could also affect other units or the organization as a whole.

The first step to fostering collaboration with internal and external stakeholders is developing a broad perspective of the organization and its interactions with stakeholders. In particular, it requires understanding what demands are placed on them from their managers and what their work environments look like. Collaboration requires knowing about the work performed by other units in the organization and external stakeholders.

Gaining a holistic perspective requires ongoing two-way communication with other business units and stakeholders. Develop a conviction for establishing and maintaining good communications and relations with those stakeholders. In addition, cultivate a sensitivity to lapses in effective communication. When key stakeholders fail to communicate with each other, reestablish the connection.

25.b. Motivate WorkersAn essential part of getting people to collaborate is motivating them to

work with others. These are some effective techniques for motivating supervisors, employees, customers, and other third parties to collaborate to achieve a shared goal: (1) Get to know as much as possible about the other stakeholders. When people know that you're open to their point of view, it makes them more inclined to work with you. (2) Seek stakeholder input when making decisions. Being consulted is in itself a motivator. Plus, seeking input from everyone fosters greater acceptance of decisions. (3) Examine how collaborators want to be rewarded. (4) Seek feedback on yourself from peers, managers, and subordinates. People want to team up with others who are accountable and amenable to criticism. (5) When revising job duties, try to enrich individuals' work rather than merely expand it. (6) Request (and, if necessary, fight for) equipment, staff, and other resources needed to support stakeholders. (7) Help team members see the big picture. Help team members understand how their work contributes to the achievement of a shared goal.

177


25.c. Collaborating With Experts About Risk Collaboration with internal and external experts plays a major role in

updating and enhancing an organization's risk management approach. There are two key tasks at which a risk professional needs to excel when working with subject-matter experts:

Asking the Right Questions of the Right People: Before conducting research by asking questions of experts, a risk professional needs to research what kinds of questions should be asked and of whom. For an organization to put information to use, it must have the necessary skills and resources to gather, manage, and understand the data. It's common for the risk professional to take on this role. When soliciting input from external subject-matter experts, risk professionals should research the applicable field to get a working understanding of the topics to be discussed.

Understanding the Answers: Beyond understanding the answers to his or her questions, a risk professional must understand how the answers relate to the objectives and concerns of the organization. The risk professional will need to lay out all of the potential risks cited by the subject-matter experts, identify those that are most likely to affect the organization, assess their potential severity, and recommend a treatment technique, such as avoidance, transfer, or reduction. In this effort, predictive modeling can help triage potential risks for treatment.

25.d. Delivering Your Message In business, being a willing and open communicator has little value unless

you can also convey messages clearly. Learning how to get internal and external stakeholders to grasp your point of view and knowing how to create persuasive messages will help you gain buy-in from decision makers and forge team collaboration.

The three modes of persuasion are ethos, logos, and pathos. Greek words coined by Aristotle, they are considered the three artistic proofs for convincing people. Ethos means "character" and refers to the need to establish the speaker's credibility. Logos means "reason" and refers to the need to support a message, claim, or argument with evidence. Pathos means "emotion" and refers to the need to make an emotional appeal to the audience. This section will detail these modes of persuasion.

178


25.e. Convey Nonverbal Message and Lead Effective Meetings Convey the Right Nonverbal Message: How you say something is often as

important as what you say, so you need to complement verbal messages with appropriate, effective nonverbal messages. People send nonverbal messages through tone of voice, level of eye contact, and body language.

Lead Effective Meetings: Effective meetings don't happen by chance. They are carefully planned. To ensure an effective meeting, you must define specific objectives. Then you can decide who to invite to the meeting. A plan for meeting your objectives should exist at the end of the meeting. Three additional keys to effective meetings are a strong opening, succinct supporting material, and a powerful conclusion.

25.f. Resolve Common ProblemsNow let's take a look at how to tackle two of the most common problems

that create confusion and communication breakdowns: hidden agendas and status differences.

Hidden Agendas: A hidden agenda is a concern that affects a person’s behavior but isn't openly stated by the person. Hidden agendas can be detrimental to the communication process because people who employ them may attempt to steer conversations down paths that benefit them—without informing others of their intent. This can lead to a dismissal of your message. Therefore, you should attempt to bring hidden agendas into the open. If you suspect that a person’s comments are the result of a hidden agenda, ask questions or state your observations and ask for the person’s reaction.

Status Differences: Differences in the informal status and formal rank of participants often hamper communication. People hesitate to contradict people with greater knowledge, standing, or experience. This can lead to a lack of engagement from those who disagree with someone's message but are reluctant to speak up. One way to avoid this is by asking for ideas from lower-level persons before turning to those of higher standing. You could also ask higher-ranking individuals to concentrate only on certain aspects of the topic.

179


25.1. Question: Collaborating With Experts About Risk and Delivering Your Message

1. In order to achieve collaboration, group leaders must Remain focused on preventing stakeholders from straying from the common goal.

2. When communicating a decision up the organization's chain of command, consulting with outside experts can help a risk management professional Enhance stakeholders' confidence in the process.

3. William is a project manager for Parker International. He has been assigned a key project with a short deadline. William realizes that this project is going to require revising the job duties of some individuals and a collaborative effort from of all team members. When revising job duties, William should Try to enrich individuals' work rather than merely expand it.

4. Lucas, a risk professional for Jones Incorporated, recently met with experts from the utility industry to discuss the potential loss of supply and risks to the infrastructure. Lucas must now decide which risks, and proposed treatments, need to be communicated to the board of Jones Incorporated. Lucas should make this decision based on The organization's risk appetite and tolerance levels.

5. Gaining a holistic perspective requires Developing a thorough understanding of each unit's role and how it supports or depends on other units and stakeholders.

6. After meeting with an external expert on climate change, an organization's risk professional will need to do all of the following: Identify those risks that are most likely to affect the organization, Assess the potential severity of the risks to the organization, Recommend a treatment technique for risks with severe potential.

7. When addressing individuals of different status levels, it is best to ask for ideas from lower-level persons before turning to those of higher standing.

8. Shelton Manufacturing executives are growing increasingly concerned about wildfires and the potential effects on supply chain management. As the risk professional, Carla has been asked to meet with experts on the subject and report back to the executive team. Carla should research the field and get a working understanding of wildfires, before meeting with external wildfire experts

9. Olivia is planning a meeting to explain a new cyber security procedure. She expects that the meeting will be impeded by hidden agendas. The best way for Olivia to deal with potential hidden agendas is that Olivia should start the meeting by asking participants to state their concerns or feeling about the procedure.

[THE END]

180

section 8 optimizing risk strategic advantage

Documents