Risk Versus Risk

One of the most critical processes in managing projects are those addressing project risks.  Some writers go so far as to call risk managent 'project management for adults'.  The implication being that if you’re not doing risk management in your project, then you’re just a kid, you haven’t grown up yet, and have no place among grown-ups (I agree with this view, by the way).

When asked what risk is, quite a few will give an answer that goes something like: 'a risk anything that can go wrong.'  In this view, a risk is something that can go wrong, and therefore risk management is about addressing those things that can go wrong.

But there is another, less commonly known, view of risk.   In this view, risk is something uncertain that may affect the project.  Not something necessarily bad, but something uncertain. 

Let's suppose you are planning a picnic for tomorrow.  Being an adult, you have prepared a risk management plan (your picnics may be boring, but they are predictable).  You have an entry for weather in your risk plan.  In the first view of risk, you look at the weather and look for something that could 'go wrong' that could negatively affect your picnic.  Is it going to rain tomorrow?  If there's a chance of rain, what can we do to mitigate the effects of this rain on the picnic? Perhaps bring an umbrella.  Perhaps plan to hold the picnic nearby an accessible shelter, to make escaping from the rain easier.

In the second view, we look at the weather not as something that is the harbinger of something that can go wrong, but simply something uncertain.  So there's a 50% chance of rain.  Let's prepare for that eventuality.  But there's also a 50% chance of no rain. Let's also prepare for that happy eventuality as well -- perhaps plan to go to a place with a nicer view if the weather clears up.

With this second view, risk is not simply viewed as about bad circumstances that can happen, but simply about all uncertain circumstances. Circumstances which can indeed turn out bad (and whose effects we should be ready to address), but which can also turn out good (which we should be ready to take advantage of).

In the first view, we simply prepared ourselves for the worst.  But in the second view, we also prepared ourselves for the best.

Assumptions

Until we develop the ability to see the future, projects and programmes will have to be run in the face of uncertainty.

In the absence of complete information, assumptions will have to be made. Otherwise decisions cannot be made and activities will stall. At least some of these assumptions are documented in the projects. In the more badly run projects, the assumptions are there uncritically reviewed. Because a project is proceeding as if these assumptions are valid, it is critically important to review the assumptions.

You are trying to cross a bridge and making the assumption that the floor is sound. You have several choices: make the assumption, and proceed to walk normally as if the assumption is correct. You can also make the assumption, keeping in mind that you could be wrong, and proceed with caution, testing every step to see if the assumption holds. You can also, before, proceeding, inspect the bridge, and gather more information about the assumption. How likely is the assumption to be correct? How likely is it wrong? Apart from
physical inspection you can observe the environment. Are locals crossing the bridge? Are there local experts who know if the bridge is sound?

Because the assumptions are the 'floor' on which the programme will be proceeding, it is critical to review these assumptions to see how sound they are. These assumptions should be looked at with the following filters:

• Are they complete? Are these the only critical assumptions?
• Are they valid? Are we making assumptions about things that are not already known to be false?
• Do we have a plan for reviewing the assumptions at a later date, when we may have more information and able to verify or reject the assumptions.
• Have we identified the risks that will arise if the assumptions on which we are proceeding are proven false?

ERM is an Integrative Approach to Risk Management

Risk management as traditionally practiced in organisations, tended to be silo-based.  Risks originating from one area is expected to be managed in that area which is assigned the responsibility for managing, while risks originating from another area is managed by that area. 

One reason Chapman gives as to why this approach developed is our tendency to compartmentalise. Our analytical mindset approach to problem solving leads us to split things into their basic components, to make them easier to manage. 

Over the years, there have been growing recognition that the silo-based approach is flawed.  The impact of risks span across silos -- a breakdown in manufacturing leads to impacts well beyond the manufacturing department.  Mismanagement of risk in one silo affects other silos, which may not be prepared for that risk because they had assumed that other area was managing that risk.  

ERM is a new approach to managing risk.  The thrust is of ERM is the integrative management of risks, understanding the interdependencies, their impacts, and areas where they can be leveraged so that addressing a single cause can prevent multiple risks.

Reference: Chapman, Robert. Simple Tools and Techniques for Enterprise Risk Management 2006.

Tools and Techniques of Enterprise Risk Management, Part 1

I’m going to go through Robert Chapman’s ERM book.  Based on the table of contents, the first part of the book what ERM is. Part II is about ‘The Appointment’ or what I think is a discussion of the engagement process.  The table of contents covers topics about interviewing the client, preparing the proposal, and implementation (of what, I am not sure yet).

Part II covers the Risk Management Process.  It seems to be about a fairly standard process: Analysis of the Business, Risk Identification, Risk Assessment, Risk Planning, and Risk Management.

Part IV covers ‘Internal Influences’ which I think is about internally generated risks.  The table of contents says it covers Financial Risk Management, Operational Risk Management, and Technological Risk.

The final part covers ‘External Influences’ which seems like about risks generated externally.  It discusses Economic, Environmental, Legal, Political, Market, and Social risks.

Finally there are 14 short Appendixes which discuss techniques like SWOT, PEST, VRIO analysis, Change Management, among other topics.

Ten Rules of Effective Language

One of the challenges risk professionals wrestle with is how to convince stakeholders to take specific actions,  such as proactively identifying risks. These stakeholders can be individuals, or they can be organisations.  While these stakeholders are not necessarily reluctant to comply with the requirements of proper risk management, they do have to deal with their own realities, including other demands on their energy,  or simply a perception that risk management is a waste of time.

Perception is reality, as the saying goes.  If you want to change reality, you have to change perception.  And one way to change perception is through communication.  A risk professional often needs to organisational action through reports and recommendations and also through interpersonal communication.

Dr. Frank Luntz, who apparently is a highly sought political speech writer, provides ten rules for effective language in his book, “Words that Work”.   I think when he came up with these rules, he was thinking in the in the context of public speeches, political messages,  and media relations.  But his rules seem a useful guide for a launching  a coordinated approach to getting your message across. 

In summary his rules are:

1. Use Small Words.  Use only words that you are certain your audience understands.  Don’t risk getting your message misunderstood. 
2. Use Short Sentences. If you can deliver the same message using a dozen words, do not do so with a thousand.  Not only are fewer words easier to remember, you stand a better chance at having your writing  read.
3. Credibility is as Important as Philosophy. Make sure you are telling the truth.  Very catchy marketing of something false will fool some people for a little while, but not for long, and not again. 
4. Consistency Matters. This is a nice way of saying: repeat the message over and over, using the same words if possible.  Drill the message in. Repeat until it becomes the truth.  And don’t change your message. Don’t change what you are trying to say.
5. Novelty: Offer Something New. Add a new twist on the language or coin a new phrase that capture the message vividly and clearly and memorably.  Definitely avoid clichés. Avoid it like the plague ;-).
6. Sound and Texture Matter. A slogan that makes sound (like ‘Snap, Crackle, Pop!’) helps make the slogan memorable.  Alternatively, come up with combinations of words that make a distinctive sound (‘Melts in your mouth…’)
7. Speak Aspirationally. Show the way to an ideal place. He gives the example of Crest toothpaste’s “Look ma, no cavities”. Tap into the audience’s aspirations and ideals.
8. Visualize.  Paint a picture with your words.
9. Ask a Question. Engage the listener by asking a relevant and memorable question.  Note that it is a single question, not several.
10. Provide Context and Explain Relevance. Make it very clear ‘why’ you are telling them what you are going to tell them. Give context to your message.

Luntz summarises these ten rules with ten words: simplicity, brevity, credibility, consistency, novelty, sound, aspiration, visualisation, questioning, and context.

You don’t have to follow all his rules for every message you want to get across.  I don’t think that’s possible, nor is it Luntz’s intention.  However, the list is useful as a guide for formulating a memorable message.

A Framework for Risk Management

Froot, Scharfstein, and Stein

The purpose of risk management for an organisation is to ensure availability of funds for financing investments.  Risk management does not create new wealth; investment does. Wealth-creating investment is only possible if there are funds available to finance it. Risk management must be used to ensure the organisation has enough funds to finance its wealth-creating investments should events arise that threaten the availability of funds.

The best funds to use for funding investments are funds created internally.  Funds obtained through debt make the company less attractive for further debt, which may result in a dangerous spiral where it cannot obtain debts when it needs them.  Funds raised from equity raise the problem of investors knowing that organisations sell equity when they know it is overpriced.  So despite Modigliani and Miller, who posited that how the funds are obtained is generally irrelevant, internally generated cash is best for funding further investments.

Hedging is one way to insulate the organisation from fluctuations of funds availability.

To determine what to hedge, think about events you wish to hedge against, and understand the impact of that event to your cashflow requirements for funding wealth-creating investments.  For example, if your company manufactures in Europe (Euro) and sells in the USA. Suppose the Euro appreciates thus making sales in the USA slower. Then cashflow is lessened because a) there is less product demand in the USA and b) the value of dollar sales has decreased comapred to Euro, therefore, there is little incentive to further increase production capacity in Europe, therefore there is lessened need for cashflow during the time.  Thus there is little need to hedge.

However, if opposite occurs, and the Euro depreciates, then sales to the US can be expected to increase (cheaper products), however,

Risk management “lets companies borrow from themselves” by shifting funds to when they are more needed.

The goal is to align the internal supply of funds with the demand for funds. The goal is not to insure against the events (such as exchange rate fluctuations) but to ensure the company has the cash it needs during such times.

The company shouldn’t need to worry much about its own stock prices.  That is a problem for individual investors. They can mitigate that risk through diversification.

Choices of which financial instrument to use must not be left to financial engineers. Managers must align the instrument to the corporate goal – which is to ensure availability of cash appropriate to the environment it is hedging against.

Two key issues in derivative features is mark-to-market vs over the counter. In the former, you need to top up daily to compensate for short term losses. In the latter you only need to pay at maturity date.  The other feature is linearity vs non-linearity. Futures and forward contracts may have no floor. There is symmetry in your gain or loss. Options allows setting a floor to loss, while keeping the option to benefit from the event.

The Risk-Return Effects of Strategic Responsiveness: A Simulation Analysis

Torben Juul Andersen and Richard A. Bettis

Summary:

Companies in turbulent dynamic markets experience volatility in their performance. The turbulence described here is not only a case of going back and forth, or cyclical changes, but a case of structural changes.   Companies need to undergo learning about the new changes, devise new strategies to adapt to the changed market and implement those strategies.  This is called strategic responsiveness.

The paper creates a simulation model to determine the risk and return effects of being strategically responsive.

Organisations learn in at least three ways. One, they gain new knowledge (perhaps a better mental model) and notice that current peformance can be improved.

First order learning involves improving current processes. Second order learning creates new knowledge which changes practices.  Continuous improvement may lead to very efficient processes that are no longer required.

Competitive advantage arises from knowledge creation which increases range of strategy options.  Market learning which is about acquiring insights about market conditions prepares the way to taking steps to capitalise on the market condition.

The simulation model finds that strategic responsiveness does play a part in improving performance in a dynamic environment.  It does not require perfect learning since perfect learning costs more and the extra cost offsets the improvement in cashflow.  Strategic responsiveness is a way to achieve higher performance at lower risk.