8   |   Risk Assessment in Practice   |   Thought Leadership in ERM



        Assess Risks

        Risk assessment is often performed as a two-stage   The quality of the analysis depends on the accuracy and
        process. An initial screening of the risks and opportunities   completeness of the numerical values and the validity of the
        is performed using qualitative techniques followed by a   models used. Model assumptions and uncertainty should be
        more quantitative treatment of the most important risks and   clearly communicated and evaluated using techniques such
        opportunities lending themselves to quantification (not all   as sensitivity analysis.
        risks are meaningfully quantifiable). Qualitative assessment
        consists of assessing each risk and opportunity according   Both qualitative and quantitative techniques have advantages
        to descriptive scales as described in the previous section.   and disadvantages. Most enterprises begin with qualitative
        Quantitative analysis requires numerical values for both   assessments and develop quantitative capabilities over time
        impact and likelihood using data from a variety of sources.   as their decision-making needs dictate.


          Measurement Techniques Comparison

          Technique    Advantages                            Disadvantages
          Qualitative   •  Is relatively quick and easy      •  Gives limited differentiation between levels of
                       •  Provides rich information beyond        risk (i.e. very high, high, medium, and low)
                         financial impact and likelihood such as    •  Is imprecise – risk events that plot within the
                         vulnerability, speed of onset, and     same risk level can represent substantially
                         non-financial impacts such as health       different amounts of risk
                         and safety and reputation           •  Cannot numerically aggregate or address risk
                       •  Is easily understood by a large number     interactions and correlations
                         of employees who may not be trained    •  Provides limited ability to perform cost-benefit
                         in sophisticated quantification         analysis
                         techniques
          Quantitative  •  Allows numerical aggregation taking     •  Can be time-consuming and costly, especially
                         into account risk interactions when        at first during model development
                         using an “at risk” measure such as  •  Must choose units of measure such as dollars
                         Cash Flow at Risk                     and annual frequency which may result
                       •  Permits cost-benefit analysis of risk        in qualitative impacts being overlooked
                         response options                    •  Use of numbers may imply greater precision
                       •  Enables risk-based capital allocation    than the uncertainty of inputs warrants
                         to business activities with optimal   •  Assumptions may not be apparent
                         risk-return
                       •  Helps compute capital requirements
                         to maintain solvency under extreme
                         conditions



























        w w w . c o s o . o r g