My thinking is informed by people with decades of experience in risk management and commerce, the top 3 – "risk olympians" – being:
- Dave Ingram : Dave sets a standard for writing to which I aspire: to the point, almost always relevant to me and leaving me wanting more.
- Matthew Leitch : In 10 years as a consultant Matthew has thought and done lot. Some of my best ideas were written about by him 10+ years ago.
- William Panning : William takes a narrow path, incorporating robust thought and practical application. Managing the Invisible was formative for me.
Of the many writers I have read and respect these are my (alphabetically ordered) medal winners, whose work I revisit most often, either mentally or via Google.
Whether it's risk registers, risk-control matrices, explanatory optimisation models or avoiding Xbox risk management, I've borrowed and referenced extensively. Often I've tried to make improvements. Sometimes I've developed software e.g. online risk registers and value optimisation. I aim to always reference and link.
I hope you find the material below and on this site helpful.
External links: the risk olympians
Dave Ingram | visit Dave's website
Dave Ingram is a member of Willis Re's Analytics team, providing ERM, risk and capital management advisory services to Willis Re’s insurance clients.
Dave was previously the Senior Director, ERM in the Insurance Ratings Group of Standard and Poor’s, New York. In that position, he spearheaded S&P’s initiative to incorporate ERM as one of the primary ratings criteria and the development of the framework for reviewing economic capital models.
During 7 years as a Consulting Actuary with Milliman, Dave consulted on risk management and risk analysis. Dave also has over 20 years of actuarial and general management experience in the insurance industry, as corporate actuary, business unit head, planning officer, ALM and pension actuary for a major US insurer.
Dave has authored over 40 published articles relating to ERM. His "Risk and Light" won the 2009 Best Practical Paper award at the ERM Symposium. Founder of the International Network of Actuarial Risk Managers, he is chair of the Enterprise and Financial Risks Committee of the International Actuarial Association.
Dave is a graduate of Lehigh University with a BA in Mathematics and a concentration in journalism. Archive of Dave Ingram Publications.
- ERM and the hierarchy of corporate needs : Useful medicine against the "risk drives everything we do" nonsense. Risk management is the third priority.
- Uncertain decisions : A helpful decision-focused approach to risk management and ERM, whether or not those decisions are taken by the "front line".
- What CEOs think about risk : Different ways of doing risk management, and how the CEO preference may not tie in with the approach of most ERM systems.
- A gigantic risk management entertainment system : Your shiny risk management system might be less valuable than an Xbox.
- A risk register is the siren song of risk management : Risk registers can become dangerous and obsessive eye candy, luring us on to the rocks. Beware.
- Just stop IT now, and don't do IT again : A crisp explanation of why, despite some guidance, likelihood and impact is almost never the right approach.
- Frequency vs. Likelihood : Gives numerical examples that should sharpen our thinking about risk assessment. Plus a short reason to "think likelihood".
- Insurers need to adapt COSO/ISO risk management to achieve ERM : Suggests improvements regarding (1) risk measurement and (2) who is shown what.
- Comprehensive Actuarial Risk Evaluation : CARE recommends an evaluation framework which takes account of the multi-dimensional nature of risk.
- Why isn't strategic risk included in ERM? : Suggests possible reasons, while highlighting the importance of this risk. Includes some sobering failure statistics.
- Instructions for a 17 step ORSA process : Written primarily for a US audience, UK readers may also benefit from this structured approach.
- ORSA: AC – ST > RCS : Suggests that at least some ORSA stress tests should show falling below your required capital and the link to management action.
- The "riskiest" position allowed by the risk appetite : Covers an imaginative idea: what happens if everyone pushes out to the maximum allowable risk?
- Knowing the results from stress tests in advance : How to develop a useful "story" within your ORSA without lapsing into pure subjectivity or gibberish.
- Who are we kidding? : A short and simple explanation of why estimation at the 1-in-200 level is so difficult. The real question: "what are we doing about it?"
- One in two hundred : A nice explanation of the real rationale behind 1-in-200. The scary thing, perhaps, is how little science backs the assumption.
Matthew Leitch | visit Matthew's website
Matthew Leitch has an interesting and varied background and I consider him a guru of risk management; in the past, I have turned to him for advice. He has been an independent consultant for over a decade, is hugely knowledgeable, and is a strong designer. He has been a key figure in the development of risk management standards in the UK and has received two Distinguished Service Certificates from the British Standards Institution.
- Integration in future risk management guidance and standards : Pointers to the state of public sector risk management. An Appendix with 7 techniques.
- Relevant authoritative guidance : There is more (and better) than COSO and ISO31000. Examples of practical and robust guidance. I call it "free money".
- Risk register studies: an introduction : "Like them or loathe them, risk registers are an unavoidable fact of life in many organizations." So get more from them.
- Impact spread : Study 1 warns us to be careful of using the phrase "the" impact. I predict that this will become a disastrous example of unknown knowns.
- Causal links within and between risk register items : In study 2 we are reminded of links between risks and the limited ways in which registers reflect this.
- Risk meters : Showing that probability-impact is flawed is child's play. Showing practical improvements is the challenge. Here's a really fine response.
- Making sense of risk appetite, tolerance and acceptance : The purpose of regulators requiring risk appetite statements was not to introduce terminology wars.
- The real reasons we avoid risk : Sharp thinking on risk aversion and decision making. Surprising little of the financial risk management literature tackles this.
- Fixing the 'risk management' process diagram : A decision-focused view of uncertainty, radically updating the "risk management process diagram".
- Risk modeling alternatives for risk registers : For people who want to design a useful and efficient way to quantify risks on a risk register.
- Designing intelligent internal control systems : A forerunner to Matthew's book, introducing 15 intelligent control techniques. Have your eyes opened.
- Intelligent Internal Control and Risk Management : Controls are the poor relation to risks. Read this to get better operational risk management and more.
William Panning | visit William's website
William Panning has published more than sixty articles on ERM and related topics. Three have won prizes for excellence, three have been adopted by the Casualty Actuarial Society for their examination syllabus and two have been adopted by the Society of Actuaries.
In 2007 he received a Lifetime Achievement Award from the Insurance Education Institute and the Reinsurance Association of America for "contributions to educating insurance professionals and improving the way in which risk is measured."
William earned a Ph.D. at the University of Pennsylvania, taught at the Wharton School, and later worked as a "quant", investment strategist, portfolio manager, and senior executive at The Hartford, Aetna, MetLife and other firms.
- Managing the Invisible: Measuring Risk, Managing Capital : Received the first ERM Research Excellence Award from The Actuarial Foundation.
- Measuring Interest Rate Risk : This extends the results of the paper listed below, and provides an improved notation and streamlined presentation of results.
- Asset-Liability Management for a Going Concern : Selected by the Casualty Actuarial Society, and by the Society of Actuaries, as a Syllabus paper.
- Measuring Loss Reserve Uncertainty : Received the Charles A. Hachemeister Award from the Casualty Actuarial Society
- Default Risk and the Effective Duration of Bonds : Received the Graham-Dodd Award of Excellence from the Association for Investment Management Research
- Birds, Bees, and Bonds: Genetic Algorithms and Investment Strategy : A scanned pdf of an interesting area!
- Benchmarking Investment Performance : A panel discussion transcript. Investment performance is considered without and with reference to (insurer) liabilities.
- The Strategic Uses of Value at Risk : Applies VaR to decisions with long-term uncertainty. Tackles estimation, asset management and non-balance sheet risks.
- The Paradox of Performance Measurement : Linking investment and insurance, this paper shows William's academic background and commercial experience.
The "better" series
I take an area of risk management which gets relatively high exposure and explain how I think it can be done more efficiently or effectively.
- Better enterprise risk management : ERM can seem like a very big project. You can de-risk that project by improving your risk management little by little.
- Better risk assessment : I explain how flawed assessment methodologies are hardwired into some forms of risk management and give solutions.
- Better risk classification : The traditional classification of type, probability and impact is bad for your (risk-adjusted) health. This article offers an alternative.
- Better risk framework : Compare the 4A minimalist and governance-lite risk framework with the full fat version. The article giving rise to the 4ARM name.
- Better risk process : Have you got a risk process with lots of arrows and "risk entertainment" but little action? Take some advice from Elvis.
The "risk register" series
User beware. Many risk experts have warned of the common flaws in risk registers. It doesn't have to be this way. The first half of the set of articles below is generally positive, starting with how five potential audiences might make better use of risk registers. The second half warns of some really dangerous flaws.
- Risk registers: who, what, why and how? : Starting with the positive we ask the basic and practical question: how can we best use risk registers?
- Risk registers: good, bad, odd and ugly use : For most organisations risk registers work best alongside other tools. This article compares them to models.
- Risk management is more than risk registers : Why we should be asking both more and less of our risk registers. Includes a range of additional tools.
- Risk registers: the claimed flaws : A list of claimed flaws, with brief comments, plus a brief look at Matthew Leitch's critique of "Risk Listing".
- Risk registers: what your auditor probably won't tell you : Is your risk register inconsistent and incomplete by design? An accident waiting to happen?
- Risk is more than events : Risk registers often focus on future things that might / might not happen. But the most areas of uncertainty are not usually events.
- How to miss 75% of your risks without trying : How bad could a risk register get? Could a common approach miss 75% of all risk, for example?
- Slicing and dicing risk : Shows the flaws in probability-impact risk assessment, using a simple example. Turn on your brain and turn off probability-impact.
The "helpful" series
In the parody of "risk management as policeman" being helpful does not have a main part. This series aims to be much more helpful.
- The 6 Ps of risk management : What does your risk management apply to? I suggest planning, projects, products, processes, pounds and people: the 6 Ps.
- Defining risk : The article highlights others' work: (1) proposing compact definitions of risk management while (2) recognising alternative perspectives.
- Multiple perspectives on risk : Risk as a concept can be slippery. I suggest four perspectives to increase understanding and motivate action.
- Risk management is more than risk registers : Ask more of, less of and beware of risk registers. The role of models and other risk management techniques.
- Risk management honesty : Finding the real role for risk management in an organisation with multiple claims on its time and resources.
- The risk vision plan : Fail to plan = plan to fail. Why would you do risk management without setting imaginative and demanding objectives?
- Sinking, fast and slow : A look at the most important causes of corporate failure, focusing on speed and source. Plus 30 years of the FTSE100.
- Traditional risk classification : An examination of the costs of classifying risks by the traditional type-probability-impact. With positive alternatives.