Case Study | Title: Risk Velocity and Dynamic Risk Assessment

Submitted by: Shubham Mohanty (PGDRM Batch Jan 2020)

Mentor: Alumni

 

A few decades ago, the arrival of troublesome risk events was slow, and the repercussion was being controlled by organizations over a reasonable time frame. In today’s environment, the timing between a catastrophic risk-driven crisis and the financial and reputational decline for an organization can be practically simultaneous. This new reality has introduced a new aspect of Risk Management called “Risk velocity”. It is the speed with which the events occurred in today’s business environment. It measures how fast a risk can impact an organization. Three-dimensional risk management approaches such as probability, impact, and the most important velocity (timing, speed) of which businesses need to embrace. 

 

Measuring risk velocity 

Different models have been tried by Risk practitioners for measuring and representing risk velocity. Qualitative risk analysis is a classical way to rate probability, impact, and velocity. Here is a suggested formula:

Total risk score= (probability+velocity) *impact. Individuals can also include risk velocity through the risk velocity scale. 

 

VELOCITY SCALE 

RATING DESCRIPTION  DEFINITION 
 5 VERY HIGH VERY RAPID, LITTLE OR NO WARNING, INSTANTANEOUS 
4 HIGH RISK MAY OCCUR IN A MATTER OF DAYS TO A FEW WEEKS 
3 MEDIUM RISK MAY OCCUR IN A MATTER OF A FEW MONTHS 
2 LOW RISK MAY OCCUR IN A MATTER OF SEVERAL MONTHS 
1 VERY LOW VERY SLOW, OCCURS OVER A YEAR OR MORE 

 

For example, a risk event that would have ranked high probability and high impact 5 and 5 respectively, would be 25 on a scale of 1-5 which is the highest possible ranking risk. Now if we modify by including a factor of 5 for the high velocity, then the new risk score increases to 50. By adding the velocity factor the magnitude of the risk doubles up. 

 

RISK PRIORITISATION COMPARISION

In a research survey conducted by Deloitte Risk Integration Strategy Council (2007), while 70 % of finance executives agree that risk velocity is core consideration, only 11 % have introduced them in their risk assessments. Let’s understand this through a risk prioritization matrix incorporating risk velocity.

 

Impact: What is the maximum business damage this risk could cause?

Probability: How likely is this risk to materialize?

Speed: At what speed will this risk impact the organization? 

 

 

 

Risk A (high severity and likelihood but the low speed of onset)-Ex- Increased employee attrition will have a significant impact on the organization is very likely to happen. This risk is forecast to materialize across the course of the next 18 months.

Risk B (high severity and likelihood and high speed of Onset) for example a new competitor will have a significant impact on the organization and is very likely to happen.

The risk is forecast to materialize within the next two months when the new competitors begin trading. High probability and impact have shown by Risk A with low time-to-impact. While Risk B shows a high probability and impact with high speed with two months’ time to impact. High priority is placed on Risk B due to its high speed to impact. 

 

CASE STUDY-1 

Social media has helped raise the velocity and stake in which such risks can occur. For example when a popular US-based fast food restaurant (Jack in the box) experienced an outbreak of E.coli bacterium (originating from contaminated beef patties) infected 732 peoples across four states and killed four children. The company’s stock price decreased 44 percent in 90 days among intensive social media and news exposure. An incident can viral in a matter of hours. It can lead to an immediate sink in their share price and government investigations. So boards today need to understand the concept of risk velocity. 

 

CASE STUDY-2 

For example when banks list “loan sales” as a mitigant for credit shocks relating to the lending sector. In September of 2007, when the market was hit by the first wave of credit shocks, for unload their construction and raw land development loans onto the market, banks only had less than 45 days even with the knowledge that the whole sector was toxic. Generally, even the most experienced bank also takes approximately 60 days to sell a portfolio of loans. Unfortunately by November of 2007, construction and development loans were trading at a 30% discount. At that point, banks were reluctant to sell and by mid-2008 discounts turned into 50 % and then 70% subsequently. Ultimately banks were failed to sell their exposure until the risk in the market materialized. The lesson that was learned that post-credit shock there are few material mitigating factors that should be used to handle the construction and development exposure. So in this example, if the bank takes 60 days to sell a loan, all relevant risks are exposed by the bank with a velocity of faster than 60 days. It means banks would have to analyze all mitigating factors in less than 60 days. 

 

ADVANTAGES OF RISK VELOCITY 

If the organization continues assessing the risk velocity, it can implement that recovery process today. Internal auditors must consider the velocity of risk for the assessments of risk areas that could become catastrophic risk events. By identifying these areas, management and the board can tackle the potential issues. Addressing the risk velocity can enable internal audit which helps management and board to prevent these crisis events from occurring.  

 

DYNAMIC RISK ASSESSMENT 

A dynamic risk assessment is a continuous process of identifying and assessing risk in the presently changing environment and coming up with ways to eliminate it. The idea behind a DRA is to identify the risk on the spot and a quick decision is made to mitigate such risk. Whatever actions have been initiated on the basis of DRA is important to be reviewed and confirmed at regular intervals. It is also important that the outcome is preferably recorded for later retrieval and analysis. There are four steps of dynamic risk assessment and the first step is to identify experts, and through them risks-DRA team works with key stakeholders to identify experts, and through scientifically structured individual interviews, the key risks facing the organization. The second step is a group expert interview, followed by a DRA survey-experts who participate in a scientifically structured group interview, after which they complete an online survey to collect data on the characteristics of the risks. The third step is advanced analysis theory is applied to the survey responses to identify the organization’s interconnected risk network and its dynamics. The last step is the DRA report is produced, findings are discussed with the experts to obtain to induce their views on the upside and downside consequences for the organization. 

 

WHEN MIGHT I NEED A DYNAMIC RISK ASSESSMENT 

Case-1 

Suppose a member of your staff is being attacked by an angry person. So here the risk assessment has been identified that the public here is a hazard and there is a risk of violence towards the staff. Each situation will develop differently, often in unseen ways. Accurate prediction is impossible in every single scenario. This is where a dynamic risk assessment comes in handy. 

Case-2

An incident happened in Norfolk, while a man was working at a construction site, he was compressed to the death between two vehicles. So one of the vehicles gets stuck in the mud and was attempted to be pulled by a second. In the investigation it was found that countless risks were ignored and recovering of the vehicle should not be attempted by that man. In this case, if the workers had conducted a dynamic risk assessment, they would have found that the recovery of the vehicle was not safe and even the fatal injury could have been avoided. 

Case-3

Generally, home visits are being conducted by housing association workers. When these staffs are entering people’s houses, a dynamic risk assessment has to be done. This assessment may be about the safety of the property to enter or not, whether the people are aggressive or whether there are adequate safeguards in that place to protect them.

 

DYNAMIC RISK ASSESSMENT FLOW

 

HOW TO CARRY OUT A DYNAMIC RISK ASSESSMENT 

1.Identify the risk

The most important thing here is that the source of risk has to be spotted and acknowledged. For example, it could be a known violent person entering your retail location, a bit of apparatus being found faulty, or a person is not being interested to assist with a task. Identifying risk dynamically is extremely important – workers should be aligned to the case and be ready to identify risk because it occurs. 

 2.Assess the risk

The developing situation should be measured or assessed by the workers. Considering that is the risk has to control through immediate action or further consideration. Does the violent person was asked to go away immediately when he entering the retail location? What and how large is that the risk in entering a given property? 

3.Consider the tools they need to mitigate the risk

Considering how safely a worker continues with a task, and do they need the controls or any kind of tool to forestall or minimize risk? Within the retail location, do they need safety staff available or are they already aware of the potential risks? In an exceeding forestry environment where they’re operating at height, do they need the correct safety equipment and support to figure safely?  

Consider whether it’s safe to proceed and either take the required steps to create a task safe or delay the task until it may be made safe, liaising with superiors and colleagues if possible.

 

 

Disclaimer

This report has been produced by students of Global Risk Management Institute for their own research, classroom discussions and general information purposes only. While care has been taken in gathering the data and preparing the report, the student’s or GRMI does not make any representations or warranties as to its accuracy or completeness and expressly excludes to the maximum extent permitted by law all those that might otherwise be implied. References to the information collected have been given where necessary.

GRMI or its students accepts no responsibility or liability for any loss or damage of any nature occasioned to any person as a result of acting or refraining from acting as a result of, or in reliance on, any statement, fact, figure or expression of opinion or belief contained in this report. This report does not constitute advice of any kind.

 

Design and Developed by KodeForest @ All Rights Reserved by KodeForest

Pages