Strategy risk modelling in the new normal
Recent shifts in the business landscape driven by the coronavirus pandemic, heightened stakeholder engagement, and economic uncertainty, are making risk modelling a more essential – and more complex – element of enterprise risk management
A brief history of strategy risk modelling
Modelling business outcomes to aid with decision-making is a tried and tested process. Big data and advances in data analytics have facilitated accurate scenario modelling – and made strategy risk models valuable tools for the data-driven, risk averse sectors, such as financial services and energy. Now private corporations and public sector organisations are using risk modelling to manage risk for operational success, recognising it as a necessary element of enterprise risk management (ERM), protecting reputation, organisational performance, and the bottom line.
Initially targeting financial risk and credit risk, model risk management (MRM) has evolved to incorporate other types of risk, including strategic risk, geopolitical risk, reputational risk, market risk, and operational risk. Risk modelling is an advancement on pure data analytics, which, being limited to processing historic data and observing correlations, cannot predict the effects of variables and mutations in systems and environments. Data analytics is a decision-supporting tool; risk modelling is a decision-making tool, helping businesses to achieve strategic objectives.
By employing the right data combined with expert analysis, strategic risk models can predict a wide range of risk events, from natural disasters to financial crises, supply chain issues and political upheavals, and map out the likely impacts. The ability to model ‘what ifs’ allows organisations to quantify their risk tolerance and build resilience into their strategic planning.
As ever more risk models are developed and are utilised, the amount of identified risk is expanding. To cut through the noise and make effective risk assessments, the models used within an organisation need to be rated in terms of the materiality, impact, uncertainty, and regulatory implications of their outcomes.
The challenge of reputation risk
Although fundamental to the success of an organisation, reputation risk falls outside the scope of traditional enterprise risk management – largely because it is hard to neatly package and measure. It is not an operational risk – it could better be described as a strategic risk. Companies have multiple reputations, so your organisation may be perceived very positively by investors, but much more negatively by customers or employees.
An organisation’s reputation is grounded in the perceptions of its stakeholders, rather than its own operations. While poor corporate behaviour almost invariably causes reputational risk, so too can adverse events outside the organisation’s control. An accounting error could slash share price, rogue employee misbehaviour may damage perceptions of corporate culture or a company may find itself out of step with prevailing societal attitudes on sensitive subjects.
The impact of the pandemic on risk modelling
By modelling all possible outcomes, risk simulations can stress test long-held assumptions, and identify unanticipated risks – combatting unpredictability. The Covid-19 pandemic created, in very short order, an unstable, rapidly changing environment, presenting issues beyond previously identified risk, and accelerating the demand for risk modelling.
Coronavirus forced a rethink of existing models, both financial and operational, across every industry, as their reliability was undermined by unanticipated levels of risk.
While the risks facing businesses grew, they scrambled to model the new reality. The speed of change during 2020 necessitated firefighting around model validation, including more frequent monitoring of model outcomes, substitution of models with existing alternatives, and patches or overlays to compensate for inconsistencies.
Now businesses are seeking longer-term solutions for adapting modelling to the changed business landscape. The post-pandemic economic crises facing many jurisdictions have resulted in greater reliance on models to reduce risk. Spikes in interest rates and spiralling inflation are making businesses desperate to forecast what lies ahead, and for strategies to survive the inflationary environment.
New challenges in the new normal
Post-Covid, the new normal is an interconnected, hyper-transparent environment in which business decisions are transmitted in real time due to a previously unseen degree of media anarchy. Against this backdrop, informed stakeholders – including boards, shareholders and regulators – are demanding better risk management through more sophisticated ERM.
To respond, strategy risk modelling needs to become more robust in order to be useful to decision makers. The rapid pace of change has left many organisations relying on outdated models that create rather than help manage risk, by failing to surface incoming issues, underemphasising potential outcomes, or employing flawed logic.
A shift in internal governance is also required, including the approach to data management. Big data requires more complex models, while the use of the wrong data can result in inaccurate risk assessments and poor decision-making. To combat this, the ERM function needs oversight and up-to-date inventory of all the risk models at work in the business, with validation processes for all inputs and outputs.
Heighted scrutiny by regulators is another hurdle. The US Federal Reserve, Bank of England’s Prudential Regulation Authority, and European Central Bank’s Target Review of Internal Models are demanding that financial risk models meet more exacting standards. Businesses are struggling to comply, with 96% of respondents to a KPMG report saying they need greater regulatory clarity on various aspects of MRM.
But technology presents the biggest challenge in risk modelling. With more risk models required within an organisation, demand for automation increases. The use of AI and machine learning allows models to incorporate vast amounts of data, but also creates greater intricacy within those models.
‘Explainability’ is reduced as complex algorithms make it harder to ascertain how an outcome was reached. Models can be corrupted by inaccurate feedback, false data, or AI amends to algorithms, reducing resilience. And the potential for biased results is heightened. All of which results in a greater need for validation by human experts – at a time when businesses are facing a shortage of modelling and AI talent.
Succeeding at strategy risk modelling
Without the right checks and balances, these challenges, notably the growing complexity of models and greater reliance on technology, could result in risk modelling itself becoming a major risk category in the future. To prevent this, organisations need to make modelling a core strand of their ERM strategy. This requires:
- Implementing robust, transparent model validation and controls, including rigorous documentation, data interrogation and expert human oversight.
- Formalising model risk management governance, with board involvement in the oversight and implementation of new models.
- Meeting evolving regulatory requirements. While largely focused on financial risk modelling at present, these may evolve to cover other business critical models.
- Effectively using technology to evolve outdated models and analyse vast data sets, while retaining transparency and managing complexity.
- Employing relevant performance metrics to monitor the predictive power and stability of modelling components over time.
- Linking risk modelling strategy to risk appetite, ensuring the right models are in place to support decision-making, surfacing operational risks while disregarding the inconsequential.
In the new normal, the ability to model risk is an operational necessity. alva’s Risk Intelligence allows organisations to move from managing risk to anticipating it. Employing horizon scanning, scenario modelling and parametric triggers, it enables the ERM function to identify and verify stakeholder risks across the business.
alva’s Risk Intelligence mines over 390.000 global sources across 123 languages every single day to surface potential risks to your business. Our analysis incorporates all print, online, broadcast, social media, analyst notes, parliamentary records and stakeholder-specific channels to give the richest understanding of emerging threats affecting your company, products, brands, and sector.
Be part of the
Stakeholder Intelligence community