{{item.title}}
{{item.text}}
{{item.title}}
{{item.text}}
Risk modelling and quantification is not a new topic for risk professionals, but it has taken on new meaning and heightened strategic importance as organisations work to anticipate risk so they can act with confidence.
Historically, a risk management responsibility represented good governance. But with increasing pressure from regulators and investors, and evermore interconnected risks, risk management has become the domain of the C-Suite as they look to do more than just mitigate risk. Today’s leaders are looking to increase risk-adjusted returns and turn risk into opportunity. They want to understand how their strategies around critical issues such as climate, cyber, financial and business risks can be quantified. Then, once risks are quantified, leaders can decide which to retain, which to insure (ie, pay for mitigation) and which to avoid by changing their business model.
The Lorenz attractor is a mathematical representation of chaos revealing the order in randomness and unpredictability. Any one of today’s risk issues can have a significant impact on your business, but it is their degree of interconnectedness that is causing far-reaching implications.
Three changes are heightening both the importance and complexity of risk modelling. First, risk management is now highly linked to strategy. Customers and stakeholders are expecting not just that the CEO knows what risks the organisation has, but that the C-Suite understands their strategic trade-offs through quantification of risk, not mere intuition, across all aspects of the business model. This expectation is new.
Second, the risk quantification stakes are rising because the volume and types of data available now to help quantify risk is unprecedented. Substantially more data is coming into organisations as many more devices, such as IoT sensors, are generating real-time information that can enrich quantification from up and down the value chain.
Third, the interconnectedness of risk is changing the scope and complexity of modelling. Until recently, the quantification of risk was specific to a targeted area, such as IT having responsibility to measure cyber risk exposure. Now, expectations are such that the quantification of risk can’t be in silos, or even limited to the company itself.
The invasion of Ukraine is a prime example of the interconnect between geopolitical risk and supply chains, financial markets, cyber attacks and more. Risk modelling must encompass all of these areas to truly quantify the potential impact and bring as real a representation of risk as possible.
Climate risk is a second example. It impacts the company’s business model but also has second and third order impacts that regulators want the business to understand. Companies can no longer report they’ve looked at their balance sheet risk. They must look at all areas of impact across the business and up and down the broad value chain. Climate touches everything from strategy and supply chain to physical facility risk and decisions on where to build new factories. This changes the game completely in the need for model sophistication and scenarios to be modelled.
Modelling risk for insight starts with developing a trusted financial model that accurately represents a company’s strategy, business model, and underlying drivers of risk. Thousands of inputs across multiple dimensions are analysed with consideration of both known and potential risks specific to the company. The model ultimately measures what matters by using internal and external data to assess and predict drivers of risk and modelling scenarios that represent the distribution of underlying risks.
For example, PwC helped a global fertiliser company assess the impacts of climate change risk and opportunities across its global operations. Our physical risk scenario analysis modelled how climate change could affect the frequency and severity of perils under different climate scenarios and time horizons, and quantified the potential impact at each business location. Our transition risk scenario analysis quantified the impact of direct carbon taxes implemented on the company’s GHG emissions under defined climate scenarios and time horizons. We helped the company assess potential savings associated with reducing GHG emissions and its impact on overall business strategy.
There are two areas where C-Suite executives should engage to help ensure they get the risk quantification they need: culture and capabilities.
Culture: In many organisations, risk modelling sits in the second or third line of defence. If organisations are going to make this a part of their DNA, have a panoramic view of risks, and look at risk as opportunity rather than solely mitigation, modelling has to sit close to where decision-making occurs. While the modelling skills may be within the purview of the CRO, the entire C-Suite should be involved in understanding the risk quantification of strategic areas such as M&A, climate, or business model change, and have an end-to-end view of the far-reaching impact of the risks they own. The CTO, for instance, cannot look solely at the risk quantification for the IT organisation, but be cognisant of the quantified impact on other parts of the organisation as well as value chain partners.
Capabilities: An investment in new skill sets and capabilities is needed to effectively model risk for insight. For example, it is essential to have models the C-Suite can trust in order to make decisions. This means that models have to represent the business and the industry, and directly reflect how both work. This takes resources with deep industry knowledge in addition to experts in modelling. Leading organisations are bringing experts, including actuaries, geospatial engineers, climate scientists, financial engineers and more, together into one unit to model risk. Combining these skills provides a much deeper risk quantification capability set because a community of solvers with diverse perspectives are attacking the challenge together.
CEOs need to demonstrate they truly understand risks such as climate, cyber, geopolitical, health and more. Every C-Suite executive will benefit from having a quantitative way to assess risk to make better, more informed decisions. Greater insight and transparency empowers leaders and teams across functions, reinforces the desired risk culture, and enables leaders to measure, assure and build trust with stakeholders. Those organisations that perform best will be those that have a panoramic view of risk enabled through greater data-driven insight and acting with confidence.
Partner, Cybersecurity, Privacy and Financial Crime National Leader, PwC Canada
UK and Global Head of Risk Services, PwC United Kingdom
Tel: +44 (0)7710 058286
Global Cybersecurity & Privacy Leader, PwC US; Cyber, Risk & Regulatory Leader, PwC US
Jennifer Ho
Partner, Asia Pacific, Chinese Mainland and Hong Kong Risk Services, PwC Hong Kong
Tel: +[852] 2289 2919
Dr. Robert Paffen
Global Risk Services Digital Leader, Germany Risk & Regulatory Leader, PwC Germany