Risk Management Experts

At the 2010 Palisade Risk Conference in London, John Zhao of Statoil used a mock cost estimate contingency model to demonstrate how @RISK simulation functions can yield a more realistic project contingency through integrated qualitative risk assessment and quantitative risk analysis.

While future oil prices may be hard to predict due to low manageability, it is absolutely possible to scientifically forecast the sizes of risks that companies are willing to take, and such risks may include the probabilistic volumes of newly discovered reserves, the probability of meeting a project development schedule, chances of project cost overruns, and the likelihood of eroding entire project profitability. To achieve these goals, @RISK has lent a helping hand to business analysts for easier operation of complicated mathematical modelling.

Statoil, an international oil company, takes risk management seriously and has applied Monte Carlo simulation techniques in core and support businesses using @RISK. Such applications not only include the solo use of individual applications, but integrated combinations from drilling, reserve estimation, and well completion to cost and schedule controls at project execution. Besides the widespread uses of the software, Zhao discussed a specific application of @RISK to convincingly simulate required capital project contingency  in detail.

A simplistic line-item ranging exercise using @RISK Monte Carlo simulation is no longer adequate to derive large capital project contingency, as empirical data confirmed that many disastrous cost overrunning projects were lack of contingency to cover the covert risks. In order to show management a complete risk picture on a project, both systemic risks (which empirical history has indicated a likelihood of occurring), and specific risks (which have discrete probabilistic characteristics), should be included in the overall project risk analysis. Therefore the combination of continuous PDF for project cost estimates, and discrete PDF for project risk registers, may prevail and provide management with a more convincing project cost contingency.

John Zhao is Quality and Risk Manager at StatoilHydro Canada Limited. He has 22 years project management experience in the petrochemical industry. He has authored many papers and made numerous presentations worldwide on the subject of risk and contingency management. In the past 10 years, John has developed his expertise in cost engineering and risk analysis for large downstream and oilsands upstream projects across Canada. His extensive knowledge in construction project qualitative risk assessment process has made him an expert on the subject in North America; his proprietary Monte Carlo model using @RISK is a popular tool for project contingency and escalation simulation. The quantitative model that John has built has integrated @RISK with PrecisionTree to help corporations conduct risk-based strategic decision-making.

» View the complete abstract and PDF presentation of "Put More Science into Cost Risk Analysis"
» Read Zhao's whitepaper, "Put More Science into Quantitative Risk Analysis"

In my last blog I introduced the idea of a customised risk analysis solution to problems commonly faced in project risk management, especially cost estimation. Of course this idea is not uniquely applicable to project costs, but this paradigm is the simplest to explore, and that’s what I’m about to do.

Picture a risk register in a worksheet that has been created at a macro level to encapsulate most (all?) of the risks your projects may face. For any given project only a subset of these will be relevant – what is the best way to get these risks into a risk model on the next worksheet? By pressing a button of course! It is almost trivial to write code that picks up all selected risks and places them and the relevant data fields in the model worksheet. Sure beats manually copying and pasting individual line items and the transcribing errors that follow.

The next problem is utilising the workshopped parameters (likelihood of event, three-point estimates for severity etc.) in a logical way to be referenced by appropriate @RISK functions. Once a model structure has been agreed upon a macro button can place @RISK distributions where they ought to go, either logically due to the paradigm (using RiskBinomial, for example) or via a drop-down selection for dollar impact (RiskPert or RiskGamma, say). My clients have been especially thankful when I limit their choice of distribution and provide a simple flow-chart to follow to make this very decision. Reducing the propensity for arguments in risk workshops is worth its weight in gold; if we can assume that reducing this risk ‘weighs’ plenty!

Similarly one or two instances of the simulation settings are likely to satisfy all requirements, so these too can be activated by macro buttons. In this way a user can’t run a ‘poor’ simulation thus creating spurious results. The simulation output that is required can be placed into a report template attached to the model template and generated using yet another simply-labelled macro button. In this way there will be consistent reporting across the organisation allowing decision makers to become familiar and comfortable with simulation results they might otherwise ignore or be unaware of.

A risk model created by this process may not be the theoretically optimal one, but it will be valid and in context with its intended use. It will certainly be easy to use! The results will be consistent and should satisfy management’s desires as well as regulatory requirements.
The project cost estimation is but one example, and the above possibilities are far from the only ones imaginable. Additional complexity or alternate needs would be just as easily met simply with different code essentially without any practical limits. You don’t need to be an expert in Monte Carlo techniques and software to run robust, credible risk analyses. All you need is a risk analysis consultant who macro-controls the cumbersome and probabilistic elements, some appropriate simulation options and reporting procedures. Ask for me by name!

» Robust Risk Analysis for the Time/Expertise Poor – Part 1

Rishi Prabhakar
Trainer/Consultant

Why attend?

This one-day forum is a great way to find out how others in the Healthcare Industry are using our software, as well as to learn new approaches to the problems Healthcare professionals face every day. We will have six software training sessions, and six real-world case studies presented by industry experts covering risk and decision analysis from all angles specific to the Healthcare sector.

You will also see how new versions of @RISK, PrecisionTree, RISKOptimizer, TopRank, NeuralTools, StatTools, and other Palisade software tools work together to give you the most complete picture possible in your situation.

Who should attend?

Professionals in risk and financial analysis in: Care Equipment & Services, Pharmaceuticals, Biotechnology & Life Sciences, Hospital Care & Management, or related services

How much?

For a limited time, the cost for attending the Health Risk Analysis Forum is has been discounted $100.

$295 covers all sessions, continental breakfast, lunch and a cocktail networking reception. Attendees will also receive a welcome package that includes a 15% discount on their next software purchase.

Please contact Jameson Romeo-Hall at jromeo-hall@palisade.com if you are interested in attending.

Location
The Westin Gaslamp Quarter
910 Broadway Circle
San Diego, CA 92101
(619) 239-2200

Book your room at a discounted rate (subject to availability.)

Having talked in previous posts as to why it’s important, and today how accessible it is for any size of organisation to adopt a healthy approach to risk, I’ll now take you through my top ten tips on how you can maximize your risk management programme:

1. Get buy-in
Risk management is not an optional extra. It is a business critical tool that is an asset and an integral part of the project. The company culture must be developed to embrace QRM (quantitative risk management) and DMU (decision making under uncertainty) in order that everyone understands their benefits and therefore accepts the need for them.

2. Get budget
Business tools cost money, but managing risk is an investment - not an overhead – and must be regarded as such. Allocating resource and making it a formal business process should be seen as an insurance policy.  Not only will it help organisations make better decisions that will save them money in the long term but, by identifying potential risks and adverse events, it can protect them against unexpected costs in the future.

3. Get words
As with any organisational change, it is essential that everyone is clear on the new processes. Therefore a common risk language – or 'glossary' – needs to be developed to avoid misunderstanding and to ensure a consistent approach to QRM and DMU.

4. Get numbers
Qualitative assessment is essential, but numbers are more powerful – for example the percentage chance of meeting a deadline or budget. Monte Carlo simulation random sampling provides the margin of error for a venture and is a good way to illustrate the consequences of different courses of action. Risk management experts must ensure everyone understands these figures, and accepts them.

5. Get structure
Managing risk in order to make better-informed decisions requires an appropriate organisational structure. Individuals and groups need clearly defined roles, and must then each take responsibility for their own area of expertise.

6. Get lateral
Every organisation has risks that it deals with on a daily basis and which must therefore be factored in to the decision-making model. However, no enterprise operates in isolation, so other external variables must be included. For example, even a small rise in fuel costs could have a major effect on revenues if raw materials need transporting long distances.

7. Get perspective
Political, cultural and social risk factors can be explored by involving all stakeholders.  Investing time and money in consultation and research ensures that businesses have a clear idea of the complete environment in which they operate, and therefore minimise the chances of products and services failing.

8. Get reporting
Risks, and the management of them, must be reviewed regularly – and the programme amended if necessary. This requires a regular reporting process, in which risks are clearly identified and prioritised.

9. Get with it
Being risk aware does not mean being risk averse. Businesses should guard against rigidly adhering to 'the way we've always done it' approach, instead keeping up-to-date, learning new tricks and not being afraid to be bold.  Although risky on the surface, these tactics prevent being left behind – much of the potentially uncertainty can also be removed with QRM and DMU.

And finally…

10. Get it documented
Back up the commitment to a thorough QRM and DMU programme with documentation. This validates the budget and buy-in requested at the start. And it’s good for business – organisations this thorough are guaranteed a competitive edge.

Craig Ferri
EMEA Managing Director of Risk & Decision Analysis

In a report issued last month, KPMG emphasizes the need for comprehensive, strategic risk management across an organization. Entitled “The Business Case for a Risk Executive: Leading Efforts to Avoid Surprises, Maneuver through Challenges, and Add Value,” the report notes that most current risk management efforts are specific to particular departments, projects, or regulations, and do not approach risk from an enterprise level. This had led to critical oversights and missed opportunities.

To address this gap, KMPG recommends the appointment of a risk executive. This person’s dedicated purpose is “to help prepare the organization to respond to change and the risks that emerge in changing times, and to turn those efforts into opportunities that benefit the organization.” More specifically, such an executive would unify risk approaches across business units and departments, standardize reporting, and establish a common risk “language.” (Note: Risk modeling software and Monte Carlo techniques play central roles in this effort.)

Expounding on the importance of risk management experts, the report concludes, "Without a risk executive, risk management efforts will likely continue to lag and hamper the organization’s effort to recover. But with a risk executive owning the process, risk management can move beyond a support role and help enable the organization to realize its strategic goals and rebuild business value."

» Read the full report (PDF)

In a previous blog, I presented a very simple way to allocate contingencies to uncertain cost elements in the project risk management process. However, that methodology works well when there are not risk events that affect a cost element or a group of cost elements.
A risk event is described by two elements: the probability of occurrence and the conditional impact to the project given its occurrence. For example, we have a risk that describes the possibility of a new regulation. If it occurs, it will increment the cost of group of cost elements by a minimum of 10%, most likely 15%, and a maximum 20%. If the risk does not occur, no impact will be observed. Using a Discrete and a PERT distribution, we can model such risk such as:



When sampling from this distribution approximately only 20% of the time will generate a multiplier with a minimum of 1.1, most likely 1.5 and a maximum of 1.2; in 80% of instances the multiplier will be 1. That means that only 20% of the time the risk will increment the cost of selected cost elements by the multiplier previously described as show in the figure below:



In addition to risk events in our cost risk analysis models, we often use distributions that describe cost uncertainties. These distributions model ranges are mostly in a different order of magnitude. Therefore, the variance will also be in a even greater order of magnitude. For example, the cost of Item 3 modeled using a 3-point estimate (i.e., min 100,000, ML 120,000, and max 150,000) has a variance of   87,698,412.70), while the variance of the risk event is 0.0036. 

If we are to distribute the contingency using the % of contribution of the variance method, the risk event that we just modeled will be ignored even though we know that such risk event has an impact that we cannot dismiss. Given this practical scenario, the method of variance contribution will not work appropriately.

As an alternative, we can use a tornado diagram that results from @RISK’s sensitivity analysis. Here we can use the regression coefficients to understand what risk events or uncertainties are affecting the total cost in a more drastic way. In the case that you also incorporated events that represent an opportunity to reduce cost, you will observe that the coefficient is negative; in your allocation calculations you should not consider negative coefficients.

In the figure below you can observe the Regression Tornado. Here risk events and uncertainties are represented in a scale that goes from 0 to +/-1:



Knowing the regression coefficient of each input that affects the total cost in a negative way, we can construct a table and obtain a normalized percent that can be used to distribute contingency. If for example, we have a contingency of $100,000, it can be distributed to each input proportionally to the regression coefficient as shown below.



Some risk management experts do not distribute the entire amount of the calculated contingency. It is common practice to distribute only a percentage of it (i.e., 70%). The remaining amount will be used as a reserve that will handle unidentified risks.

Javier Ordóñez, Ph.D
Director of Custom Solutions

Andrea Dickens is a Decision Analysis Group Leader at Unilever’s Finance Academy. Andrea joined Unilever in 1988 as a statistician. Since then she has had a number of roles in Unilever, but all with one thing in common: managing and analysing uncertainty.

Andrea now leads the Decision Analysis Group, which has been developing and applying a wide range of decision analysis techniques. These techniques have been deployed on probabilistic business cases and complex decision problems throughout Unilever. The group also leads the development and rollout of training courses for Unilever Managers in Decision Making techniques, and provides coaching to course participants. In addition, the Decision Analysis Group has an internal consultancy role where they provide facilitative leadership to analyse complex business decisions. These tend to be the large, difficult and sensitive problems, high stake one-off decisions, or problems that cross organisational boundaries.

Ms. Dickens will present a case study next week at the 2009 Palisade Conference: Risk Analysis, Applications, & Training, 21 - 22 October at the Hyatt Regency in Jersey City (10 minutes by PATH from Manhattan's Financial District).

See the abstract for her case study below, and see the full schedule for the Conference here.

So You Think You Have the Right Data?

Have you often wondered how good your data is? Collecting data about future uncertainties from experts has a number of hidden traps. In this interactive session we will make you aware of some of the most common sources of bias, and suggest ways to overcome them.

Next week: October 21-22 in NYC

Building on the success of last year’s record-breaking event, the conference will offer a wide range of software training, model building, and real-world case study sessions. Last year, the event drew over 150 practitioners and decision-makers from a broad spectrum of industries. The @RISK and DecisionTools software tracks were more popular than ever. This year, we’re expanding software training with sessions that let you walk through examples and try the tools directly. This will enable you to take some new tips back to the office. Please join us in October for a great opportunity to learn and connect with colleagues.

Dr. Robert Ameo is principal of Market Modelers, LLC, with over 20 years’ experience in health care management, marketing and business development. Prior to founding Market Modelers, he served in the corporate development group at Johnson & Johnson. He is a recognized expert and innovator in the modeling and forecasting of new technology adoption and market share. Robert has extensive experience evaluating investment opportunities and their portfolio impact for mergers and acquisitions, venture investing, research development, and marketing efforts. Using his training as a psychologist and his extensive industry experience, he designs and executes targeted market and expert research experiments to quantify the defensible range of possibilities for new technology and product adoption. His forecasts are used both by start-up ventures to create a vision of their potential worth, and well-established biopharmaceutical and medical device companies to understand the true economic (uncertainty adjusted) value of their potential investments. Prior to his industry experience, Robert was VP of Clinical Operations and Utilization Management for a national managed care company. He holds a behavioral science PhD from the University of Miami.

Dr. Ameo will present a case study next week at the 2009 Palisade Conference: Risk Analysis, Applications, & Training,  21 - 22 October at the Hyatt Regency in Jersey City (10 minutes by PATH from Manhattan's Financial District).

See the abstract for his case study below, and see the full schedule for the Conference here.

Interpretive and Ethical Issues in using Monte Carlo Simulations to Support Executive Decision-Making: How to avoid giving your boss impressive, but misleading guidance

Simulations are proliferating throughout the business community powered by a troop of freshly minted MBAs armed with their requisite course on decision sciences and their student versions of @RISK.

Finance organizations are asking their analysts to “do a Monte Carlo.”  Dutifully, the analysts select a handful of “key” variables, assign triangular or Pert distributions, set iterations to 1000, push the simulate button. The laptop’s screen displays a colorful histogram and a sensitivity analysis to add to the PowerPoint.

Lo and behold, the simulation analysis supports the original scenario model showing the mean or median simulated output to be just about in the middle of the distribution. Mission accomplished. Senior leadership is assured that the model has been tested by simulating 1000 potential outcomes. Management moves forward in their pre-decided direction with confidence bolstered by a state of the art Monte Carlo analysis.

This scenario happens every day and for so many reasons it is very wrong.

Using simulations to support executive decision-making introduces ethical concerns that are not present in “most likely case” scenario modeling. In this presentation, Bob Ameo discusses the ethical responsibilities of using simulation models to inform executive decision-making. Specific recommendations are made how to appropriately conduct and present outcomes from simulation models.

Next Week: October 21-22 in NYC

Building on the success of last year’s record-breaking event, the conference will offer a wide range of software training, model building, and real-world case study sessions. Last year, the event drew over 150 practitioners and decision-makers from a broad spectrum of industries. The @RISK and DecisionTools software tracks were more popular than ever. This year, we’re expanding software training with sessions that let you walk through examples and try the tools directly. This will enable you to take some new tips back to the office. Please join us in October for a great opportunity to learn and connect with colleagues.

Palisade is gathering trainers from our New York and London offices to present software training seminars next week at the 2009 Palisade Conference: Risk Analysis, Applications, & Training. The conference is set to take place on 21 - 22 October at the Hyatt Regency in Jersey City, 10 minutes by PATH from Manhattan's Financial District.

Take this convenient and inexpensive opportunity to learn from Palisade’s trainers and software developers. Learn how to use the elements of the new DecisionTools Suite 5.5 as a comprehensive risk analysis, optimization, and statistical analysis toolkit. See how each of the products in the Suite — @RISK, RISKOptimizer, Evolver, PrecisionTree, TopRank, StatTools, and NeuralTools — can be used to solve practical problems in the real-world.

The conference also features case studies demonstrating how to use @RISK and DecisionTools Suite, from risk management experts in the fields of finance, healthcare and pharmaceuticals, energy, oil and gas, DFSS and Six Sigma, project management, operations management, manufacturing, and more.

See the full schedule for the Conference here.

Next Week: October 21-22 in NYC

Building on the success of last year’s record-breaking event, the conference will offer a wide range of software training, model building, and real-world case study sessions. Last year, the event drew over 150 practitioners and decision-makers from a broad spectrum of industries. The @RISK and DecisionTools software tracks were more popular than ever. This year, we’re expanding software training with sessions that let you walk through examples and try the tools directly. This will enable you to take some new tips back to the office. Please join us in October for a great opportunity to learn and connect with colleagues.

William Strauss is the President and founder of FutureMetrics. He brings more than thirty years of strategic planning, project management, data analysis, and modeling experience into the company’s stock of knowledge capital. Bill’s professional history includes executive positions as director, president, and senior vice president, as well as positions as senior analyst and field coordinator. He has an MBA (specializing in Finance) and a PhD (Economics).

Dr. Strauss will present a case study at the 2009 the 2009 Palisade Conference: Risk Analysis, Applications, & Training. The conference is set to take place on 21 - 22 October at the Hyatt Regency in Jersey City, 10 minutes by PATH from Manhattan's Financial District.

See the abstract for his case study below, and see the full schedule for the Conference here.

Simulating the U.S. Economy:
Where will we be in 100 years?

There is an assumption that drives all of our expectations for how our economy will be in the future. That assumption is one of endless economic growth. Clearly endless exponential growth is impossible. Yet that is what we base all of our expectations upon. We all agree that zero or negative economic growth is bad (just look around now at the effects of the Great Recession). But we also know logically that 2% or 4% annual growth every year leads to an exponential growth outcome that is unsustainable. 

To see where this growth imperative will take us we first have to see how we go to where we are today. This work first models the 20th century. The model is both complex and simple. The basic schematic of the model’s relationships is easy to understand. Furthermore, the core of the model is a simple production function that combines capital, labor, and the useful work derived from energy to generate the output of the economy. Complexity is contained in the solutions to the internal workings of the model. What is unique is that there are no exogenous economic variables. Once the equations’ parameters are calibrated, setting the key outputs to "one" in 1900 results in their time paths very closely predicting the U.S. GDP and its key components from 1900 to 2006. 

The experiment in this work is about the future. If the model can very closely replicate the last 100 years, what does it have to say about the next 100 years? From 1900 to 2006 there are periods in which there was parameter switching. (The optimal parameters and the years for the switching were found using a constrained optimization technique.) That suggests that in the future there will also be changes. The experiment uses @RISK’s features to generate new combinations of parameters for each of tens of thousands of runs of the simulation. Changes in the parameters represent potential exogenous policy choices.

The "doing what you did gets you what you got" scenario leads to a surprising and unsettling outcome. The experiments using @RISK do find a path that works. Obviously if it is not "business-as-usual" that leads to a stable outcome, it is some other way. The policy choices that lead to a stable outcome suggest that the future of capitalism is not going to be what we expect it to be.

Please join us in October in New York for software training in best practicies in quantitiative risk analysis and decision making under uncertainty, real world case studies from risk services consultants and experts, and networking with practicioners from many different fields including oil and gas, pharmaceuticals, academics, finances, Six Sigma, and more.

Palisade is pleased to welcome Dr. Sven Roden of Unilever's Decision Analysis Group to deliver the keynote address at the 2009 Palisade Conference: Risk Analysis, Applications, and Training in New York City, Oct 21-22, 2009. The keynote is titled, "Think Clearly, Act Decisively, Feel Confident."

In this presentation, Dr. Roden will discuss what Decision Making Under Uncertainty means to Unilever, and the Decision Analysis techniques that are at the forefront of making a cultural change to the way Unilever approaches and analyzes strategic decisions. Unilever’s relationship with Palisade has helped them in their journey;  the company has trained over 400 finance managers in Decision Making Under Uncertainty using Palisade's DecisionTools Suite. Unilever's Decision Analysis Group is constantly look internally and externally to identify future trends and applications and evolve tools and models to ensure their place at the forefront of applying Decision Analysis.

Dr. Sven Roden is a senior Decision Analyst within Unilever’s Finance Academy, acting as an internal consultant leading decision analysis evaluations on problems where teams have been struggling to find a solution. He is also involved in developing new methodologies and providing expert training and coaching to Unilever's financial managers. Prior to joining Unilever, Sven worked for BNFL as a Technology Strategist and research physicist.

Lean Six Sigma projects are performed in many areas of business. There are a few that require an estimation of future performance when there is no chance to test or evaluate the new process. On February 26, Rick Haynes of SmarterSolutions  will share his expertise in a free live webcast that documents a case where a reliability testing effort provided a reliability model that needed to be extrapolated in order to estimate the total impact on warrantee costs.

The reliability model was developed through a logistic design of experiments. The resulting model was coded into an Excel spreadsheet and then modeled using @RISK to answer questions of future failure percentages. The results were used as inputs to focus on the need for proactive actions by the supplier in order to maintain a good customer experience. In the end, no additional actions were taken by the supplier and business continued with a manageable liability rather than with an unknown future risk

Thank you for your feedback on Six Sigma’s Thirst for Information blog posting. Working with industry experts to develop the webinar series and armed with voice of the customer that you supplied me, we’ve been able to ensure topics are of interest you. So please keep your thoughts coming.

In a revealing report from the UK, the global Association of Chartered Certified Accountants (ACCA) said that lack of management understanding of risks contributed to the financial crisis. The report recommends that bank risk management departments are strengthened, including better risk management training.

» You can download the full report PDF here.

Risk management training is nothing new. However, from our experience, it tends to come and go as a trend. It will be “hot” for a year or two, then fade as markets boom or attention is otherwise diverted. The ACCA report emphasizes, and we agree with, the need for risk management as a discipline, impervious to market fluctuations or management fads. This does mean failing to incorporate current market data or events into risk forecasts or analyses. It simply means instituting risk management and training as an essential, permanent part of the organizational culture.

When learning about risk, it helps most to see how others do it. Systematic training plays a role, to be sure, but we’ve seen that nothing beats learning from your peers.  This makes risk conferences particularly valuable. Attendees from the 2007 Palisade Risk & Decision Analysis Conference, for example, comment on getting up to speed fast by seeing different approaches to risk. The 2008 Risk & Decision Analysis Conference on November 13-14 in New York City will address these issues and provide a forum for risk professionals to learn from experts and each other.



Many companies have risk management departments, typically related to insurance and loss prevention. Fewer incorporate risk management into daily business operations. There are many other types of risk besides fire, theft, or lawsuits. In addition, if the decision-makers do not understand the risks being faced, then the best risk management techniques will be worthless. For example, Bethesda, MD-based Futron Corporation offers risk assessment and training across hierarchal levels when analyzing project risks. Futron’s Benjamin Juster had this to say about risk analysis training using Monte Carlo simulation that his company received from Palisade Corporation:

“Each of the attendees said that they were able to bring away valuable knowledge from the training, and several have even applied this knowledge to current projects already! It really puts Palisade Corporation on the list of our valued training vendors.”

DMUU Training Team

The Director of the European Offices of the International Monetary Fund, Saleh M. Nsouli, recently gave an address that examined some of the lessons that can be learned from the crisis in today's world financial market. In both the private and public sectors, Nsouli advises taking a harder look at the risk management sector.

For the private sector, Nsouli advises that risk analysis not be ignored, even when profits are up:

"The governance structure of the risk management system needs to be improved in financial firms in which the incentives are biased toward returns rather than the risks involved in attaining them.

"Compensation schemes in many organizations focus on returns and, for the most part, ignore the risk taken to obtain such returns. The risk managers, because they are not profit centers and do not sell products or write trading tickets, tend to be ignored when profits are up. Indeed, many of them apparently did sound the alarm bells before the crisis set in and were often disregarded as too out-of-touch with new structural trends, though not all firms downplayed the advice of their risk managers. The key is to ensure that top management hears both sides at equal volume, choosing the risk-return combination which best represents the risk appetite of the firm."

And in the public sector, Nsouli identifies shortcomings in risk management systems as a key lesson:

"Supervisors and regulators need to have the incentives and resources to look hard and deep at possible flaws in the risk management systems of the institutions they oversee.

"Often, stress tests did not stress the right areas or not enough; funding liquidity risks received inadequate attention; and holistic views across credit, market, and funding risks were not emphasized in part because of the recent and constant attention on Basel II regulations, covering primarily credit risk."

These lessons point to the centrality of risk management, whatever the state of the current market. At many failing banks, there are risk management specialists who have had a frustrating experience in the last few months. Hopefully lessons of this financial crisis will be taken to heart, and credence will be given to proper risk analysis even when profits are up.



To learn about the latest techniques in risk and decision analysis, and network with top-level consultants, industry practicioners and Palisade experts, consider the 2008 Risk & Decision Analysis Conference, November 13th and 14th in New York City.

» More about the Conference

Henry Yennie, a program manager with the Louisiana State Office of Mental Health, began using Palisade Corporation's Monte Carlo software @RISK after Hurricane Katrina made landfall. He was serving in the disaster response command center in Baton Rouge, Louisiana and wanted to use data from the family assistance call center  help managers of future disaster response teams predict staffing for call centers.  His risk analysis work didn't end with his study of call center use, and in fact, he has become one of state's experts on decision making under uncertainty.  We know, because we heard from Henry a couple of months ago, because he had launched into a new risk assessment study: in case another big storm blew up and New Orleans had to be evacuated, how many school buses should the city have access to?  And where and when should the buses be available?