Why Facebook outsources some of its risk management

by Michael Arbow, MBA

Partner, RSD Solutions Inc.

www.RSDsolutions.com

info@RSDsolutions.com

 

The major downside risk for any software/web based company is a “bug” that can disable their software or possibly expose their clients/users private information to the public.  To reduce this downside risk some firms and perhaps most recently Facebook, have established a program that provides incentive money to third parties or “bug bounty hunters”.  As the Chief Security Officer Joe Sullivan states:

 

"We hire the best and brightest (at Facebook), and have implemented numerous protocols. We realize, though, that there are many talented and well-intentioned security experts around the world who don't work for Facebook."

 

In other words, Facebook has a talented team but realize they do not a monopoly on that talent and that outsiders sometimes see things or have ideas that the company employees do not.  Being buried in the weeds with the day-to-day and living the company culture can sometimes reduce your visibility.  Is your company like Facebook and retains or incents outsiders (consultants?) to define risks your employees may overlook?  And if your company has not sought third party guidance what procedures does your organization have in place to continually discover the un-discovered?

 

For more on Facebook’s use of third party risk hunters follow the link to the CNN Money story:   http://tinyurl.com/3d3twx3

Three Body Problem

by Rick Nason, PhD, CFA

Partner, RSD Solutions Inc.

www.RSDsolutions.com

info@RSDsolutions.com 

 

The three body problem is a classic problem of physics.  Simply stated, the three body problem of physics states that if your have three particles (think of the classic billiard balls) coming together at once, then prediction of the subsequent path of the three particles is impossible.  The insolvability exists for any number of particles three or greater coming together simultaneously.  Two particles coming together is a problem that virtually all freshmen physics classes explore at length.  A two-particle problem is a piece of cake to solve – three particles is a no-go.

 

Is your organization operating in a world where it will only collide with one other issue at a time (a classic two body problem), or does your organization operate in a world where more than two issues are affecting it at any time (a classic three – or n-body problem)?  Does your organization assume two-body solutions?   See the problem?

 

 

When logical,... isn’t

by Michael Arbow, MBA

Partner, RSD Solutions Inc.

www.RSDsolutions.com

info@RSDsolutions.com

 

 

 

Risk managmenet algorithms are designed to give you an answer but not the solution.  When devising a solution does your risk team call upon diverse sets of experience, common sense and third party views?  For it is possible that if you followed the obvious logical route you may end up getting wet.

 

A nod to the people at ProductDecisions.org for the cartoon:  http://tinyurl.com/3stu3oe

 

Black Swan events: Sadly, global IT projects are turning the rare into the everyday

by Michael Arbow, MBA

Partner, RSD Solutions Inc.

www.RSDsolutions.com

info@RSDsolutions.com 

 

In 2007 Nassiam Nicholas Taleb had his book “The Black Swan – The Impact of the highly improbable” published and with it brought to the fore the term “black swan event”.  As defined by Mr. Taleb it is an event that is either never considered or considered extremely unlikely to occur, but when it does occur it is not surprising and usually easily comprehendible (we should have seen it coming).  The book goes onto explain many examples of black swan events such as 9/11 and Microsoft and events which the mass media feel are black swan events but are not – typically stock market gyrations.  This later use of the term is now being applied to large-scale global IT projects (in excess of $170 million USD) where “it found that while most projects ran less than 30% over budget, a sixth ended up costing on average three times (!!!) as much.  The study also raised concerns about the adequacy of traditional risk-modeling systems to cope with IT projects, with large-scale computer spending found to be 20 times more likely to spiral out of control than expected."  Clearly these over-runs are not a black swan event in the more pure definition.

 

This situation beckons a lot of questions surrounding risk modeling, the varied expertise that forecast costs and management seeing an anomaly and not recognizing it as the trend (fact?).  As the world settles into a new century with new paradigms and new risks, does your firm still consider (hope) that the rare is still rare and not the signs of a trend? 

 

For more on IT’s Black Swans check out this BBC news story:  http://tinyurl.com/3ruj4yf 

For more on Mr. Taleb’s excellent seminal work follow the link:  http://tinyurl.com/3h64jdl

 

Reflections on Mr. Bernanke’s Speech at Jackson Hole and Future Monetary Policy

by Don Alexander, MBA

Associate, RSD Solutions Inc.

www.RSDsolutions.com

info@RSDsolutions.com 

 

Unlike at his Jackson Hole speech in 2010 when QE2 was presented, Fed Chairman Bernanke did not pull a rabbit out of the policy hat last week.  The focus was not on the immediate outlook for the economy or monetary policy, but more on the structural headwinds facing the US economy and other long-term issues such as fiscal policy.  Mr. Bernanke made two surprises on short-term policy: the lack of discussion about further asset purchases or other easing options and that further policy options will be considered at upcoming FOMC meetings.     

 

He differentiated between the cyclical and structural/secular role of monetary policy, noting that the Fed is less effective when it comes to the latter role.  He reminded his listeners that the Fed alone cannot carry such a heavy policy burden and that fiscal policy was needed to promote growth and stability.  Fiscal policymakers face a fine balancing act “the need to place fiscal policy on a sustainable path” and to avoid “severe economic and financial damage” while noting the fragility of the current environment.  He noted reforms are needed in other areas of economic management, emphasizing the need for a better process for making fiscal decisions.  

 

Mr. Bernanke noted economic policies that support robust economic growth in the long run are outside the province of the central bank.  He implied in the President’s upcoming speech on needed fiscal stimulus and job creation – a constructive and collaborative approach by the Administration and Congress was required.  Another round of damaging policy dithering and political bickering would have strong adverse consequences on the economy.

 

The Fed continues to have a more optimistic view on US economic prospects than most private sector analysts.  The major difference is the Fed assumes that a number of temporary factors that depressed economic activity in the first half will not be present in the second half.  If this view is correct, it would imply that chances for QE3 are minimal.  However, if the Fed view converges to that of private sector, the chances for QE3 increase.  The most likely form would be through increased asset purchases of longer-dated maturities.

 

Other extreme measures would not be considered, unless the economy and financial markets substantially deteriorate below current prospects.  The Fed would have three possible policy options: the extension of the QE program into other markets such as corporate bonds, a sharp increase in the program that extends the Fed’s balance sheet and an explicit or implicit change in the Fed’s policy targets.  However, US economic prospects have not deteriorated enough to consider these options.

When group think predicts the future: A lesson for risk management

by Michael Arbow

Partner, RSD Solutions Inc.

www.RSDsolutions.com

info@RSDsolutions.com

 

Health experts in the US have warned that unless a trend is broken, half the US population will be obese by 2030 (about 164 million people): their solution is to get governments to resolve the problem through increased education and taxation on fattening foods.  This analysis and the resulting solution outline a few issues experienced in risk management; namely group/clone think and the need for a “man made” solution to natural phenomena.  By broading their health research and consulting with economist, agriculturalist and global population experts they would have learnt that the trend can’t continue because the growth in world population and wealth, the transfer of food from mouths to fuel tanks and the falling rate of increases in food growing productivity (amount of food grown per hectare) are all leading to higher real food prices.  As prices rise there will be demand destruction (Americans consume on average 12 times more food than they need to survive, Japan 7) and consumption of food will move to more historical levels.  Thus the trend will not continue as it will be ended through natural economic conditions of supply and demand.

 

So you can see from this example how group think when applied to risk management can lead to a possible false conclusion which the groups then feels obliged to mitigate.  So the question is:  How does your risk team go about reducing the chance of group think – do they bring in other departments, seek guidance from the cloud, or bring in independent third party views? 

 

For more on this article from the UK’s Daily Mail online service follow the link: http://tinyurl.com/3w43889