Friday, September 9, 2011

Omniscient

by Rick Nason, PhD, CFA

Partner, RSD Solutions Inc.

www.RSDsolutions.com

info@RSDsolutions.com 

 

If you were omniscient, what would you do differently as a risk manager?  What information would you need to know to consider yourself to be omniscient?  Aren’t they interesting questions?

Thursday, September 8, 2011

Robustness

by Rick Nason, PhD, CFA

Partner, RSD Solutions Inc.

www.RSDsolutions.com

info@RSDsolutions.com 

 

Simply put robustness is how much of a hit, or abnormality a system can take until it breaks down.  Risk management of course is used to ensure that a company’s operation remain robust.  Various risk measures are taken to calculate the potential exposure, and risk mitigants are utilized to ensure that the company’s operations remain sound and profitable.  All good, simple common sense. 

 

Flipping the concept around – does it make sense to ask how robust is your risk system?  In other words, how much of a change from normal assumptions or conditions can your risk measurements take before your models and metrics breakdown?  Instead of constantly performing risk checks on the company operations, perhaps the company should periodically perform a risk check on its risk system.  A risk system cannot keep a company robust if the risk system itself is not robust!

Wednesday, September 7, 2011

Why Facebook outsources some of its risk management

by Michael Arbow, MBA

Partner, RSD Solutions Inc.

www.RSDsolutions.com

info@RSDsolutions.com

 

The major downside risk for any software/web based company is a “bug” that can disable their software or possibly expose their clients/users private information to the public.  To reduce this downside risk some firms and perhaps most recently Facebook, have established a program that provides incentive money to third parties or “bug bounty hunters”.  As the Chief Security Officer Joe Sullivan states:

 

"We hire the best and brightest (at Facebook), and have implemented numerous protocols. We realize, though, that there are many talented and well-intentioned security experts around the world who don't work for Facebook."

 

In other words, Facebook has a talented team but realize they do not a monopoly on that talent and that outsiders sometimes see things or have ideas that the company employees do not.  Being buried in the weeds with the day-to-day and living the company culture can sometimes reduce your visibility.  Is your company like Facebook and retains or incents outsiders (consultants?) to define risks your employees may overlook?  And if your company has not sought third party guidance what procedures does your organization have in place to continually discover the un-discovered?

 

For more on Facebook’s use of third party risk hunters follow the link to the CNN Money story:   http://tinyurl.com/3d3twx3

Tuesday, September 6, 2011

Three Body Problem

by Rick Nason, PhD, CFA

Partner, RSD Solutions Inc.

www.RSDsolutions.com

info@RSDsolutions.com 

 

The three body problem is a classic problem of physics.  Simply stated, the three body problem of physics states that if your have three particles (think of the classic billiard balls) coming together at once, then prediction of the subsequent path of the three particles is impossible.  The insolvability exists for any number of particles three or greater coming together simultaneously.  Two particles coming together is a problem that virtually all freshmen physics classes explore at length.  A two-particle problem is a piece of cake to solve – three particles is a no-go.

 

Is your organization operating in a world where it will only collide with one other issue at a time (a classic two body problem), or does your organization operate in a world where more than two issues are affecting it at any time (a classic three – or n-body problem)?  Does your organization assume two-body solutions?   See the problem?

 

 

Monday, September 5, 2011

When logical,... isn’t

by Michael Arbow, MBA

Partner, RSD Solutions Inc.

www.RSDsolutions.com

info@RSDsolutions.com

 

Dp_cartoon_rain

 

 

Risk managmenet algorithms are designed to give you an answer but not the solution.  When devising a solution does your risk team call upon diverse sets of experience, common sense and third party views?  For it is possible that if you followed the obvious logical route you may end up getting wet.

 

A nod to the people at ProductDecisions.org for the cartoon:  http://tinyurl.com/3stu3oe

 

Sunday, September 4, 2011

Black Swan events: Sadly, global IT projects are turning the rare into the everyday

by Michael Arbow, MBA

Partner, RSD Solutions Inc.

www.RSDsolutions.com

info@RSDsolutions.com 

 

In 2007 Nassiam Nicholas Taleb had his book “The Black Swan – The Impact of the highly improbable” published and with it brought to the fore the term “black swan event”.  As defined by Mr. Taleb it is an event that is either never considered or considered extremely unlikely to occur, but when it does occur it is not surprising and usually easily comprehendible (we should have seen it coming).  The book goes onto explain many examples of black swan events such as 9/11 and Microsoft and events which the mass media feel are black swan events but are not – typically stock market gyrations.  This later use of the term is now being applied to large-scale global IT projects (in excess of $170 million USD) where “it found that while most projects ran less than 30% over budget, a sixth ended up costing on average three times (!!!) as much.  The study also raised concerns about the adequacy of traditional risk-modeling systems to cope with IT projects, with large-scale computer spending found to be 20 times more likely to spiral out of control than expected."  Clearly these over-runs are not a black swan event in the more pure definition.

 

This situation beckons a lot of questions surrounding risk modeling, the varied expertise that forecast costs and management seeing an anomaly and not recognizing it as the trend (fact?).  As the world settles into a new century with new paradigms and new risks, does your firm still consider (hope) that the rare is still rare and not the signs of a trend? 

 

For more on IT’s Black Swans check out this BBC news story:  http://tinyurl.com/3ruj4yf 

For more on Mr. Taleb’s excellent seminal work follow the link:  http://tinyurl.com/3h64jdl