Metrics

Well, in each of the three previous articles I promised to eventually address the more technical aspects of risk assessment and risk management.  In this article, I will inch toward a discussion of technical details, but readers should be assured that even the most erudite technical concepts and practices will be presented in plain, understandable, layman's language.

In article #3, I mainly addressed the arena of risk-related language and communication.  Given that any risk-based conversation is likely to include numerical components - discussions of probabilities, costs, schedules, revenues, and the like - it is critical that an organization come to consensus regarding the metrics to be universally utilized.  The term "metrics" in this context refers to the specific measures to be employed and the units for those measures.

Various Views

In article #1 of this series, I mentioned that practitioners in various disciplines within an organization might well perceive and define risk in very different ways.  For example, employees in the area of health and safety usually interpret risks as threats to be identified and eradicated.  People in the area of finance, however, are likely to see risk as an opportunity to be captured - low risk/low reward, higher-risk/greater return.

So, it should not be surprising that in order to express their view of risk, members of various disciplines use divergent measures and formats for presenting those measures.  Just a few of the measures and formats are shown in Figure 1.

 
FIGURE 1 - Various formats and expressions of risk that need to be integrated.

Lawyers, for example, are likely to express their perceptions of legal risks in the form of text.  Managers of parts of a project might utilize a risk register to record, track, and present risk information.  Engineers and other technically-oriented folks might employ vehicles such as cumulative frequency plots to deliver the risk message.  Others might utilize the "traffic light" (red/yellow/green) approach, the Boston Square (not recommended), or any number of other measures and formats

Getting it Together - Risk Monetization

Because a political risk can torpedo a project just as effectively as a technical or commercial or financial or logistical (you get the picture!) risk, it is essential that the value of a project reflect the impact - both positive and negative - of the holistic set of threats and opportunities.  This, in turn, means that no matter what metrics or formats were used to initially express the individual risks, all risks need to be translated into a single risk metric or a set of agreed-upon metrics.

Given that I am writing these articles for a Project Management Institute newsletter, I will consider the example of risks in a project.  Typically, each project has an economic model.  This is usually some giant unwieldy spreadsheet that takes in raw data such as time, capex (capital expenditures), opex (operating expenditures), price for a product, efficiency, and other run-of-the-mill input parameters.  Outputs from the model are usually just as mundane - NPV (Net Present Value), IRR (Internal Rate of Return), schedules (typically in the form of a Gantt chart) and other such indices and plots. 

So, now the task is to create a Monte Carlo model that will allow us to feed the impacts of the risks to the spreadsheet economic model (SEM) so that the output metrics are appropriately impacted.  For those readers who are not starting out with a pre-defined economic model and who have to derive and build the model, or for those who need a layman's description of Monte Carlo analysis, please see my book "Risk Assessment and Decision Making in Business and Industry:  A Practical Guide - 2nd Edition" in which I describe in detail the process of model building.  For examples of real-life models representing myriad business, legal, and other situations, please see my book:  "Risk Modeling for Determining Value and Decision Making."  References for both books are found at the end of this article.

Let's imagine that someone has identified a political risk for a project.  The risk might be stated:
Government red tape might delay the issuance of critical permits.  If the permits are not issued on schedule, significant capex will need to be spent to implement back-up plans.
Each risk should have an assigned risk owner (see my book "Modern Corporate Risk Management:  A Blueprint for Positive Change and Effectiveness" referenced at the end of this article for details on implementing risk processes in existing organizations).  The risk owner should be a person who knows most about the risk.  The political risk might have been first expressed using, say, the traffic-light format.  A red light might have been assigned to this political risk.

Overall, the idea is to translate that "red dot" into something that can be used as input to our SEM.  In a conversation with the risk owner, we might establish ranges (minimum most likely, and maximum values) for pertinent parameters so that, ultimately, the risk can be used to impact the value of the project through the SEM.  So, in our conversation with the risk owner, we might first ask:

    What is the range of probability that this political problem might happen?

A facilitated conversation would result in a minimum, most likely, and maximum percent chance of the problem materializing.  Next, we would ascertain the range associated with the query:

If the political problem does occur, what range of days (or weeks or whatever "time chunks") of delay might we experience?

The answer to this question should result in a minimum, most likely, and maximum number of days of delay.  Next, we would generate a range for the answer to the question:
    How much money - per day of delay - might we spend?
A minimum, most likely, and maximum value of dollars-per-day should result.

From the three ranges, three distributions can be built (see "Risk Assessment and Decision Making in Business and Industry:  A Practical Guide - 2nd Edition" to see how distributions might be built).  These distributions would be used as input to the Monte Carlo equation:

Political Risk Capex = (Range of Delay) * (Range of $/Day)

Using the probability distribution to decide whether or not the political problem should be applied on any given iteration of the Monte Carlo process, this range of additional capex can then be appropriately applied (usually distributed over a time series) to the SEM.  Such application will appropriately impact SEM-output measures of value such as NPV, IRR and the like.

Another risk might relate to logistics.  Such a risk might be stated thus:
If freezing weather arrives more than one week earlier than expected, frozen waterways could delay delivery of critical materials, thus impacting the project schedule.
In a similar fashion to the process used to establish the capex impact of a political problem, a facilitated conversation would be had with the appropriate risk owner(s).  In that conversation, we would establish minimum, most likely, and maximum values for ranges associated with the answers to:
    What is the probability that the weather problem will materialize?
    What is the range of delay - expressed in days - if we experience the problem?

Again, in the Monte Carlo process, the probability range would be used to determine whether or not a delay would be applied on any given iteration.  Such a delay would push forward in time expenditures, production, and all other time-dependent parameters.  Output parameters such as NPV, IRR, etc. would be appropriately impacted.

In this example we have chosen, because of the construction of the SEM, to make our consensus metrics the output parameters of the SEM (NPV, etc.) - typically expressed as cumulative frequency curves.  Any parameter into which risks can be translated can be used.  We refer to this entire process of translation of risks into impact on value as "risk monetization" even though the initial translation of a risk - for example into probability or days or other things - might not be a direct translation into money.  However, it is typical that some expression of value (money) is the ultimate expression.

In the next article (#5), I will address how risks can individually and in confluence impact the perceived value of a project, how risks can be displayed, and how the entire risk assessment process can be the cornerstone of the risk management decision making process.  See, I told you I'd eventually get to the technical stuff!

By: Glenn R. Koller

References:
Koller, G.R., Modern Corporate Risk Management - A Blueprint for Positive Change and Effectiveness, J. Ross Publishing, Ft. Lauderdale, FL, 2007.

Koller, G. R., Risk Assessment and Decision Making in Business and Industry, A Practical Guide:  2nd Edition, Chapman & Hall/CRC Press, Boca Raton, FL, 2005.

Koller, G. R., Risk Modeling for Determining Value and Decision Making, Chapman & Hall/CRC Press, Boca Raton, FL, 2000.

Comments

There are no comments for this entry yet.

Commenting is not available in this section entry.
Member Login