On how the current top-down (command-and-)control approach, and the \'middle-out\' modelling aproach, will and can not work in the end. A new paradigm, bottom-up KISS risk management will be needed.
8. De Toekomst…
• ALLE risicodiscussie is subjectief
• Gaat over de toekomst,
• De ∆ van onzekerheid
• Bestaat alleen in de verbeelding
• RM is speculeren over de toekomst
• Toch… amechtige pogingen
9. Overhead
Evaluate design & Analysis Monitor & react
set-up
Operational Risk Problem
Management Mgt
Incidents
ORAP Inherent for analysis
Controls Risk indicators
risks (Problems)
R(S)A (K)ORC KRI Incident
(+Audit) (Mgt) (Mgt) Mgt Insu-
Near rance
Designed, Tuning,
Selected for Mandatory
misses CLD Mgt
efficiency
Corrective
KRI actions
values Incidents Indemnities
Process
Breach
Very, very basically
Surprise!
14. Initiële auditissues Forecast ultimo 2011
1 2
3 4 4 3
5
9
7 8 6
9
Kans
Kans
6
2
7
1
Impact Impact
• 1 Kans Kansloos
• … per? jaar? transactie? nanoseconde?
• 1 Impact Kansloos
• … Alleen financieel? reputatie, etc.? tijd; vs ingrijpen?
• H x H = 25 Kansloos
• 3xM=H Kansloos
• ’16’ > ’12’ Kansloos
• Wie schat ‘H’; hoe en met welk ‘bewijs’?
15. In particular, for any consistent,
effectively generated formal theory that
proves certain basic arithmetic truths,
there is an arithmetical statement that is
true, but not provable in the theory.
Kurt Gödel
No matter how perfect you try to risk
manage, incidents will happen
Yours Truly
16. ∫ ( Kansfunctie ×? Impactfunctie )
∑( Kosten van tegenmaatregelen )
Voor vele series van functies en parameters, impact
schattingsranges (…), variabele sets van tegenmaatregelen
Inclusief variabele maten van effectiviteit, met vage noties van
risk appetites in de achterhoofden van sommigen
21. En dan zijn er nog kosten
What was it astronaut John Glenn said
went through his mind as he awaited
lift-off?
"You're thinking you're sitting on top of
the most complex machine ever built
by man, with a million separate
components, all supplied by the lowest
bidder."
23. Combinaties
Externe data Scenario´s
• Relevantie; toepasselijkheid
(modereren vs bias)
• Resultaten uit het verleden
• Te weinig data (?)
• Self-reporting !?
• Veel (!) te weinig data; kwaliteit • Te weinig data (?)
• Self-reporting !? • Kennis, zicht op risico’s
• Resultaten uit het verleden • Zuiver en alleen lokaal bruikbaar
• Kennis en kunde
Interne data • Percepties van risico RSA´s
28. Bottom-up dan ..?
In theory, nothing works, In practice, everything works,
and everyone knows why. but no-one knows why.
We have in our organisation a combination
of theory and practice.
35. J. R. Galbraith, "Organization Design: An Information Processing View" Interfaces, 4 (1974), 28-36 Summary
Galbraith believes that "the greater the uncertainty of the task, the greater the amount of information that must be
processed between decision makers during the execution of the task to get a given level of performance". Firms
can reduce uncertainty through better planning and coordination, often by rules, hierarchy, or goals.
Galbraith states that "the critical limiting factor of an organizational form is the ability to handle the non-routine
events that cannot be anticipated or planned for".
When the "exceptions" become too prevalent, they overwhelm the hierarchy's ability to process them. Variations in
organization design arise from different strategies to increase planning ability and to reduce the number of exceptional
events that management must resolve.
Galbraith defines a continuity of organizational forms that firms utilize to reduce uncertainty:
1. Creation of Slack Resources. These include extending delivery times, adding more money to the budget, and
building inventory (all which have inherent costs). If a firm fails to actively create a higher level strategy to address
uncertainty, this strategy will occur by default.
2. Creation of Self-Contained Tasks. One strategy at this level is changing from functional to product groups.
3. Investment in Vertical Integration Systems. Condensing the flow of information by building specialized languages
and computer systems can help analysis and decision making.
4. Creation of Lateral Relationships. Moving the decision making power down in the firm to where the information
exists can reduce uncertainty at the decision level.
There are various strategies of increasing complexity to achieve this:
A. Direct contact between managers across groups
B. Liaison personnel between groups.
C. Task Forces
D. Teams
E. Cross-group Managers (project managers, program managers, etc.)
F. Linked Managers (with power over some cross-group resources)
G. Matrix Organization
38. Conclusie
• Risk Management op de huidige manier,
werkt niet
• Gedreven door CYA, angst voor de wereld
• RM of the Universe is een fantasie
• Idealen bijstellen,
via Bottom-up (andere) idealen halen