Anúncio
Prof Hernan Huwyler MBA CPA - Ditch your Heat Maps
Denunciar
Hernan Huwyler, MBA CPASeguir
Director, Corporate Governance, Global Risk Management ERM, Compliance, Audit, SAP, Fraud & Security, SOX Controls26 de Mar de 2023•0 gostou•11 visualizações
0 gostaram
Seja o primeiro a gostar disto
mostrar mais
visualizações
Vistos totais
0
No Slideshare
0
De incorporações
0
Número de incorporações
0
Check these out next
Prof Hernan Huwyler MBA CPA - Ditch your Heat Maps
26 de Mar de 2023•0 gostou•11 visualizações
0 gostaram
Seja o primeiro a gostar disto
mostrar mais
visualizações
Vistos totais
0
No Slideshare
0
De incorporações
0
Número de incorporações
0
Denunciar
Negócios
The summary is about an upcoming Safety Roundtable event on the topic of "Ditch your heat maps" presented by Professor Hernan Huwyler, MBA CPA. The event aims to help attendees transform their approach to safety risk management by moving away from subjective measures such as colours, adjectives, and heat maps, and instead focusing on a data-driven model to quantify and manage operational risks. The event emphasizes the importance of using data and financial information to inform decision making in order to minimize biases and justify investments. Attendees will gain insights on a quantitative model that will help them measure, visualize, and manage operational risks, as well as tips to reduce risk, enhance insurance and protection, and control investment. The event is relevant to anyone interested in risk management, insurance, and safety, and aligns with ISO 31000, the international standard for risk management. The event includes a Q&A session at the end, providing attendees with the opportunity to ask questions and share their perspectives. Overall, the Safety Roundtable event promises to be a valuable opportunity to learn from Professor Hernan Huwyler's insights, network with other professionals interested in risk management, and gain practical knowledge on how to improve safety risk management practices using a data-driven approach.
Hernan Huwyler, MBA CPASeguir
Director, Corporate Governance, Global Risk Management ERM, Compliance, Audit, SAP, Fraud & Security, SOX ControlsAnúncio
Anúncio
Anúncio
Recomendados
Asociacion Profesionistas de Compliance - Initiatives to Reduce the Cost of C...Hernan Huwyler, MBA CPA
Model to Quantify Compliance Risks.pdfHernan Huwyler, MBA CPA
Hernan Huwyler - IE Compliance Corporate Risk Management Full 2023 Hernan Huwyler, MBA CPA
The Behavioral Science of Compliance CUMPLEN.pdfHernan Huwyler, MBA CPA
R is for Risk 2 Risk Management using RHernan Huwyler, MBA CPA
Compliance and the russian invasion - Prof Hernan HuwylerHernan Huwyler, MBA CPA
Prof Hernan Huwyler MBA CPA - Ditch your Heat Maps
- Ditch your heat maps how best to quantify operational and safety risks March 22 2023 Hernan Huwyler and Christian Harris
- Assessing risks with colors and adjectives is common CERTAIN LIKELY POSSIBLE UNLIKELY RARE INSIGNIFICANT MINOR SIGNIFICANT MAJOR CATASTROPHIC LOW MODERATE MODERATE MODERATE HIGH HIGH MODERATE MODERATE EXTREME HIGH HIGH MODERATE EXTREME EXTREME HIGH MODERATE IMPACT LIKELIHOOD LOW LOW LOW LOW LOW LOW LOW LOW LOW
- Heat maps are malpractice Opinion-versus data-driven The best available data are not used Biases affect the communication Aggregation is impossible Adjectives and colors cannot be added Values are compressed Wrong allocation of resources Investments in securities cannot be justified Single scenarios are identified Lack of corporate defense Accepted risks create legal liabilities
- You can improve with a data-driven assessment Data Decision Model Objective Use risk data Gather data on incidents and near-misses Control data on accidents and losses Model risks Calculate the financial exposure to risks Simulate scenarios to set reserves Understand distributions Identify patterns of losses and near misses Foresee the effect of uncertainty Facilitate better discussions Impact decision-making with facts
- Scientific research has proven the flaws of heatmaps What is wrong about risk matrices, Tony Cox, 2008 > worse than useless Further thoughts on the utility of risk matrices, David Ball, 2013 > untrustworthy picture Some extensions on risk matrix approach, Huihui Ni, 2010 > defects still left unresolved On the origin of probability consequence diagrams, Ben Ale, 2015 > single factor impacts Problems with scoring methods and ordinal scales, Doug Hubbard, 2010 > arbitrary features of the scoring Recommendations on the use and design of risk matrices, Niels Duijm, 2015 > aggregation is problematical Back to Basics: Risk Matrices and ALARP, Glen Wilkinson, 2010 > unable to compare risks
- Measure physical security losses Medical costs Property losses Production stops DAMAGE Response Cleanup costs Remediation RESPONSE Closures Productivity losses Emotional costs CONTINUITY Fines Claims Compensations Revenue COMPLIANCE FIRST TIER SECOND TIER THIRD TIER FOURTH TIER
- The bow-tie tool can help you define scenarios CAUSE 1 CONSEQUENCE 1 CAUSE 2 CONSEQUENCE 2 Preventive controls How threats by agents can cause security events Corrective controls How the security objectives are impacted EVENT
- Bow-tie analysis breaks down scenarios into components CAUSE 1 CAUSE 2 CONSEQUENCE 2 Decision tree EVENT FIRST TIER SECOND TIER SECOND TIER THIRD TIER THIRD TIER
- Decision trees are a simple tool for pricing risks 50% Medical costs 15/30K USD Property losses 50/100k USD Earthwork and drainage costs 100/200k USD Earthwork costs 30/50k USD Work closure 100/200 USD No closure Landslide may lead to injuries and damage 2 to 10 acres Workhours Normal work activity Budgeted costs of 200K USD No insurance Overloading Heavy rains Undetected weaknesses 50% 75% 25% 100% Path 1 – (15+50)*100%+100*50%+100*75% = 190 Path 2 – (30+100)*100%+200*50%+200*75% = 380 Path 3 –(15+50)*100%+100*50%+0*25% =115 Path 4 –(30+100)*100%+200*50%+0*25% =230 Path 5 –(15+50)*100%+30*50%+0*100% =115 Path 6 – (30+100)*100%+50*50%+0*100% = 155 190K/380k 115K/230k 115K/155k No closure 100% 420K/765k Risk value 220K/565k Path value
- Consistent approach for a process to manage risks SCENARIO Quantified target at risk Threats Vulnerabilities Multiple experts Locations Single horizon Plausibility test IMPACT ASSESSMENT Quantify losses HSE data Insurance claims Industry estadistics Tolerance test (deaths, polution) DECISION Cancel activity Reasses target Cover by insurance Outsource Change parties Increase preventive or contigency controls Accept Quantify annual occurences Exposure rate to threats Distributions By tiers Calibrated estimates Sensitibity analysis PROBABILITY
- Model loss exposures in the best-and worst-case scenarios MEASURE Base case Worst-case Best-case Confidence level MODEL Monte Carlo simulations Annual exposure at % change Histogram and loss exceedance curve
- Demonstration of a risk quantification model in practice TEMPLATE Integrated risk register with the model in a MS Excel spreadsheet without add-ons RISK AND CONTROL Cross-referencece the security controls to the risk register to balance the costs of measures
- Demonstration of a risk quantification model in practice Example for a road construction project Cost per event from 2,500 to 45,000 … for 90% of the events Upper limit at 10,000 due to insurance Expected to occur each 10 to 33 years … for 80% of the events Average 6,250 * 6.5% = 406
- Demonstration of a risk quantification model in practice Scenario 1, 2, 3,… Accumulated losses Scenario 1, 2, 3,… - Top 75% worst-cases - Base cases - Top 25% worst-cases
- Assessing risks based on colors, adjectives, 5*5 scores, or a wet finger in the wind is simply paper compliance Protecting people requires having data-driven conversations
Anúncio