February 8, 2012

Why Value Investing is Not for Everyone

There are several reasons:

  • They are not aware of it
  • They do not believe in it
  • They need results quickly.  This is especially true for fund managers who are under pressure to not only show results every quarter, but not be at the bottom rank of performers for that quarter.
  • It is not very exciting.  Value investing requires copious amounts of research and patience.  Many people enjoy the thrill of day trading.

Value investing may work, but it is not the only one that works. 

November 29, 2011

Kahnemann, Empricial Data on BCP for Small Businesses

Roundup
 
- Daniel Kahnemann has a new book titled "Thinking Fast and Slow".
 
- Someone in LinkedIn group "Business Continuity Management & Risk" is asking where to find metrics that show BCP is "worthwhile" for small businesses.  Suggestions were to look at regulators and government offices set up to help small business (offices such as http://www.sba.gov/).  Others are convinced no such empirical data is available, after having spent time looking for them previously. 
 
Someone questions the question.  Why the need for empirical data when it is clear that a catastrophe means end of the company?. Someone suggested looking at 9/11 as proof of the value of planning for disaster (mostly in convincing people that disaster CAN strike). But the original poster thinks more 'normal' disasters can be more compelling than extreme (and rare) ones such as 9/11.  Someone suggests that the Bishopgate Bomb can provide a useful resource in comparing the impacts between those with BCP and those without.
 
The Waffle House apparently lives in hurricane country and has a very simple and effective BCP plan in place.  More details in http://online.wsj.com/article/SB10001424053111904716604576542460736605364.html.  The company is famous locally for their very quick Return to Operations ability (when the shops are still closed, locals know the danger is not yet over) and uses this to their advertising advantage.
 
Finally Tim Cousins from Australia makes a suggestion to read "The Risk/Earnings Ratio - New Perspectives for Achieving Bottom-Line Stability." (http://www.fmglobal.com/assets/pdf/P09232.pdf).  Tim seems to be also the author of another recommended paper "Organisational Resilience Position Paper", available here:  http://www.emergency.qld.gov.au/publications/pdf/Organisational_Resilience.pdf
 
Someone from the US recommends a read of "The Impact of Catastrophe on Shareholder Value" by Knight and Pretty and says he often uses this paper as a seling point.  (This paper is mandatory reading in the IRM Risk Diploma, so I am quite familiar with it).
 
Dori makes the stunningly obvious (but forgotten!) point that insurance companies would have the best emprical data.
 
The silver lining in disasters is that they often provide the opportunity to restructure (re-engineer), using the sudden infusion of cash from insurance (such as Business Interruption Insurance). 
 
In addition to empirical data, someone suggested to personalise the effects of a disaster.  What would be the impact to you, Mr / Ms Business Owner, what is the cost of lost sales, claims, etc.?
 
 
 
 
 

September 22, 2011

ModelRisk

VOSE Software provides a software tool called ‘ModelRisk 4’ which allows analysts to run Monte Carlo simulations within Microsoft Excel.  The software is able to display the results in graphics format.   The ‘Standard’ version of the product is free and is not time-limited.   You can download it and use it for as long as you like.  If you need more powerful features, the company sells the ‘Professional’, and ‘Industrial’ version of the products.

The software is supported by a very comprehensive help file which goes beyond merely explaining how to use the software, but also gives a brief explanation of the various data analysis functions and their purpose.    But for more in-depth analysis, you can turn to David Vose’s book ‘Risk Analysis: A Quantitative Guide’.   David runs VOSE Software out of Belgium. VOSE Software also provides risk consulting services.

May 25, 2011

Likelihood of an Event

The biggest constraint in risk management, indeed the very reason for the existence of the discipline, is our inability to foresee what will happen next. In most cases where people have to manage the risk of an event, it is very common to rely on subjective estimates of the likelihood that an event will happen. It may be easy to deliver criticism of this approach, but alternative options are limited.  An improvement over such a simplistic 'gut feel' approach is to incorporate the phenomenon that events of a smaller scale occur at a higher frequency than similar events of bigger scale.  Earthquakes of low magnitude occur very frequently. Killer earthquakes occur far less frequently. The relationship of the frequency between the two types of events is described a the Power Law Distribution.  If we keep track of smaller scale events, we will be able to predict with a certain degree of confidence the frequency of the bigger scale events.

May 24, 2011

Deciding That a Crisis is Upon Us

A key challenge that needs to be met in the face of a serious situation is determining whether we are in a crisis or not? Whence is the transition from non-crisis to crisis? Is it time to initiate the crisis management plan, or not yet?

The US military gives us a good model of crisis with the DEFCON
status. It allows a staged reaction to a crisis that may be impending
or may not be impending.  It allows the military to prepare and also not to over-prepare.

As facts become known, and the understanding of the situation becomes more solid, the authorities are able to step up or step down preparations
and mobilisations for handling the crisis.

Business organisations would to well to think about a staged approach to
their crisis management plans.

Some Regulatory Business Continuity Links

By no means a complete list...

Australian Prudential Regulatory Authority

Guidance Note GGN 222.1
Risk Assessment and Business Continuity Management
http://www.apra.gov.au/General/loader.cfm?url=/commonspot/security/getfile.cfm&PageID=8532.

Guidance Note AGN 232.1
Risk Assessment and Business Continuity Management
http://www.apra.gov.au/Policy/loader.cfm?url=/commonspot/security/getfile.cfm&PageID=8529

Prudential Standard APS 232
Business Continuity Management
http://www.apra.gov.au/Policy/loader.cfm?url=/commonspot/security/getfile.cfm&PageID=8528

Prudential Standard GPS 222
Business Continuity Management
http://www.apra.gov.au/General/loader.cfm?url=/commonspot/security/getfile.cfm&PageID=8531


Commission of the European Communities (2005): Green paper on a
European programme
for critical infrastructure protection, November
http://eur-lex.europa.eu/LexUriServ/site/en/com/2005/com2005_0576en01.pdf

De Nederlandsche Bank (2004)
Business Continuity Planning
http://www.dnb.nl/en/payments/bcp/index.jsp

Beyond the Risk Register

A few months ago, someone in a program management office noticed that a new employee had taken a master's degree course in risk management.
A brief cackle burst forth, asking: "why would someone need a master's degree in risk management?"

It's a good question.

Risk management is, for many people in projects, one of the very basic things that anyone can do. It's not rocket science. To most people,
risk management is simply the risk register - often created because it
is a mandated part of the project management procedures - and not much
else.

And anyone can create a risk register. All you need is an Excel
spreadsheet and a template of the right headings, or a risk management
software, and start populating it.

Even the risk management framework is simple enough: identify the
risks, give an estimate of the likelihood, determine consequences,
identify controls, estimate residual risk, identify who is
responsible, and then rank the risks for prioritisation.

Brain surgery is equally simple: identify the area to be incised,
determine the likelihood of success, determine the risks, etc. People
know that not all surgeons are equally qualified to do brain surgery.
Even among brain surgeons, there is a qualitative difference in
experience and consqeuently, results.

Riding a bicycle is also equally simple, but everyone knows there is a
magnitude of difference in the performance of a rider at a Tour de
France level, and someone who rides for leisure.

But what about risk management? While anyone can come up with a risk
register, there can be a serious difference in the results.

Some areas where competence in risk analys would produce a marked
difference in results

* Risk identification - are we identifying the right risks? Are we
missing any? Are putting in risks that aren't risks? Missing a
critical risk can prove catastrophic to a project.

* Risk likelihood - are our estimates any good? Is there available
data we should be using? Overestimating can prove costly.
Underestimating can prove disastrous.

* Risk consequences - how credible are our estimates of consequence?
How complete is it? An inept analysis of the consequences will mean
poor preparation and mitigation of the consequences.

* Risk control - how realistic are the controls and mitigations we
have identified? How good is our decision-making on which controls to
implement? What is the impact of our controls

* Risk prioritisation - are using the right prioritisation approach?