Enterprise Risk Measurement
Overview
Measuring enterprise risks is where some of the biggest challenges of enterprise risk present themselves.
Some risks occur so infrquently such that obtaining relevant data is not possible. (a pandemic or financial crisis)
In other circumstances, the
risk presents its daily, but is hard to measure (think operational risk for example). This corner discusses frameworks
for measuring hard to measure enterprise risk.
If a risk is truly not measurable, that does not mean that that risk should be excluded from an enterprises
risk framework. Sometimes, it is valuable just to have a framework, or model, for discusses the risk internally.
Components of Risk Measurement
There are two generally recognized components of risk size
- Probability of Ocurrence
- Size of the Impact
{% Expected \, Loss = Probability \, of \, Ocurrence \times Size \, of \, Impact %}
Estimating risk is usually an exercise of estimating these two components. Risk monitoring is designed to
estimate whether either of these two components has changed or is changing, and by how much.
Measuring Risks
Non financial risks tend to be harder to measure. There are generally two approaches to trying to get an
estimate of the risk distribution.
Top Down : the top down approach takes an aggregate measure,
such as stock price returns, and removes the measurable risks. The residual is then assumed to be the risk of
the unmeasured piece.
Bottom Up : the bottom up approach tries to measure the impact
of individual risk events and then fits a distribution to that data.
