8 minute read
Scenario Stress Tests to Assess Risk Exposure and the Value of Mitigations
A more comprehensive risk study would comprise the six steps shown in Figure 6.
This case study reviews the qualitative assessment of three shock scenarios. This is associated with the third stage in the cycle - Evaluate. It is worth a few details here on the prior stages of the Risk Management Cycle, which are to identify and specify scenarios. Identification, the first stage of the cycle, can be undertaken by elicitation from sample groups of staff members, who represent the breadth and depth of the organisation, and external experts; and also by reviewing the literature for threats identified or explored there. In the context of both top risks and emerging risks, this basket of activities may be called horizon scanning, and is usually undertaken in an annual process that maintains and adjusts a short list of high priority threat areas.
Cambridge Centre for Risk Studies prescribes additional structure to the identification or scanning process by producing a long and relatively static list or taxonomy of threat classes. The goal of the taxonomy is to provide a boundary for the subsequent risk discussion, not the details of particular threats that can be placed within the taxonomy. When considering the business environment of any company, it is helpful to have a reference to a generalised structure representing different risk areas. For the purposes of discussion in this case study, we refer to the classes within the Cambridge Taxonomy of Business Risks in Figure 7 to guide our discussion of the most significant areas of business risks facing energy value chain companies.
Figure 6: Cambridge Risk Methodology - Risk Management Cycle
1. IDENTIFY Compare list of candidate risks against comprehensive list of causes of business distress
2. SPECIFY Make each threat specific by expressing it as a scenario of explicit metrics and timeline
3. EVALUATE Apply each scenario as a stress test to quantify ‘enterprise impact’ on financials of the enterprise
4. PRIORITISE Rank scenarios and risks according to priorities of the company and an explicit risk appetite
5. MITIGATE Define management actions that will manage or minimize risks to evaluate value of risk reduction
6. MONITOR Routinely check how risks are changing, and horizon-scan to identify comparable emerging risks
Source: Cambridge Centre for Risk Studies
Figure 7: Cambridge Taxonomy of Business Risks
Governance
Social
Non-Compli ance Emerging Regulatio n Internal Corruption & Frau d Negligence ndards ti ng S ta vi sed Accoun Re Occupational Health & Safety tion Li ti ga Private Lawsuit t Mass Tor tion Cl ass Ac Strategic Performanc e Divest itures Joint Ventures Mergers & Acquisitions Restructurin g t Poor Investmen Management Performance Executive Mismanagemen t ective Board e In Management Execution Failure ciencies Business Model D e Techno lo gy Cu st omer Preference Change Pension Management Cont ribution Managemen t Fu nd Managemen t s Products & Service e Product Defect/Failur Innovation (R&D) Failure
Socioeconomic Trends Ageing Pop ul at io n Gender Imb al ance Inequalit y Weal th Poor Educational Standards Migratio n l Human Capita nt le t Ta ac ttr ilure To A Fa ersity iv Gender & D s & St rike s pute bour Dis La Loss of Key Personnel Employee Misconduc t Brand Perception Fake N ew s e erag Cov ti ve Media Nega encer Disruption
n Key I ti ve Customer Experience Nega Sustainable Living m is Cons umer Activ g Sustainable Purchasin e Supply Chain Provenanc Diet Health Trends Obesit y it y Longev timicr obial Resistance An Medical Breakthrough s e Healthcar Social Car e Infectious Disease s nza Pandem ic ue In Coronavi rus-like Epidemics s l Hemor rhagic Fever Vira Preventable Disease Outbreaks se s Unknown Emergent Disea
Environmental
Extreme Weathe r Fl oo d al Windstorm Trop ic Temp erate Windstor m Drough t e Freez e Heatwav re Wi ld l Geop hysi ca Earthquake ic Eruption an Volc am i un Ts Spac e m Solar Stor t Astronomical Impact Even Cl im at e Chang e Physica l Li ab ility Transi tion Increase in Extreme Weathe r Sea Level Rise cation i Ocean Acid Lower Carb on Economy Environmental Degradatio n Wast e & Pollutio n s Biodiversity Los e Ecosystem Collaps Deforest at io n Soil Degradation ciency e source D l Re tura Na Fossi l Fu el s Biogeochemical s w Materials Ra te r Wa y Food Sec urit c Animal Epidemi Plant Epidemic Fami ne
Technology
Geopolitical
l Financia
y Disru pti ve Technol og E-Commerce Gi g Econom y cial Intelligenc e t Ar Techno lo gy 5G Blockchain at io n Robotics & Autom al it y Virtua l Re Augmen ted/ y nc Cry ptocurre s icle Au to nomo us Veh Drones Medical Advances be r Cy tion ltra x E ta Da al ware ious M Cont ag Cl oud Outage l Thef t ia Fi nanc Dist ributed Denial of Servic e Internet of Things Industrial Control System s Internet Failure st ructur e al Infra itic Cr Power t Transp or at io ns ic Te lecommun s Satellite System ter & Wast e Wa Fu el s Ga Industrial Acciden t Fi re n Explosio Pollution Structural Failure Nuclea r
Business Environment (Country Risk) il ab ilit y le nt Ava Ta Industrial Actio n Minimum Wage Hike s Sanction l Di sp utes itoria Terr st rictions s Re Logi st ic Corr uptio n & Cr im e at io n Corr uptio n De terior acy Increas e ime Wave/P ir Cr Slav ery Practices Government Business Policy Emerging Regulatio n e Corp oration Tax Rate Hik Tax ts Divert ed Pro at io n al is tion Na s scat io n of Asset Co n Privatisatio n Li cense Revocation ernmen t Gov Change in Protectionism al ism/ tion Na dicalism g Ra in ft-W Le m al is tWi ng R ad ic Ri gh Populism Environmentalism Political Violence Social Unres t m is Terror r Ci vi l Wa ict & n Subnational Co t ta Co up d 'É t ic Interstate Con al Military War tion Conven Asymmetric Wa r Nuclea r Wa r ar Co ld W
Economic Outlook Recession Stagnation Cont ractio n risi s Cred it C h Steady Growt n Expansio Acceleration Peak Economic Variables tion luctua Commod ity Price F at io n In Interest Rates Market Crisi s Asset Bubb le Bank Run Sovereign Debt Crisi s h Fl ash Cras Frau dulent Market Manipulation ncy Fai lure Cry ptocurre e Currency Shift Reserv g Environmen t Trad in Dispute Tari Cart el Manipulates Marke t Organised Crim e utlook Comp any O Hostile Takeover g Downgrad e Cred it R at in Investor Negative Outloo k Comp etitio n r Disrup ti ve Com petito r Aggressive Com petito r Frau dulent Competito Intellectual Property Theft ty terp ar Co un Supplier Failure Cu st omer Failure ai lure Government F ai lure Cred itor F raud ty F terp ar Co un
Source: Cambridge Centre for Risk Studies, 2019 CTBR_V2.0
Figure 8: Descriptive Stress Test Scenarios
Geopolitical Crisis: Middle East Conflict Natural Catastrophe: Hurricane in the Gulf of Mexico Liability Risk: Litigation Against Carbon Emissions
Source: Cambridge Centre for Risk Studies 2019
The third stage of the cycle is to select a subset of risks from the taxonomy, to be later assessed or evaluated for business impact. Rather than consider risk types in the abstract, we prepare a long list of scenarios each of which illustrates a different threat type. Stakeholders are convened or polled to compare those scenarios. Iterating with stakeholders allows scenarios to be revised, or new scenarios to be added. Examples of such scenarios can be seen in Figure 8.
A preliminary and usually qualitative evaluation of scenarios by their impact is undertaken by stakeholders. The output of this is a selection of scenarios and their corresponding threat types. That is, the Select stage typically involves a preliminary assessment, with the main evaluation in the third stage to follow. A qualitative Evaluate stage may iterate in a facilitated process between expert judgement, translational work from the empirical and other research literatures, and stakeholder validation.
Beyond qualitatively evaluating risk impacts of a given scenario, a deeper study (that is beyond the scope of this report) would produce a set of empirical or modelled quantitative outputs, to Evaluate:
• Maximal loss for each scenario • Probabilistic assessment leading to estimation of average loss such as annualised average loss • Value of existing and potentially new resilience measures The goal is a set of evaluation processes that, by consistency of methodology, allow comparison between different scenarios, and thus aggregation across all scenarios, to:
• Put a value on existing resilience capacity and to give a cost-benefit analysis of changing or investing in resilience measures • Identify the potential for risks to scale or cascade and the paths by which that happens
Such a quantification framework requires a comprehensive library of scenario stress tests and methodology for translating scenario severity into metrics for business impact. It is beyond the scope of this case study to expand on the remaining stages in the Cycle, which are to Prioritise, Mitigate and Monitor risks. Very briefly, prioritisation is in terms of threat impact, as generated by the Evaluate stage, and may also reflect mitigations: a scenario with higher impact, or mitigations that are less costly or more effective, will tend to be highlighted for management attention. Monitoring is natural in dual checking the expected effect of mitigation, and also useful in updating certain scenarios whose characteristics, such as probability of occurrence, vary over time.
