How Simple Analytics Could Make Risk Management More Strategic

Many comms providers use analytics software to manage risk but this technology is often focused on narrow and particular problems instead of using data to influence the organization’s biggest decisions. For the average telco, the Venn diagram of ‘enterprise risk management (ERM) activities’ and ‘use of advanced analytical technology to mitigate risk’ would be two separate circles with no intersection, even though they both supposedly relate to managing the company’s most important risks. Spending on analytics for risk management gets budget approval when applied to tools that address narrow edge cases, such as identifying anomalies in CDRs, determining optimum locations for cell sites, or observing unusual purchasing patterns amongst customers. Meanwhile, the company’s so-called risk register will include such uselessly abstract and subjective entries as ‘risk of a security breach: probability low, impact high’ or ‘risk of a new competitor entering the market: probability very low, impact very high’. This is insane. If professional risk managers are not piecing together sufficient data to deliver an informed evaluation across all risks then nobody else is going to do it. And if nobody can deliver a top-down understanding of the organization’s most significant risks, how can any risk manager tell if their efforts are focused in the right places?

My own career went through a phase where I could explain to executives the significance of factors that altered the duration of CDRs by tenths of a second but where I struggled to persuade anyone that it was pointless to debate whether a broad risk category should be evaluated as ‘quite high’ or ‘pretty high’ or ‘fairly high’. Some very well paid managers love to share their subjective assessment of risk but those behaviors will never be turned into a real measurement of risk. I received a good salary for the worthless task of compiling and maintaining risk registers that were full of fluff. The contents of these risk registers rarely resulted in useful improvements because they did not promote meaningful actions that the company had not already decided to take anyway. They were more like a log of rationalizations for all the activity (and inactivity) that the business had settled upon already. In other words, businesses often choose to make their risk managers inert, except in some very specific cases where there was a demonstrable recurring problem and nobody else would benefit by tackling it. Inert risk managers do not stop executives from making the decisions they already wanted to make, but very specific risk solutions can help them find some quick money to disguise endemic failures in the company’s strategy. This is how I expect risk management will remain for the foreseeable future, but I did want to share with idealistic readers a simple way to start using numbers to influence the company’s most important decisions, and thus develop a roadmap for increased data analysis over time.

Hans Læssøe is a Danish risk consultant who spent 9 years as the Senior Director of Strategic Risk Management at LEGO Group. He offers refreshingly straightforward and practical advice, as befits somebody who managed risk for a globally successful business whose core product is elegantly simple. The following paper shows how Læssøe applies basic ideas surrounding numerical variances to the company’s profitability, and thus systematically builds up an understanding of how much the company would be affected by different risk scenarios. This encourages decisions that are most likely to generate good results even when the world does not behave as desired. The modular aspect to Læssøe’s approach means the risk manager is immediately able to establish a measurable connection between risk and the company’s performance, whilst remaining free to keep improving the analysis by feeding in more granular data as it becomes available. I especially like Læssøe’s approach because it is very suited to the business models of comms providers, many of whom need to form an intelligible bridge between expensive network capex decisions and an enormous number of small-value transactions that will occur over a period of many years but which will determine if the network capex decisions were profitable or not. Læssøe’s paper is so well argued that all risk managers would benefit from reading it, even if they already understand and agree with its central thrust. Vendors of risk analytic systems should also read it. They may not believe they can immediately sell a system which exploits Læssøe’s ideas, but most vendors could cheaply and easily support this kind of analysis, and opening doors for further investment in analytics would ultimately be in their best strategic interests too.

Læssøe’s paper, entitled “Leverage your ERM as a powerful decision tool” can be viewed as a LinkedIn embed below (mouse over and click on the rectangle at bottom right to maximize) or you can obtain the paper from his website.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.