Читать книгу Business Risk and Simulation Modelling in Practice - Rees Michael - Страница 12

Risk assessment processes and tools are already widely used in some business contexts. Typical applications include general planning and forecasting (e.g. revenue and capital expenditure, financing needs), cost estimation and contingency planning, project schedule uncertainty, portfolio structuring and optimisation, valuation of the flexibilities associated with being able to respond to uncertain outcomes or of gaining additional information (such as real option analysis), and general decision-making under uncertainty. Such applications apply to essentially any sector; key examples include oil, gas, energy, resources, construction, pharmaceuticals, insurance, reinsurance and finance.

Of course, formalised risk assessment is much more than simply “expecting the unexpected” by identifying possible risk factors in advance. Ultimately, the overall objective is to enhance organisational performance through superior project design, selection, decision-making and management. In particular, the essential role of risk assessment is to support the development and choice of the optimal context in which to operate (operating within the best structural context, and mitigating and responding to risks within it in the best way), and to support the evaluation of a final decision within that context by taking into account the residual uncertainty and risk tolerances of the decision-maker. This may be achieved through more specific objectives, which are generally of several forms:

• Adapting and improving the design and structure of plans by managing, mitigating or exploiting uncertainties.

• Achieving optimal project structures and economically efficient risk mitigation.

• Enhancing decision-making concerning project evaluation, objectives and target setting, contingency planning and the reflection of risk tolerances within the decision-making processes.

• Managing project execution and implementation effectively.

• Constructing, selecting and optimising business portfolios.

• Supporting the creation of strategic options and corporate planning.

1.4.1 Adapt and Improve the Design and Structure of Plans and Projects

Perhaps the main role of risk assessment is to enhance a particular set of (original) plans to include risk mitigation, management or response measures:

• The identification of risks, and the generation of an understanding of their interactions, dependencies and likely significance, drives the identification and development of possible response actions.

• In this way, plans are improved, both reducing adverse risks and exploiting upsides (such as operational or strategic flexibilities), with such actions, and their effects, costs and benefits, being included in a revised plan.

Much benefit can often be achieved even when such processes are only of a qualitative nature, because key individual risks would nevertheless typically be identified, and some consideration of possible risk-response actions would be undertaken. However, quantitative approaches will provide a much larger set of benefits, as discussed later in the text.

1.4.2 Achieve Optimal Risk Mitigation within Revised Plans

When considering the structure of a project or plan, there are generally many possible risk-response measures available. Some risk items are more controllable (or exploitable) than others, and the cost of doing so will be different for each. For example, the variation in oil prices may be essentially uncontrollable (there may be possibilities to hedge or engage in forward contracts in the short term, but in the medium term the impact on a business is typically largely uncontrollable).

In general, one may prioritise and implement measures in some order driven by a cost–benefit analysis of each one, and after implementing some of them, one would arrive at a point where the use of further measures is not economically efficient. For example, the risk of having an accident when crossing the road is rapidly reduced when low-cost measures are implemented (such as looking each way, or perhaps wearing running shoes or reflective clothing) but in many cases it would not be economically efficient, or practical, to eliminate the risk entirely (by having a bridge built): the marginal risk reduction that would be achieved by such a measure cannot be justified by the marginal cost increase that would be needed to implement it.

There may also be interaction between any such measures, so that there may be some measures that would make (economic) sense in isolation, but would not make sense within the wider context of a set of measures. Indeed, whether a particular measure makes sense may depend on which other measures are implemented first.

Further, in practice, risk-response actions may also affect multiple metrics (or line items in a model), so that the making of the appropriate trade-off between them may be non-trivial.

Thus, although the choice of measures to implement could be considered as a quantitative optimisation problem, the use of such approaches in these contexts is usually limited by practical considerations; a mixture of judgement, pragmatic considerations and some basic quantitative analysis is usually sufficient to find a mix of measures that is (close to) optimal.

1.4.3 Evaluate Projects, Set Targets and Reflect Risk Tolerances in Decision-Making

Once the “risk-optimised” structure has been found, there is still generally residual risk; some risks will not be economically effective to eliminate, even where doing so would be possible. One is still exposed to potentially adverse outcomes, so that the ultimate outcome may not be satisfactory (of course, the chance of a satisfactory outcome should increase as a result of the risk assessment activities).

Nevertheless, it is still of fundamental relevance to understand the extent of residual (or non-controllable) risk that remains after all worthwhile measures (or decisions) have been implemented: the range of possible outcomes will help to establish whether to proceed or not with a particular decision, or to inform the process of modifying targets and setting contingencies. For example, before a decision is made, one may typically wish to know the average outcome, as well as the best or worst 10 % of cases for key metrics (such as sales, cost, cash flow). Risk tolerances therefore come into play when the final decision is being made: one person may reject a decision that has a 10 % chance of a significantly bad outcome (even if all other outcomes would be highly favourable), whereas another person may choose to proceed, in order to generally benefit from the mostly positive outcomes.

1.4.4 Manage Projects Effectively

Risk assessment also has a key role to play in project management and execution. For example, one may wish to analyse potential risks relating to the schedule, potential delays, specific cost items or on-specification delivery. To some extent, such activities are a continuation of those that may have been initiated at project design and conception: risk considerations relating to project execution should ideally be reflected in the earlier stages of conception and basic design; projects that are expected to be more complex to execute than others should be evaluated less favourably.

However, in practice it is not possible to fully take into account all project execution risks at the earlier stages of project conception:

• Very often, following authorisation, a much more detailed planning procedure is undertaken prior to (or as part of) the implementation: items such as detailed technical planning, obtaining quotes from several suppliers for all outsourced items, conducting contractor negotiations, planning internal resources and making resource trade-off decisions can really only be conducted once decisions to proceed have been finally made.

• In the time period between the authorisation and the implementation of a decision, the external environment may have altered (such as a change in regulations issued by the government, or other risk events materialize, which alter the best possible future course of action). There may often be some change to the scope, or other changes that may have occurred.

• The project may inherently contain phases (or decision gates), where future activities within the project may need to be adapted as the project proceeds; examples include exploration, appraisal and development projects in the oil, gas and resource sectors, as well as in pharmaceutical development.

1.4.5 Construct, Select and Optimise Business and Project Portfolios

Most businesses are portfolios of activities or other elements in some way. For example, sales revenues are the sum of those of different product lines, regions, business units, customers, geographies, projects or assets. In general, the constituent components typically have different characteristics in terms of their implications for key business metrics, such as growth rates, capital investment requirements, project delivery timeframe, cost, cash flow, return on capital, etc. (as well as for their associated risks):

• Mature projects (or products that may be generating a fairly dependable stream of revenues or cash flow) may require little ongoing investment or development activity.

• Projects currently in the implementation phase may require significant amounts of cash investment: whilst not yet producing revenues, these may nevertheless be of medium risk, in the sense that future revenues and cash flow may be uncertain, subject to uncontrollable factors, or to overruns in capital expenditure, or to implementation delays.

• Projects in research or early-stage development may currently require fairly small investments, but their success or failure (and associated timeframe) may be crucial to the medium-term performance or to the long-term survival of the business; in that sense, these projects may be considered highly risky.

• There may also be existing joint ventures, potential acquisition possibilities, and so on; each will have its own specific risk profile for key metrics.

In addition, there will be some issues that are important at a corporate (or aggregate) level, even though such issues may be less relevant at the level of individual projects. For example:

• Generally, issues concerning corporate cash flow, financing, debt and equity structures, treasury and tax have to be dealt with at the corporate level, even though the aggregate corporate position is driven by individual projects.

• Although individual projects within a set of investment projects may appear to make sense on a stand-alone basis (for example, each may have a highly positive net present value, resulting from some initial investment and then a series of positive cash flows), in aggregate, the investment requirements for the full set of projects may be too high to allow them all to be implemented simultaneously. There could also be non-financial constraints to their simultaneous implementation, such as technical expertise or material resources.

• Holding a portfolio of “high risk/high return” projects may be acceptable, even if – when viewed in isolation – each individual project would likely be judged as too risky. For example, a project with a 30 % chance of success (creating a net gain of $100m), and a 70 % chance of failure (creating a net loss of $10m), will have a positive (weighted) average net gain of $23m (i.e. 0.3 × 100–0.7 × 10). On a stand-alone basis, one may wish to avoid the possibility of a $10m loss; however, as part of a portfolio, the project may be acceptable:

• As part of a mixed portfolio of stable cash-generative projects (whose cash flow could be used to cover the investment of the newer projects, or of any additional costs resulting from unexpected events), the single project may also be acceptable.

• If the project were shared with partners, in order to reduce the effective investment and exposure to losses, one could still partly benefit from the average positive nature of the project whilst reducing the downside losses proportionally.

• A large portfolio of similar but independent projects would be profitable not only on average, but also in almost all cases. For example, given 100 such projects, it is very likely that outcomes close to the average would be observed in most cases, i.e. close to 30 successes and 70 failures. Since the benefits of success easily outweigh the cost of failure, such a portfolio would be attractive in general, as success at the portfolio level is almost guaranteed (providing that there is financing available to cover early failures). Figure 1.1 shows the distribution of the number of successful projects, such as that in 77 % of cases the number of successes is between 25 and 35 inclusive (the details of such analyses are discussed later in the text).

Figure 1.1 Number of Successful Projects out of 100, Each with Probability of Success Equal to 30%

Risk assessment (and uncertainty analysis) can have a number of applications in the construction, adaptation and optimisation of project portfolios, to help to ensure that business growth or other objectives are met:

• Identify, for any assumed portfolio, how likely it is that corporate objectives and targets would be achieved with that portfolio:

• Identify whether new projects or different activities are required; this is related to the development of strategic options, which is covered separately below.

• Understand the level of “natural diversification” within it: for example, where cash-producing projects can cover the financing of key investments, so that new calls to financing are not required at the corporate level.

• Understand the level of residual uncertainty within the portfolio, to ensure it is appropriate and in line with risk tolerances. For example, equity investors generally expect that the business will take some level of risk, but one that is appropriate for its strategic positioning and which is in line with reasonable expectations for a business of that nature.

• Ensure that commonalities across portfolio elements are correctly evaluated:

• Common risks could be related to technology, exchange rates, regulatory regimes, price levels, input costs, and so on. A risk that is common to all projects or business units may be important at the corporate level but may only appear to be of medium importance at the project or business unit level.

• In general, dependencies between the portfolio elements need to be captured correctly in order to avoid either excess or insufficient diversification of the portfolio.

• Optimise project contingencies within a corporate context:

• Individual project contingencies, when added up at the corporate level, could be significantly too high (or significantly too low), depending on the contingency level planned for each component (see Chapter 4).

• The issue of balancing the amount of contingency to hold at the level of an individual item versus at an aggregate organisational level is perhaps one of the most challenging issues in practice, and has implications for organisation design (e.g. issues of centralisation and decentralisation), authorisation processes and project management.