Benefits of stress testing in risk management - Business Works
BW brief

Benefits of stress testing in risk management

by David Hillson, the Risk Doctor Stress testing originated in engineering to check that structures such as bridges, roads, tunnels and buildings would carry the expected load without collapsing. It was usually performed as a desktop exercise, modifying design parameters to simulate what might happen if extreme or unplanned conditions occurred. From these beginnings, stress testing has spread to other areas. Dr David Hillson, the Risk Doctor, looks at its relevance in risk management.

In the world of software and hardware development, the stress test involves pushing systems beyond the limits of their normal operational capacity and the discipline of reliability engineering has developed to specialise in this type of analysis.

More recently, stress testing has been used in the financial sector, with governments and regulators checking that banks and other financial institutions have sufficient capital reserves to cope with sudden and severe changes in the market.

Specifically, in the risk field, the concept of stress testing also forms part of business continuity and disaster recovery, where business continuity plans are tested in advance to ensure that they will work if a real disaster arises. Realistic scenarios are played out as if they were actually happening and weaknesses in planned responses are exposed and corrected.

improving the way we manage risk

Can stress testing help more generally in improving the way we manage risk? There are two ways we can use this important approach:

  1. Stress test our identification of risks: We need to know whether our process for identifying real risks is robust enough to find any uncertainty that might affect achievement of our objectives. If we don't see a risk, we cannot manage it.

    • We could review previous similar situations and identify major threats that occurred and significant opportunities that were missed. Then we can ask whether our standard risk identification approach would have found these risks, or do we need new techniques?

    • Is our risk landscape too small, focusing only on internal risks within our area of responsibility? How will we address risks raised by suppliers, contractors or clients, or strategic risks from within our own organisation?

    • We should also consider what we would do with big risks that are identified outside our normal risk review cycle and which require urgent attention. Do we have a way of bringing these risks into the risk process immediately, or must we wait for the next meeting?

  2. Stress test organisation readiness: This involves simulating what might happen if our risk exposure radically changed in an unexpected way.

    • What if our risk assessments were wrong, and risks assessed as 'low probability' actually happened, or 'low impact' risks turned out to have a major effect? Do we have good response plans for these surprises? And how can we validate our risk assessments so that we get it right more often?

    • What would we do if the top three threats all occurred at the same time? Or the top three opportunities? Can we cope with multiple risk occurrences, especially if they influence each other so that the sum is more than the parts?

    • What would happen if our biggest risk actually occurred during the weekend or a holiday period?

Risk management involves looking ahead to imagine futures that are currently not expected and preparing in advance. We should apply the same thinking to our risk process so that we can cope with whatever the future brings.



For more information or to contact Dr David Hillson, the Risk Doctor, please visit: www.risk-doctor.com



Tweet article
BW on TwitterBW RSS feed