A STUDY ABOUT RISK ANALYSIS WITH EXPLANATIONS AND A CASE STUDY

University Degree Business and Administrative studies

A STUDY ABOUT “RISK ANALYSIS”

WITH EXPLANATIONS AND A CASE STUDY

ABSTRACT

This following report explain risk analysis, facilitated risk analysis process and its concepts and processes. Then it summarizes how risk can measure and control and an approach of risk analysis called as Simulation Approach. At the end, there is a case study to analyze how the risk analysis can apply in a case. Risk analysis is a technique to identify and assess factors that may jeopardize the success of a project or achieving a goal. This technique also helps to define preventive measures to reduce the probability of these factors from occurring and identify countermeasures to successfully deal with these constraints when they develop to avert possible negative effects on the competitiveness of the company. One of the more popular methods to perform a risk analysis in the computer field is called Facilitated Risk Analysis Process (FRAP). FRAP analyzes one system, application or segment of business processes at time. Risks come in all shapes and sizes; risk professionals generally recognize three major types. Market risk is the risk that prices will move in a way that has negative consequences for a company; credit risk is the risk that a customer, counterparty, or supplier will fail to meet its obligations; and operational risk is the risk that people, processes, or systems will fail, or that an external event (e.g., earthquake, fire) will negatively impact the company.

RISK ANALYSIS

CONTENTS: PAGE NO:

DEFINITION OF RISK ANALYSIS…………………………..1

FACILITATED RISK ANALYSIS PROCESS……………….1

CONCEPTS AND PROCESSES.............................................. 5

RISK CONCEPT....................................................................... 6

Exposure
Volatility
Probability
Severity
Time Horizon
Correlation
Capital

RISK PROCESSES..................................................................10

RISK AWARENESS................................................................12

Set the Tone from the Top
Ask the Right Questions
Establish a Risk Taxonomy
Provide Training and Development
Link Risk and Compensation

RISK MEASUREMENT...............................................................15

Losses
Incidents
Management Assessments
Risk Indicators

RISK CONTROL...................................................................................18

Selective Growth ot the Rusiness
Support Profitability
Control Downside Risks

RISK ANALYSIS AND THE SIMULATION APPROACH…..….22

CASE STUDY: THE PORT OF MOGADISCIO…………….....24

DEFINITION OF RISK ANALYSIS

Risk analysis is a technique to identify and assess factors that may jeopardize the success of a project or achieving a goal. This technique also helps to define preventive measures to reduce the probability of these factors from occurring and identify countermeasures to successfully deal with these constraints when they develop to avert possible negative effects on the competitiveness of the company.

One of the more popular methods to perform a risk analysis in the computer field is called Facilitated Risk Analysis Process (FRAP).

FACILITATED RISK ANALYSIS PROCESS

FRAP analyzes one system, application or segment of business processes at time.

FRAP assumes that additional efforts to develop precisely quantified risks are not cost effective because:

such estimates are time consuming
risk documentation becomes too voluminous for practical use
specific loss estimates are generally not needed to determine if controls are needed.

After identifying and categorizing risks, a team identifies the controls that could mitigate the risk. The decision for what controls are needed lies with the business manager. The team's conclusions as to what risks exists and what controls needed are documented along with a related action plan for control implementation.

Three of the most important risks a software company faces are: unexpected changes in revenue, unexpected changes in costs from those budgeted and the amount of specialization of the software planned. Risks that affect revenues can be: unanticipated competition, privacy, intellectual property right problems, and unit sales that are less than forecast. Unexpected development costs also create risk that can be in the form of more rework than anticipated, security holes, and privacy invasions.

Narrow specialization of software with a large amount of research and development expenditures can lead to both business and technological risks since specialization does not necessarily lead to lower unit costs of software. Combined with the decrease in the potential customer base, specialization risk can be significant for a software firm. After probabilities of scenarios have been calculated with risk analysis, the process of risk management can be applied to help manage the risk.

Methods like Applied Information Economics add to and improve on risk analysis methods by introducing procedures to adjust subjective probabilities, compute the value of additional information and to use the results in part of a larger portfolio management problem

CONCEPTS AND PROCESSES

Risks come in all shapes and sizes; risk professionals generally recognize three major types. Market risk is the risk that prices will move in a way that has negative consequences for a company; credit risk is the risk that a customer, counterparty, or supplier will fail to meet its obligations; and operational risk is the risk that people, processes, or systems will fail, or that an external event (e.g., earthquake, fire) will negatively impact the company.

Other types of risk also have been suggested. Business risk is the risk that future operating results may not meet expectations; organizational risk is the risk that arises from a badly designed organizational structure or lack of sufficient human resources. In general, risk managers would consider market risk and credit risk as financial risk, and group all other risks as part of operational risk.

And each of these broad risk types encompasses a host of individual risks. Credit risk, for example, includes everything from a borrower default to a supplier missing deadlines because of credit problems. Although there are commonalities and interdependencies between these risks, each ultimately requires specialized attention.

How can a manager with responsibility for enterprise-wide risk hope to stay on top of all these various risks? It is impractical to simply hire an expert for every risk—since risk is a part of every business decision, this approach would require a risk manager for every business manager.

A more practical solution is to make risk a part of every employee’s thinking and job responsibility. This has two advantages: first, no one is better placed to understand the risks of an activity better than those who specialize in that area; second, this approach means that risk is managed throughout the company.

However, this requires a substantial effort in training and education. Many staff, whether junior or senior, will not be familiar with risk management, and particularly not with quantitative forms of risk analysis. Although these quantitative analyses are often very important, they are not practical for every type of risk and fall under the remit of the corporate risk management function.

General employees therefore need to be taught to recognize and assess risks in ways that are relatively easy to understand. Fortunately, there are a number of key risk concepts that will apply to the risks of any kind of business and must be addressed by any effective risk management program.

RISK CONCEPTS

Not all of the risk concepts described in this section can be readily (or meaningfully) quantified, particularly if operational risks are involved. As we’ll see, however, they are nonetheless important in understanding the nature of risk in any organization and should form the basis of the questions that a risk manager asks when assessing risk. Let’s consider them in turn.

Exposure

What do I stand to lose? Generally speaking, the exposure is the maximum amount of damage that will be suffered if some event occurs. All other things being equal, the risk associated with that event will increase as the exposure increases. For example, a lender is exposed to the risk that a borrower will default. The more it lends to that borrower, the more exposed it is and the riskier its position with respect to that borrower. Exposure measurement is a hard science for some kinds of exposures—typically those that result in direct financial loss such as credit and market risk—but may be much more qualitative for others, such as reputational risk.

Volatility

How uncertain is the future? Volatility, loosely meaning the variability of potential outcomes, is a good proxy for risk in many applications. This is particularly true for those that are predominantly dependent on market factors, such as options pricing. Volatility also has broader applications for different types of risk.

Generally, the greater the volatility, the higher the risk. For example, the number of loans that turn bad is proportionately higher, on average, in the credit card business than in commercial real estate. Nonetheless, it is real estate lending that is widely considered to be riskier, because the loss rate is much more volatile. Companies can be much more certain about potential losses in the credit card business—and prepare for them better—than they can in the commercial real estate business.

Like exposure, volatility has a specific, quantifiable meaning in sorne areas of risk. In market risk, for example, it is synonymous with the standard deviation of returns and can be estimated in a number of ways. However, the general concept of uncertain outcomes also is useful in considering other types of risk: a spike in energy prices might increase a company’s input prices, for example, or an increase in the turnover rate of computer programmers might negatively affect a company’s technology initiatives.

Probability

How likely is it that some risky event will actually occur? The more likely the event is to occur—in other words, the higher the probability—the greater the risk. Certain events, such as interest rate movements or credit card defaults, are so likely that managers need to plan for them as a matter of course, and mitigation strategies should be an integral part of the business’s regular operations. Others, such as a fire at a computer center, are highly improbable, but can have a devastating impact. A fitting preparation for these is the development of backup facilities and contingency plans that will likely be used infrequently, if ever, but must work effectively if they are.

Severity

How bad might it get? Whereas exposure is typically defined in terms of the worst that could possibly happen, severity is the amount of damage that is actually likely to be suffered. The greater the severity, the higher the risk. Severity is the partner to probability: if we know how likely an event is to happen, and how much we are likely to suffer as a consequence, we have a pretty good idea of the risk we are running.

Severity wiil often be a function of other risk factors, such as volatility. For example, consider a $100 equity position. The exposure is $100, since the stock price could theoretically drop all the way to zero and all the money tied up in the stock could be lost. In reality, however, it is not likely to fall that far, so the severity is less than $100. The more volatile the stock, the more likely it is to fall a long way. The severity associated with this position is therefore greater, and the position more risky.

As with our other risk factors, this way of thinking also can be applied to risks that are less easy to quantify. Consider, for example, the succession process after a key employee leaves or retires. Given that a change in management must occur at some point in time, and that the succession of new management will generally have a significant and potentially disruptive impact on the organization, it is alarming that companies don’t plan more carefully for this risk.

Time Horizon

How long will I be exposed to the risk? The longer the duration of an exposure, the higher the risk. For example, extending a 10-year loan to the same borrower has a much greater probability of default than a 1-year loan. The time horizon also can be thought of as a measure of how long it takes (or, equivalently, how difficult it is) to reverse the effects of a decision or event.

The key issue for financial risk exposures is the liquidity of the positions affected by the decision or event. Positions in highly liquid instruments such as U.S. Treasury bonds can usually be reduced or eliminated in a short period of time, while positions in lightly traded securities or commodities such as unlisted equities, structured derivatives, or real estate take much longer to sell down. For operational risk exposures, the time horizon can be thought of as the time required for the company to recover from an event. A fire that burns a computer center to the ground will leave a company exposed during the time before backup facilities come online—much greater risk if such backup procedures are not well tested.

Companies usually have little control over the level of market liquidity, or over many of the events that lead to operational risks. However, they do have some control over their effects. Problems arise when companies do not recognize that a risk event has occurred, are not aware of the time horizon associated with that risk, and/or have not developed a contingency plan.

Correlation

How are the risks in my business related to each other? If two risks behave similarly—they increase for the same reasons, for example, or by the same amount—they are considered highly correlated. The greater the correlation, the higher the risk. Correlation is a key concept in risk diversification. Highly correlated risk exposures, such as loans to the same industry, investments in the same asset class, or operations within the same building, increase the level of risk concentrations within a business. Thus, the degree of risk diversification in a business is inversely related to the level of correlations within that business. With financial risks, diversification can be achieved through risk limits and portfolio allocation targets, both of which are designed to reduce risk concentrations. With operational risk, diversification can be achieved through separation of operational units or redundant systems.

Capital

How much capital should I set aside to cover unexpected losses? Companies hold capital for two primary reasons. The first is to meet cash requirements, such as the costs of investments and expenses. The second is to cover unexpected losses arising from risk exposures. The level of capital that management wants to set aside for risk is often called economic capital.

The overall level of economic capital required by a company will depend on the institution’s target financial strength (e.g., target credit rating). The more creditworthy the company wants to be, the more capital it will have to hold against a given level of risk. This is fairly intuitive: a credit rating (or the concept of creditworthiness in general) is an estimate of how likely a company is to fail. Clearly, it is less likely to fail if it has more capital to absorb any unexpected loss. So a company that wants a triple-A credit rating will have to hold far more capital against a certain set of risks than another company that has the same risks but is satisfied with a subinvestment grade rating, such as double-B.

The concept of economic capital also applies to the individual business units within a company. Those business units that run greater risks (and therefore stand more chance of losing money) will have to be allocated more economic capital if they are to comply with the firm’s overall target credit worthiness. The allocation of economic capital to business units has two important business benefits.

First, it links risk and return explicitly. Higher allocations of economic capital require business units that take more risks to compensate by generating greater profits. Second, economic capital allows the profitability of all business units to be compared on a consistent risk-adjusted basis. As a result, business activities that contribute to, or detract from, shareholder value can be identified easily, and so management has a powerful and objective tool to allocate economic capital to its most efficient users. In effect, this creates an “internal capital market” where good businesses will grow and bad businesses will die.

RISK PROCESSES

An appreciation of the risk concepts described above is the first step in a clearer understanding of risk. This understanding in turn supports the first step in any risk management process: risk awareness. The second step is to measure risk; the third, to control it. For all the quantitative sophistication that can be thrown at it, risk management is still ultimately carried out by people, and the three parts of a corporate risk management process can usefully be illustrated in terms of the ways that people manage risks in their evervday lives.

First, risk awareness. Most people think (at least a little!) about what they are currently doing and what they plan to do next; accidents happen when they misjudge an unfamiliar situation or fail to pay sufficient attention to a seemingly familiar one. People break legs when they first go skiing and cut their fingers when they drift off while chopping vegetables.

Companies obviously don’t think in this way, but they do need to use the collective intelligence of their management and staff to think through the risks consequent upon the company’s current and proposed activities. (Once again, we return to the need to anticipate and learn from mistakes). Promoting risk awareness should be the starting point for any risk management process. Half the battle is already won if people can be successfully encouraged to consider the risks involved in their activities, and to understand their roles and responsibilities in managing them. Mistakes can then be avoided or quickly corrected.

Awareness alone is not enough, however. It is one thing to know that a potential risk exists; it is another to know when it becomes a real threat and how serious it is. A person might see a distant threat (a car bearing down from a distance), or feel an immediate one (a tack in the foot). The scale and speed of his reaction will differ.

Similarly, a company must be able to recognize changes in its operating environment that signal potential risks and must also notice when a part of the company is unexpectedly afflicted by some event. That means effective transmission of information into and through the company, which in turn implies the need for efficient communications technology and clear, consistent reporting of risks (i.e., risk measurement).

Having identified and quantified the risk, a person must decide if any thing should be done about it (i.e., risk control). A person might control his risks in a number of different ways. He might ...

This is a preview of the whole essay

Having identified and quantified the risk, a person must decide if any thing should be done about it (i.e., risk control). A person might control his risks in a number of different ways. He might feel that a given risk is minor (the chance of being hit by a meteorite, for example) and continue about his business as usual. He might simply limit his potential risk—perhaps by capping the amount he is willing to bet on a spin of the roulette wheel. Aiternatively, he might actually take action in order to reduce a risk—to move out of the way of an oncoming car or pull the tack out of his foot. He might even pay someone more skilled to carry out a risky activity—electrical rewiring, for example—on his behalf.

Similarly, a company might recognize a potential risk but be content to do nothing about it; establish and enforce risk policies and limits; change strategic direction; make a tactical alteration to one of its business units; or transfer a specific risk through insurance or hedging.

Ultimately, the function of risk management, whether for an individual or for a company, is to ensure that the level of risk remains within some acceptable range, while ensuring that life or business continues to be as enjoyable as possible. It’s worth noting that different people have different appetites for risk—they are comfortable with different amounts of risk and with different types of risk. So are different companies, credit ratings and earnings volatility being key measures of these propensities.

It’s also worth noting that people don’t really think about a risk, then assess it and finally do something about it. In practice, people constantly reevaluate their situation in a way that involves continuous feedback between thoughts, senses, and actions. The same should be true for any company operating in the real world. A risk management process can only be effective to the extent that risk awareness, risk measurement, and risk control strategies are fully integrated. We’ll discuss these three components in the next sections.

RISK AWARENESS

Risk awareness is the starting point of any risk management process. The objective of promoting risk awareness is to ensure that everyone within a business is:

Proactively identifying the key risks for the company.
Seriously thinking about the consequences of the risks for which be or she is responsible.
Communicating up and down the organization those risks that warrant others’ attention.

In a risk-aware environment, most risk management issues should be address before they become bigger problems.

There are many organizational processes and initiatives that can promote risk awareness within a company. Five of the most successful are to set the tone from the top; ask the right questions; establish a risk taxonomy; provide training and education; and link compensation to risk. Let’s con sider these in turn.

Set the Tone from the Top

In risk managament, even more than other corporate initiatives, the involvement of senior management, and of the chief executive officer (CEO) in particular, is critical to success. The reason? Some aspects of risk management run counter to human nature. Although people are eager to talk about marketing or product successes, or even cost-saving opportunities, they are generally much less enthusiastic about discussing actual or potential losses, particularly those related to their businesses.

Overcoming this reluctance requires applied authority and power. The CEO must therefore be fully supportive of the risk management process, and “set the tone” not only through words, but also through actions. The CEO must first communicate that risk management is a top priority for the company at presentations, meetings, and in other forums. More importantly, the CEO must demonstrate his or her commitment through actions. Does the CEO actively participate in risk management meetings? Has the company allocated an appropriate budget to support risk management? Are senior risk executives involved in major corporate decisions? What happens when a top producer violates risk management policies? How the CEO and senior management respond to these questions will speak volumes on their true commitment to the risk management process.

Ask the Right Questions

It has been said that senior management may not always have the right answers, but it is their obligation to ask the right questions. So what are the key questions senior management should ask about risk? The acronym RISK—for Return, Immunization, Systems, and Knowledge—can help:

Return. Are we achieving an acceptable return on the risks we take? What kinds of risk exposures are being created if a business unit is growing or making money at an exceptional rate?
Immunization. What limits and controls do we have in place to minimize the downside?
Systems. Do we have the appropriate systems to track and measure risks?
Knowledge. Do we have the right people and skills for effective risk management?

Establish a Risk Taxonomy

We saw in the last section how efficient communication is a key requirement for the risk management process. One of the ways in which communication can be made efficient is by ensuring that people understand what each other mean—something that is not a given in the world of risk, where definitions are frequently poorly understood, open to interpretation, or extremely broad. That is, a company should strive to establish a common language for risk.

One important part of this effort should be to establish a taxonomy of risk—a common structure for describing the categories and subcategories of risks, as well as the tools, metrics, and strategies for risk management. A taxonomy is not only useful in talking about risks, but allows them to be both broken down into manageable components that can then be aggregated for exposure measurement and reporting purposes. This is not a one off process; it should be iterative and reflect the dynamic and changing nature of the business.

Provide Training and Development

Executives involved in establishing risk management programs often cite training and development as one of their major accomplishments. In addition to promoting risk awareness, training and development equip employees with the skills and tools they need to manage the risks for which they are responsible.

Risk education should start at orientation, with new employees being introduced to risk management concepts and briefed on the various risk functions within the company just as they are introduced to its other management philosophies and operational functions. It should also include ongoing training programs that are tailored to the skills required for the individual’s job responsibilities. These should tie the individual’s responsibilities to the risk management policies of the company—and to the thinking behind them. To put it another way, employees should understand the spirit as well as the letter of the law.

Link Risk and Compensation

People naturally pay the most attention to what their job accountabilities are and how their financial incentives are tied to their performance. Clearly, risk awareness can be most powerfully cultivated by making sure that employees understand that risk management is part of their job, and that their incentive compensation is linked to the business and risk performance at both the business and individual levels. It is important that these facts should be seen to be true for all employees. If there is a perception that the same ground rules don’t apply to all employees (particularly senior ones), others will soon stop paying attention or see the rules as something that can be circumvented in the pursuit of a career.

RISK MEASUREMENT

The axiom that you can’t manage what you can’t measure is largely true in risk management. Unfortunately, risk measurement and reporting remain a major challenge for many companies today. Most struggle with the constraints associated with data, analytics, and systems resources. Frequently, there is no good historical data on losses and other risk metrics, and an unfulfilled need to establish the internal discipline to report and capture important risk information. At the other extreme, some companies drown their senior managers in data, much of it irrelevant and impenetrable.

Whether or not a company has too much or too little risk data and reports, senior management and the board need appropriate risk information to support business and policy decisions. What should be included in an executive risk report? That partly depends on the nature of the business. However, there are certain key elements that should be a part of any executive risk report—losses, incidents, management assessments, and risk indicators. Let’s consider these in turn.

Losses

Losses arising from credit, market, and operational risks should be systematically captured in a loss database and summarized in the risk report. Although the loss database should account for losses at a detailed level, only overall levels of loss, and important trends, should be reported to senior management. The risk report should highlight specific losses above a threshold and total losses relative to revenue or volume. Businesses should also track actual losses against expected or budgeted levels.

Incidents

The risk report should report the major risk incidents for the period, regardless of whether these result in a financial loss or not. Risk incidents might include loss of a major customer account, policy violations, systems failures, frauds, lawsuits and so on. The potential impact, root causes, and business response to the major incidents should be reported. Any emerging trends or significant patterns in incidents also should be highlighted.

Management Assessments

While losses and incidents reflect risk performance after the fact, the risk report should also provide management’s advance assessment of potential risks. The risk concepts discussed earlier should underpin this assessment. This portion of the risk report should address questions such as: What keeps you up at night? What are your top 10 risks? What uncertainties might prevent the achievement of business objectives? These are different questions that should lead management to the same answers. Key risks might include new business or product launches, the absence of key staff, new technologies, and more.

Risk Indicators

The risk report also should include a section on the risk indicators that quantify major trends and risk exposures for the business. For example, these indicators might include credit exposures compared with credit limits in lending, or mark-to-market profit and loss as well as value for trading businesses. Operational risk indicators might include processing errors, customer complaints, systems availability, and unreconciled items. Risk/return metrics might include return on economic capital for businesses or the Shape ratio for investment portfolios.

It is important that the risk indicators include forward-looking measures that serve as “early warning signals.” For example, widening credit spreads are usually an early warning of higher default rates and decreasing market liquidity. Higher employee turnover may be a leading indicator of increasing operational risks, such as higher error rates and lower customer satisfaction. Such early warning indicators allow management to take preemptive action to mitigate potential risks. Although businesses may track dozens or hundreds of risk indicators, they should report only the few that warrant senior management attention.

The prototype report in Figure 3.1 shows the key elements that should be included in a risk report. In addition, it contains a self-correcting feature that should be a design requirement. That feature works as follows: losses and incidents are items that can be captured easily on a regular basis. Over time, however, management may notice that losses and incidents originate from risks that are not qualitatively discussed in the management assessment or quantitatively tracked in the risk indicators. It then has at least one of two problems that need to be addressed. Either the business or operational unit needs to refocus its risk measurement efforts, or they are not escalating important risk issues to corporate management. Such a self-correcting feature should improve the quality and candor of risk measurement and reporting on continuous basis.

RISK CONTROL

The risk management process does not stop at promoting risk awareness or measuring risk exposures. The ultimate objective is to optimize the risk/return of the business; or, to put it slightly differently, to effect real change in the risk profile of the company. There are three fundamental ways in which this can be done. The first is to support selective growth of the business; the second, to support profitability; the third, to control downside risks.

Selective Growth of the Business

Risk management has a role to play as part of a cross-functional team that supports business growth. The risk team should work with line management, marketing, legal, operations, and technology representatives to establish and maintain a review process for vetting new business strategies and ideas. This review process brings the right people together to discuss key issues at an early stage.

The review team should develop fair and objective criteria against which businesses and products will be evaluated, both at their outset and on an ongoing basis. This is not dissimilar to the way that many organizations handle individual risks. Banks, for example, compose lists of acceptable counterparties to speed up the approval process when a credit-sensitive transaction is proposed, and review outstanding transactions if the counterparty’s status changes in well-defined ways, such as a decline in credit rating.

A key lever by which management can optimize risk/return is by allocating corporate resources to business activities with the highest risk-adjusted returns, subject to the risk limits discussed below. A risk/return matrix (as shown in Figure 3.2) can be a powerful strategic planning tool. This matrix shows the level of risk, expressed in economic capital and the return on that capital, for each business unit and risk type, and can be used to determine:

Which business units are meeting or beating their hurdle rates of return on equity and thus contributing to shareholder value, and which business units are not?
Are the credit, market, and operational risk levels at the businesses consistent with our expectations for their business plans?
Do we have the right people and systems in place to manage these risk levels, both at corporate management and within the business units?
How should we reallocate corporate resources in order to optimize risk/return and maximize shareholder value?

Support Profitability

Risk management can improve the control of business profitability, as well as growth, by influencing pricing decisions. Put simply, the idea is that the price for any product or transaction should reflect the cost of its underlying risks as well as more traditional costs. The cost of risk would obviously be higher for riskier transactions.

For example, the pricing on a loan should include the expected annual boss and the cost of capital reserved against the loan, as well as funding and operational costs. In practice, commercial loans are often not fully priced, since banks frequently use lending to cement a customer relationship, not to generate profits as a standalone product. Risk-adjusted pricing can’t change that fact of business life, but it does ensure that the bank knows how much it should be making from the customer overall to make up for the low-margin loan. Risk-adjusted pricing has been applied throughout the financial services industry. Nonfinancial corporations have been slower to adopt it, but also can benefit. Net present value (NPV) or economic value added (EVA) techniques for evaluating new investments and business performance do not usually incorporate the full cost of risk. This is because these tools are usually based on book capital, which typically doesn’t fully capture expected loss, much less unexpected loss, and thus does not correspond to economic capital. The upshot is that NPV and EVA models are not sensitive to the underlying risks of the business. As such, they tend to overstate the profitability of high-risk businesses, and understate the profitability of low risk ones. Adjustments to incorporate the full cost of risk, or the use of economic capital instead of book capital, should greatly enhance the usefulness of these models.

Control Downside Risks

While risk management supports business growth and profitability, its mandate is to control downside risks. It is important to remember that downside risks, including losses and failures, are an integral part of doing business.

A drug company faces the risk of a significant loss in research and marketing costs every time it introduces a new drug. A bank faces the risk of default with every loan. Any company developing a product or system faces the risk of cost overruns, schedule delays, and eventual underperformance.

The point here is that business is all about taking risks, and that risk management should not seek to eliminate downside risks, but to control them within an acceptable range. The acceptable range, as suggested earlier, will reflect the company’s risk appetite, which is in turn determined by the human, financial, and technology resources available to manage the business and its associated risks. The risk appetite can be expressed in terms of the amount and likelihood of actual and potential loss; these are in turn controlled through stop-loss and sensitivity limits respectively.

Stop-loss limits control the amount of losses an institution can incur due to its risk positions. While stop-loss limits have been widely adopted in controlling market risk for trading houses, the same concept can be extended to other types of risk. For example, a stop-loss limit can be established for credit risk with actual credit losses being measured by the combination of charge-offs (i.e., realized bosses) and “mark-to-market” losses based on credit spreads (i.e., unrealized losses). For operational risks, management can control downside risk by setting limits on indicators such as error rates, systems downtime, and outstanding audit items.

When actual loss or performance hit one of these limits, it should trigger some management decision or action, including management reviews, hedging strategies, contingency plans, or exit strategies. Some companies even establish “warning” limits below the stop-loss limits, acting like the yellow signal before the red at the traffic light.

Sensitivity limits ensure that potential economic losses do not exceed management’s threshold levels. Sensitivity limits control the amount of capital an institution has at risk given various adverse economic scenarios and its risk positions. These sensitivity limits can be developed by taking extreme values of risk factors such as market volatility or by repeatedly simulating the evolution of the business and the environment over time.

The key use of sensitivity limits is in avoiding excessive concentrations of risk. If a risk position exceeds the sensitivity limit, management will know that the potential loss in that business may be greater than what they want to accept and they may cut back or otherwise mitigate that risk accordingly. The concepts of stop-loss and sensitivity limits are generally applied in market and credit risk management, but are closely analogous to the total quality management techniques used for operational risk management. Companies such as General Electric and AlliedSignal track actual and potential error rates against a “six-sigma” standard, and corrective actions are taken if performance falls below that threshold.

In addition to stop-loss and sensitivity limits, basic exposure limits (total credit exposure to emerging markets, say, or market exposure to technology stocks) can be established to control downside risks. However, setting risk limits is only part of the risk control process. If they are to be useful, information about limits (and particularly about violations of limits) must be reported efficiently to management, who must then act on this information decisively whenever necessary.

The appropriate frequency of reporting depends on both the nature of the business and on the audience. Companies trading in global capital markets or managing multi-site phone centers, for example, might need real-time risk monitoring for the business managers. Companies operating in less volatile conditions might need daily or weekly reporting. A monthly or quarterly interval should be appropriate for limit reports that go to senior management and the board.

Another is to understand which risks offset or exacerbate each other. Duration matching is a common risk management technique under which a financial institution matches the interest rate sensitivities of its assets and liabilities to make sure that their values change in the same way when interest rates change. Active portfolio management, which grew increasingly popular at financial institutions in the 1990s, is another technique that seeks to establish if a new risk will disproportionately increase or decrease the overall risk of a portfolio.

These internal management techniques are usually preferred because they are typically longer term and more cost effective than transferring risk to an external party. However, they take time to implement and can only alter a company’s risk profile up to a point. When time, resources, or fiexibility are scarce, risk transfer, through either derivatives or insurance, can provide timely and effective solutions.

All of these techniques can be applied to single risks. However, their true power emerges when they are used to manage a collection of risks in an integrated manner. We’ll see why that should be true in the next chapter.

RISK ANALYSIS AND THE SIMULATION APPROACH

Risk analysis is essentially a method of dealing with the problem of uncertainty. Uncertainty usually affects most of the variables which we combine to obtain a cost estimate, an economic rate of return or net present value, a financial return, or any of the other indicators which may be used to evaluate a project. Sometimes we deal with this uncertainty by combining values for all input variables, chosen in such a way that they yield a conservative estimate for the result of the analysis. In other cases we may select the best estimate value, that is, the value which we think is most likely to be achieved. Both these solutions imply a decision: the first to look at the project with a conservative eye, the second, to disregard the consequences of any variation around the best estimate value. Both can lead to biased decisions. For example, if we combine only conservative estimates of our variables, our final result is likely to be "overconservative." On the other hand, by using only best estimate values we fail to take into account that other values of the variables we combine might result in substantial variations in the final estimate; thus, by basing our decision on a single value of the decision variable, we may be taking more risk than we intend.

The purpose of risk analysis is to eliminate the need for restricting one's judgment to a single optimistic, pessimistic, or "best" evaluation, by carrying throughout the analysis a complete judgment on the possible range of each variable and on the likelihood of each value within this range. At each step of the analysis these judgments are combined at the same time as the variables themselves are combined. As a result, the product of the analysis is not just a single value of the decision variable, but a judgment on the possible range of the decision variable around this value, and a judgment on the likelihood of each value within this range.

These judgments take the form of probability distributions. That is to say, each possible value of each variable is associated with a number between 0 and 1, such that for each variable the sum of all these numbers, or probabilities, is equal to 1. These probabilities, which are called subjective probabilities because they represent some degree of subjective judgment, follow all the rules of traditional probability theory. From a mathematical point of view, risk analysis, therefore, consists of aggregating probabilities. Of the various ways in which this can be done, the only one we refer to in this paper, and the one which seems best fitted to risk analysis, is the Monte Carlo simulation technique.

The idea underlying the Monte Carlo technique is simple. When we say that a project has a 30 percent chance of earning a 10 percent return, we mean that if we had a great number of similar projects we would expect about 30 percent of them to earn a 10 percent return. Conversely, if we had a great number of projects and if 30 percent of them earn a 10 percent return, we could say that the probability of a 10 percent return is 30 percent. Hence the simplest application of the Monte Carlo technique is to build a great number of projects with the characteristics of the one we are interested in, and see how many of them earn 10 percent, 15 percent, 20 percent, etc. In practice, the value of each of the uncertain variables is chosen by random selection, and the rate of return or some other decision variable is computed for the project defined by these values. The process is repeated many times and the results are statistically analyzed. The only difficulty is in making sure that the distribution of the values of each of the input variables, as it emerges from the random selection, is consistent with the distribution for that variable chosen for the analysis. The technique will become clearer after description of the Mogadiscio.

A CASE STUDY

THE PORT OF MOGADISCIO:

The risk analysis used to appraise this project was the first to be undertaken in the IBRD. Initially, a conventional cost-benefit analysis was used to appraise the project. A Bank appraisal mission consisting of an engineer, a financial analyst and an economist, in 1967 visited the existing lighterage port at Mogadiscio, Somalia, which the project would have replaced with a two-berth, deep-water port. But the conventional analysis, based on information the mission gathered and on a consultant's report, ran into serious difficulties in its effort to assess the economic justification of the project using best estimates of the variables. A sensitivity analysis, undertaken at this stage to pinpoint the most crucial elements of the project, narrowed the sources of uncertainty to seven variables. It was then decided that a risk analysis using probability distributions would be a useful tool to deal with these uncertainties, though such a risk analysis had not been undertaken before in the Bank and had not been anticipated at the time of the mission's visit to Somalia. The Bank might nowadays carry out this risk analysis slightly differently, but the general approach is thought to be correct and the later modifications would not change the decision about the economic justification.

The Project's Background

The project included the construction of a breakwater, two berths, two transit sheds, storage area and office accommodations. No dredging was necessary since natural depth existed in the approach from the sea as well as at the site of the two proposed berths.

Traffic through the existing lighterage port of Mogadisco fort he period 1964 to 1966 averaged about 125,000 tons per year. It was expected that, in addition to generating some traffic, the conturuction of the new port would result in the diversion of about 85,000 tons per year of banans which were exported through the port mecra, about 50 miles south of Mogadisco.

Economic Jutisfication

The cost-benefit analaysis takes into consideration, on the cost side, the capital cost of Project and, an the benefit side, three types of Project savings(a)saving in cargo handling cost,(b)saving in reduction of damages, (c)saving in ship turnaround time. These savings are applied to the projection s of future traffic, broken down into the normal growth of traffic that might be expected without the port , generated traffic, and diverted traffic, (see below). The result of the analysis is an internal rate of return over the average life of the assets.

Cost of the Project

The cost of the Project has been estimated at $14.6 million. A cost break-down is roughly as follows:

Breakwater 43 percent

Berth an stortage area 25 percent

Engineering fees 8 percent

Auxilary Works 24 percent

The major single item is the breakwater. Among the auxiliary works, the biggest single item represents only 3 percent of the total cost.

Existing composition and the uncertain trends of traffic

Traffic through the port of the mogadisco consisted primarily of imported goods and metarials. İmports constituted, on the average, about 75 percent of total traffic at mogadisco, and the port handled over 54 percent of the country’s total imports. There was no large bulk traffic through the port. The largest single category of import traffic was cerel grains, which usually accounted for about 25 percent of total imports. Otherwise import traffic consisted of small consigments of manufactured goods, machinery and raw materials. For export, the main commodity handled during the previous six Years had been charcoa which until 1966 accounted for about 75 percent of total exports. The only other exports of individual importance were live animals, skin and hides. Traffic through the lighterage port at Mecra, south of Mogadisco, consisted almost entirely of banans for export.

Dry cargo traffic through the port of Mogadisco increased rapidly and fairly steadily from about 102,000 tons in 1960 to nearly 164,000tons in 1965, at an annual rate of 10 percent. But in 1966, total traffic fell to 110,000tons, almost to the 1960-61 level. Traffic since 1960 has been affected by a number of factors. The main reason why import tonnage doubled between 1960 and 1965 was the rapid growth of the population and of construction activities in the city of Mogadisco during its first year as the capital of the United Republic . In 1964 and 1965, imports increased considerably due to speculation against the imposition of strict import licensing to improve the balance of payments. Another factor in 1965 was a severe drought in 1964-65 which caused food grain imports to double. İn 1966 imports fell from 126,000 tons to 85,000 tons, as import restriction were imposed and inventories built up in 1964-65 were run down. Imports throug Mecra were small ; they increased from about 5,500 tons to about 8,000 tons over six years, or at an average rate of 5 percent per annum.

The export tonnages handled have varied from year to year with the fluctuations of the charcoal trade, which the Goverment had been attempting to end in order to retard land erosion. In June 1967 trade in chorcoal was made illegal. Acomparsion of average export tonnages (excluding charcoal) of the periodd 1964-1966 with the 1960-1966 average indicated a growth rate of nearly 7 percent per annum for the six years. The export of banans through Mecra increased from about 49,000 tons in 1960 to about 62,000 tons in 1964 and remained at about this level during 1965 and 1966. The growth of banana expor tonnage growth rateunderstated trade in bananas because improved packing techniques had reduced shippin by about 12 percent.

Future traffic projections

Normal tarffic. The foreseeable long-term need for restriction on imports and probable slowdown of economic growth in Mogadisco area implied modetare “best estimates” of future import tarffic. Imports were projected to grow at a rate of 3.5 percent per annum a base of 106,000 tons, the average of import tonnages oer the 1964-1966 period. Export of live animals, ides and skins should continue to grow fairly rapidly but at a much slower rate than in recent years, because these exports had already been expanded considerably and further increases were likely to be more difficult. Export tonnages (excluding charcoal) were projected to grow at the rate of 6 percent per annum from the 1964-1966.

Generated traffic. In wiew of the large unit savings to be achieved by construction a deepwater port at Mogadisco, a large portion of which could be passed on to the Somalian consumer and producer, considerable export and import traffic should be generated by proposed project. Taking price elasticity of demand fort his traffic as 0.08, generated traffic was astimated at 10,000 tons per annum by the third year of operations of the new port, increasing theafter at the average growth rate indicated above for normal traffic.

Diverted traffic. Once the new port was in operation, the banan exports and small importtonnages passing through Mecra would be diverted to mogadisco. The banana production potential of the Genale/Scialambot area in the Mecra hinterland, astimared at 100,000tons, was to be realized within five years, according to the current plants. The plan,however, was probably overly optimistic. The bana industry appeared to have fairly brigt future, but there were marketing problems which had not been meet because of protection in the İtalian market. Therfore it was assumed that banana export would buldu p from the !964-1966 average level of 61,000 tons to about 85,000 tons over the ten-year period 1967-1976.

Savings

Table 1 shows a year-by-year breakdown of the benefits from 1972 to 1978 based on the best estimate of each variable.

TABLE 1: Port of Mogadisco: estimated benefits on the basis of the best estimated of all the variables

Savings in Cargo Handling Cost. Lighterage is rather inefficient operation since it requires double handling of the caego. In addition, the transshipment between ship and lighter is hampered by the movements of both the ship and the lighter and is,therefore, much slower than loading or unloading on a protected quay. For the existing lighterage port the cargo handling costs --divided into a fixed and a variable component-- were taken at their actual value after some adjustments to eleminate costs resulting from rtedundant labor and faulty work methods. For rhe proposed port fixed and variable costs were computed from their components , which are essentially :

- for the variable costs : the number of men and the productivity of these men, i.e, the number of tons they can handle in an hour ;

- for the fixed costs : the costs of maintenance ( labor and materials) , administrative staff in warehouses and transit sheds.

Reduction in Damages. In the lighterage port, the necessity of handling the cargo twice, including one time at sea, means not only higher costs but high damages. Benefits resulting from a reduction of these damages have been computed on the basis of the proportion (P) of the forecast tonnage (T) which is expected to be saved through easier handling and of the value (Vc) of an average ton of cargo. Therefore, the resulting saving (Sd) is given by

Sd = P * Vc * T

Savings in Ship Turnaround Time. Savings were expected in ship turnaround time because the higher productivity of labor anticipayed in the new port implied faster loading and unloading and less ship time in port per ton of cargo. The savings formula essentially compares the observed number of ship-days required to move a given tonnage (T) of cargo of each type (general cargo , bananas) in the existing port, with the ship-days estimated to be required under trhe improved conditions to move the same tonnage, less an allowance for waiting time.The savings in ship-days are then put into monetary terms by multiplying them by the value of a ship working day (V8) The saving in turnaround time (ST) for tonnage T is :

Where Ps is the tonnage loaded or unloaded per ship day, observed in existing conditions , PL is estimated cargo handling rate per hour under the changed conditions and H is the number of hours to be worked per day. The estimate of turnaround time derived from handling capacity has to be adjusted for the expectation that some ships may have to wait. A simple Poisson queuing model gave this waiting time (W) as a function of the total tonnage. The waiting time has then been allotted to each type of traffic proportionally to the share of this traffic in the overall traffic.

Projected savings in all three categories were considered functions of the traffic handled through the port, which was estimated year by year from the projected growth rates described earlier. The traffic demand was assumed to be linear and consequently unit savings for generated traffic were taken as one half of the unit savings for normal traffic. In the case of diverted traffic the benefits have been reduced by the cost of an increase of about 25 miles in the land transport of bananas. The traffic taken for the computation of the benefits is the real traffic in the port up to the time when the economic capacity of the two berths will be reached. Thereafter all benefits stay constant except those resulting from a sudden reduction in ship turnaround time followed by a progressive increase again in ship waiting time. The economic capacity of the two berths was computed separately, using the queuning model referred to above.

Shortcomings of the Analysis

We did not feel much confidence in our results. To arrive at the final 12.2 percent economic rate of return, we had used best estimates for each variables, but on some occasions, we had been obliged to resort to awkward ways of finding them ( combining notions of both the mean and the mode, for haimum value, minumum value, and a value 10 percent above the best estimate. Table 2 shows the results we obtained for the economic rate of return. On the basis of this table, and a similar one for the financial rate of return, it appeared that the performance of the project was essentially explained by seven variables:

(1) cost of the project,

(2) productivity of labor,

(3) value of an average ton of cargo,

(4) percentage of the tonnage which would be saved through reduction in damages,

(5) rate of growth of imports,

(6) value of a ship working day, and

(7) the life of the assets.

Above, it was explained that in this analysis we varied only one variable at a time. However, we made exceptions to this rule in the case of variables whose variation would, in the real world, very probably be correlated. For example, when we varied the productivity of a general cargo gang, we varied at the same time the productivity of a banana gang. These two variables both depend on the efficiency of the organization of the new port, and on how efficient port operators the Somalis will turn out to be. Therefore, they are likely to be correlated. There is no reason, however, why their variations should be completely interdependent, since, for example, the productivity of the general cargo gang also depends on the degree of unitization of the cargo, a factor which is unlikely to affect the productivity of the banana gang. In assuming, as we did, that the variations of these two variables were fully correlated we may have somewhat overestimated the sensitivity of the final result to the productivity of labor.

We used a more rigorous way of handling correlation in estimates of the number of persons required in the various operations of the port. The estimates of the number of men in gangs, transit sheds, warehouses, etc., are subject to uncertainty not only as to the exact numbers of men required to operate the port in the most efficient way, but also as to the Port Authority's efficiency in eliminating the redundant labor presently employed in the port. The first uncertainty is likely to affect the variables independently of one another since overestimation of the number of men needed in a banana gang needs not necessarily imply overestimation of the number of men needed in a transit shed. The second uncertainty, on the contrary, is likely to affect all the variables in the same direction. If the Port Authority does not manage to eliminate redundant personnel, it is likely that this personnel will be distributed among the various services of the port and so increase the cost of all of them.

We resolved this difficulty by creating an artificial variable, which we called "unnecessary staff," and which represents all redundant labor in the port. Then, rather than testing the sensitivity of the actual number of persons presently employed in each of the various services of the port, we tested separately the sensitivity of the theoretically most efficient number of persons required in each one of these services and the sensitivity of all unnecessary staff for the whole port. In sum, we tried to test the importance not so much of a variable per se, but rather of various sources of uncertainty.

If, instead of isolating seven major sources of uncertainty, we had isolated only one, or eventually two, our task would have been completed. We could have concluded that if this determining variable were, say, less than a given value a, the project was very likely to be justified, and that if it were more than a, the project was very likely not to be justified. A simple evaluation of the likelihood that this variable was less than a would have been enough to five us an idea of the riskiness of the project. With two variables, our judgment would have been more difficult to put in words. We might, however, have been able to illustrate it with the help of a graph showing the limits within which the project would be justified.

But with seven variables, such a task is impossible. One can find an infinity of combinations of the variables for which the project is justified, and an Infinity of combinations for which it is not. Ironically, the more combinations •if variables one tries, the less clear the picture of the project becomes. The only way to obtain an overall, synthetic picture of the project is to proceed with a probability analysis.

Sensivity Analysis

The convential analysis had failed to give a satisfactory result using single best estimates. The most natural way to deal with this situation was to make a sensitivity analysis, in other words, to see what would happen if other values of the input data were substituted. Using the most unfavorable estimate for each variable, we obtained a 2 percent rate of return, which confirmed our suspicion that the project was risky. But how risky? Again, a natural approach to this question was to try to find out which variables were principally responsible for the variations of the rate of return.

For this purpose we examined each one of the 27 uncertain variables which appeared in our rate of return computations. We varied them, one at a time, holding all other variables at their best estimate value. We found the variations of the rate of return as the best estimate of each variable was replaced by the maximum value, minumum value, and a value 10 percent above the best estimate. Table 2 shows the results we obtained for the economic rate of return. On the basis of this table, and a similar one for the financial rate of return, it appeared that the performance of the project was essentially explained by seven variables:

(1) cost of the project,

(2) productivity of labor,

(3) value of an average ton of cargo,

(4) percentage of the tonnage which would be saved through reduction in damages,

(5) rate of growth of imports,

(6) value of a ship working day, and

(7) the life of the assets.

The problem of correlation is discussed further in Chapter ıv

Hut with seven variables, such a task is impossible. One can find an infinity of combinations of the variables for which the project is justified, and an Infinity of combinations for which it is not. Ironically, the more combinations •if variables one tries, the less clear the picture of the project becomes. The only way to obtain an overall, synthetic picture of the project is to proceed with a probability analysis.

Probability Analysis

The first step of this risk analysis is to assign to each variable a probability distribution. Since we had found out that the variation of the rate of return was essentially explained by the variations of seven variables, we limited our analysis to these seven variables. The distributions were based essentially on subjective judgment. This did not raise any difficulty in practice and did not take much time, since we had limited ourselves to a small number of variables. I ha distributions we obtained are shown in Figure 1. They were obtained in essentially two ways.

The three normal distributions that we adopted for the value of a ship winking day, the value of an average ton of cargo, and the percentage reduction in damages, and the chi-square distribution that we used for the cost of the project are the result of an approach which could be compared to the a portrait method used to identify suspects. On the basis of limited information a portrait is drawn and subsequently modified until the informant is satisfied with It, Similarly, on the basis of limited information obtained from the appraiser, we chose among classical probability distributions one which seemed Ml 111 the ease. We drew it, indicated the corresponding probabilities for vari- ous Intervals, and went back to the appraiser. He decided whether it was too skewed or whether an interval had too high a probability, and on the basis of this new Information we modified it. We repeated this process until the appraiser was satisfied with the distribution.

The distributions we used for the life of the assets, the growth rate of im-

Ports and the Productivity of labor, which we have called rectangular distributions, were obtained with the somewhat more active participation of the appraiser. Let us take forexample the case of the productivity of labor.The steps by which the appraisal team set up its distribution are illustrated in Figure 2.We first divided the total range of variation we had delineated in the sensitivity analysis(5-12 tons per gang-hour) into two intervals.

5-10 and 10-12, and tried to assign a probability to each one of them.For this we useda trial and error approach based on the engineer’s experience: 50%-50%, but 80%-20% dpes not seem to give enough; therefore , we tried 75%-25%. In other words, the appraisal team’s judgment was best expressed quantitatively by saying that the probability of exceeding 10 tons per gang-hour is only one-third of the probability of getting a lower productivity of labor.

In the second step, we choose to subdivide the 5-10 interval into 5-8 and 8-10.The following the same trial and error process we allocated a 30 percent probability to the 5-8 interval and 45 percent probability to the 8-10.The sum of these two probabilities is, of course, equal tothe 75 percent probability ofthe entire 5-10 range.In the third step we pushed this subdivision further and obtained the following distribution:

From 5 to 6 a 5 percent probability

From 6 to 7 a 10 percent probability

From 7 to 8 a 15 percent probability

From 8 to 9 a 22.5 percent probability

From 9 to 10 a 22.5 percent probability

From 10 to 11 a 15 percent probability

From 11 to 12 a 10 percent probability

Finally, in the fourth step we made some minor adjustments to give the distribution a final polish.For example, we found that compared to the probability of the 6-7 range, the probability of the 8-9 and 9-10 ranges was too low. We therefore raised them to 25 percent and decreased the 6-7 range probability to 8 percent, which in turn ledus to decrease the probability of the 5-6 range to 3 percent.Similar considerations for the 10-12 range led us to the final distribution in Figure 2.

This approach and the portrait method for choosing the other distributions include and iterative interaction between quantitative and qualitative judgement.On the basis of a qualitative judgement one attemps to produce tentative figures.These figuresin turn are translated back into qualitative judgement which is compared to the initial qualitative one.The figures are modified in light of the discrepancy, and the procedure is repeated until the qualitative judgement derived from the quantitative one fully agrees with the initial judgement.

The simulation

The simulation is by far the fastest and the easiest operation of the entire analysis.When, as in our case, computer help used,the computer can be

İnstructed to generate random values for each of parameters varied in the analysis, to compute the rates of return,to repeat the process until enough values are obtained (300 times in the present case) and then to give the observed distribution of the result.In this case the computer was also used to draw the curve in Figure 3. The simulationis, therefore, an operation which requires no outside intervention and takes only few minutes. Programming the computer to calculate rates of return is very simple; for random number generation, it is slightly more involved but still easily derived from the basic random number generators which exist in all computer libraries.

The results for the economic rate of return are summarized by the cumulative probability distribution in Figure 3.It has mean of 10.6 and standard deviation of 2.5.Along the x axis are rates of return and along the y axis the probability that these rates of return will not be exceeded.For example,we find that there is a 99 percent probability that the rate of return will exceed 5 percent,a 94 percent chance of it exceeding 7 percent, ans so on along

The curve until we reach a 2 percent chance of exceeding a 15 percent rate of return.The curve can alsı be used to determine the probability that the rate of return will fall within a given range: we take the difference along the ordinate of the two extreme points of the range.For example, we find there is about a 40 percent chance that the rate of return will be between 10 percent and 13 percent.The figure also shows that the probability of getting a return inferior to 12,2 percent, the rate of return we obtained in the conventional analysis using best estimates for each variable, is 70 percent, but the probability of getting more is only 30 percent.So at first glance, the results of this risk analysis seem to indicate that doubts about the likelihood of the 12,2 rate of return were fully justified.

But, unlike the sensitivity analysis, the probability analysis gives us a complete Picture of the Project and enables quantification of Project risk—not, of course, the “true” risk, but the risk as it appeared to the appraisal mission.The probability distribution of the rate of return summarizes this risk; one could say that it represents the complete judgment of the appraisal mission.

How to use this probability distribution in a scientific way could constitute an entire study on its own. In the absence of any such scientific criteria, we used the distribution in a very pragmatic way. We first saw that, while the sensitivity analysis had told us that the minimum rate of return was 2 percent, the chances of ever getting below 5 percent were so slim that it could be considered the minimum for all practical purposes. We then looked at the probability of getting less than 8 percent, since we thought 8 percent was a low but probably stil acceptable value of the opportunity cost of capital in Somalia, and found it to be about 15 percent.We thought that this was acceptable, when combined with the information that the Project had a beter than even chance of earning more than 10 percent and nearly a 20 percent chance of earning more than 13 percent.

Our judgment was therefore arrived at by combining consideration of what the Project could turn out to be at the extremes and the probabilities that this would happen, with a weighted estimation of how any unfavorable outcomes might be compensated by favorable ones.In this respect, the mean rate of return was particularly helpful.It indicated to us that on balance, we could expect the Project to yield an 11 percent rate of return ; we thought this was acceptable, especially since we did not have to fear any large variations around this value.On the basis of this simple analysis, we decided to recommend the Project for financing.

We felt particularly free to maket his recommendation because in presentin it, we were not just presenting our own difficult decision ; we were alse presenting to management all the information necessary to chech this reccomendation, and possible to overrule it. If we had indicated in our appraisal report only the 12,2 percent rate of return found in our best estimates calculation, the situation would have been quite different. The decision-maker would have been acting in the dark. In fact, it would not have been possible for anybody but the team of appraisers to evaluate the risk of the Project. We would have been recommending the financing of a Project earning a 12,2 percent rate of return after having already decided that the risk of the Project was acceptable – a dangerous mixing of analysis and decision-making.

Another important outcome of the risk analysis was that we found a way to reduce Project risk. We were led to this finding by the results of a second sensitivity analysis which we carried out, this time on the entire probability distribution of each variable. We found that the productivityof labor had a much higher sensitivity in the risk analysis than in the first sensitivity analysis because we were consideraing its entire variation rather than its value at a single point. This higher sensitivity means that if our judgment about the probability distribution of the productivity of labor is too optimistic. (i.e. in Figure 4, if the true distribution is B and not A), then the probability of having a rate of return inferior to 8 percent is no longer 15 but 30 percent (see also Figure 21). On the other hand, this assumption that the productivity of labor could be confined to the 9-10 tons per gang-hour rande yields the distribution in Figure 5 ; the risk of the Project has practically been eliminated. We therefore suggested that a consultant be engaged at an appropriate time to help organize cargo handling operations and that this be made part of the loan agreement.In this case, we were not only able to quantify the risk attached to the Project, but also to find a feasible way to reduce it.

The Usefulness of Risk Analysis

The major advantage of risk analysis is that it enables us to attack problems that we would otherwise avoid and to make decisions we would not otherwise feel competent to make. In cases like the Mogadiscio port project, where uncertainty is high, the appraisers would usually follow the procedure of calculating several rates of return under different assumptions, basing their overall decision about the project on these few calculations and their best judgment, and presenting that unique and final rate of return which most accurately reflects the sum total of their knowledge of the project. Without probability analysis, this is the best they can do: the best estimate technique confines thern to packing all the complexities of their understanding into a single number and then defending it as well as they can. With probability analysis, not only are the conclusions presented by the appraisers less limited, but the supporting material has all been quantified in easily comprehensible, standardized form. This means that, whereas previously it might have been recognized that some further information was needed in a particular area, with this kind of presentation it is usually possible to specify what kind of information is needed and how much difference it will make—that is, problems can be attacked which might otherwise have had to be passed over.

Special Advantages: Four Cases in which Risk is a Major Factor

Among the projects to which we have applied risk analysis there seem to be four distinct kinds of problems in which uncertainty plays an important role: whether to undertake a marginal project, how to handle a project with unusual uncertainties, how to settle on the best combination of specifications in a single project, and how to identify a project with only minimal information.

1. Marginal Projects. For some projects, like Mogadiscio port or the tele-communications project, the rate of return computed on the basis of the best estimate for each variable is very close to the estimated opportunity cost of capital. Then normal kinds of uncertainties about the value of the input variables are enough to turn a satisfactory rate of return into an unsatisfactory one. The decision to accept such a project implies judgments on the likelihood that the project will earn a satisfactory rate of return nonetheless and on the extreme ranges of possible results.

2. Unusual Uncertainties. For other projects like the Tanzam highway, despite a satisfactory rate of return based on the best estimate of each variable (say 13 percent to 18 percent), the uncertainty on some of the variables is so great that there is a distinct possibility that the project may not earn a satisfactory return. This kind of uncertainty is built into the project and cannot be eliminated or even reduced by any amount of additional study.

3. Optimization of Project Specifications. In many cases, the overall justification of the project has already been established at the identification or preappraisal stage. But the analysis of design standards, project timing, project phasing, and project size can only be done at the appraisal stage, and such analyses may lead to saving millions of dollars in project cost, as the Tanzam highway case has suggested. Specification analysis is basic to most Bank project work. In both the Great East Road case and the Mogadiscio case there were problems of timing and scale, though we have not described them explicitly here. Choice among atternatives on such specific issues is made particularly difficult by uncertainty.

In the choice between alternatives A and B shown in Figure 24, for example, uncertainty about data is not critical to the decision whether to go ahead with the project, for either alternative wili return an adequate yield. But it may still be critical to the choice between alternatives.

In the neighborhood of S* alternative A should be preferred to alternative B because it would yield a much higher return. On the other hand, in the neighborhood of S**, B should be preferred to A. The choice between A and B will therefore involve some estimation of the probability distribution of S, and if this choice also involves other uncertain variables it will very likely require a probability analysis.

4. Project Identification. The best example of project identification among our four example is the Great East Road (Chapter V). Here no detailed study had been made; only rough data estimates were available. Yet a decision had to be made to go ahead with the project, to postpone it, or discard it. The uncertainty is less elusive than that associated with marginal projects, since most of it could be eliminated through study. However, studies are expensive, take time, and even the decision to undertake a study requires careful analysis and involves a judgment on the possible outcome of the study.

The frequency of such cases

It is for these four classes of problems that risk analysis seems best designed. They seem also to represent the essential cases in which uncertainty has to be dealt with in one way or another. The first two classes, marginal projects and projects with unusual uncertainties, while they are not frequent, particulariy among transportation projects, often raise critical issues because they involve important decisions. The third case (optimization) is much more frequent but less critical because in practice it is easy to bypass the issue by falling back on rules-of-thumb. It is hard enough to conceive a workable project under the usual uncertainties without also trying to optimize. But if, as our experiences suggest, risk analysis provides an efficient tool to handle the difficulties of optimization under uncertainty, we may be able to do it more often. Finally, in project identification, risk analysis can increase the scope for action. The more sophisticated project planning becomes, the longer in advance decisions must be made and the more elements—all uncertain—intervene in these decisions. The present need to improve decision-making processes at the identification stage may be reflected in the present overwhelming number of project studies. In turn, more and better decisions at the project identification stage should have the effect of decreasing the number of studies and focusing them on the most important issues.

Risk analysis might well find its major application in the optimization field. Consequently it may become a tool for the consultants even more than for the Bank. Once a project has been fully designed, it is often too late to optimize, but if, at the Bank’s request, the optimization were to be made by the consultants or by the project designer, many improvements could probably be achieved at that stage.

General Advantages

Risk analysis requires only one set of computations, either by mental calculation or by computer, to obtain a complete picture of the project. To obtain a similarly adequate picture of the project using the conventional method and the identical computational aids, one must repeat the entire computational process at least once. Therefore, even though a single rate of return can be calculated more quickly by the conventional method, in practice appraisers at the Bank seldom stop at the first rate of return obtained by conventional analysis. The flnal range of alternatives from which a decision is made can be calculated more quickly by using risk analysis. In the case of the Great East Road in Zambia, we obtained a result from the risk analysis no later than three days after the return of the mission from the field. By the usual Bank method, it would probably have taken two full working days to figure out the traffic, the cost of the project, the savings in vehicle operating cost, the savings in maintenance cost and, finally, the rate of return. Then we would have found that this rate of return was too low and did not correspond to the opinion we had of the project. We would then have repeated the operation, changing the value used for, say, the traffic level, savings in vehicle operating cost, or the cost of the project. In this particular case, it would have been easy to pick second and third values just as good as our first, because of the great uncertainty about most of the variables. This unsystematic sensitivity analysis might have required another two to five days. In the same time, using risk analysis, the final report on the project was already finished. In addition, it took only about one programmer-hour to rerun the program six months after the original decision, when we received new information on the cost estimate. With faster computer turnaround time, the time to get the computer results could be reduced from three days to one day, which is the time it takes the programmer to prepare the probability part of the computer program.

Clarity of presentation

Another benefit of risk analysis is that it results in greater report clarity and thereby permits more people to make useful contributions to project appraisals. Our appraisal reports give the values of the elements used in the evaluation of a project. However, they very seldom give the judgment lying behind these values and when they do, it is always in qualitative form. As a consequence it is very difficult for anyone to discuss these judgments, and comments often focus more on the presentation than on the substance of a report. In some cases, a high degree of technicality creates a natural barrier to wide discussion. But often, as with the Tanzam highway, a discussion of the assumptions is both possible and desirable.

This transparency of the analysis, while serving to make discussion more effective, also seems to facilitate the adoption of recommendations. However, our experience is limited and it would be interesting to investigate this point further, in particular in connection with negotiations relating to technical questions.

Convenience

Because of its compactness, a probability distribution not only communicates information well, but also is very convenient to work with. It was surprising to find that after even a very little experience with risk analysis, it became easier and more natural to express a judgment in probabilistic terms than in terms of a best estimate or, indeed, of any other kind of estimate. W found that an expert consultant may be unwilling to commit himself to a single cost estimate before the completion of his study, but he may quite readily proffer a range of cost estimates and a full probability distribution over that range.

Rigor in analysis

Risk analysis both demands and permits the use of greater rigor in analysis. Risk analysis demands more rigor simply because it is a more systematic method. It permits more rigor than the single-estimate approach because even in a simple analysis it allows for more than one course of action. Paradoxically, it is always easier to be rigorous than to approximate.

Present Worth versus Rates of Return

In concluding this chapter it may be suggested that, for the purposes of risk analysis, in many cases present worth may be a better criterion than the internal rate of return. One difficulty in decision-making is the estimation of the opportunity cost of capital. This is of ten cited in the Bank as an argument in favor of using an internal rate of return rather than a present value. We need not know the opportunity cost of capital to compute the internal rate of return; it is used only at the last stage to decide whether the calculated rate of return is acceptable or not. Since in practice the rates of return obtained are often higher than the highest likely value of the opportunity cost of capital, the need to calculate the latter in detail does not then arise. However, if risk analysis is to be applied to marginal projects or to marginal components of a project, the decision as to the acceptability of the project will no longer be so obvious. Mogadiscio’s port project, for example, implies the comparison of an internal rate of return, varying over a wide range, to an estimated opportunity cost of capital, also varying over a wide range. This is not easy. Under these circumstances it seems possible to consider the opportunity cost of capital as an uncertain variable similar in all respects to the other variables of our analysis, and to use a present worth approach. The probability of failure of the project would thus simply appear as the probability that the project has negative net present worth, and the decision as to its acceptability would be made very simple.

Summary and Conclusions

The overall conclusions are numerous, and many are, of course, still tentative. They can be summarized in the following four points:

(a) Risk analysis is a powerful technique which permits the use of a great deal of information which would otherwise be lost. It enables us to handle uncertainty not only about the viability of a marginal project, but also about the most appropriate design or phasing or size of a clearly acceptable project.

(b) Perhaps even more importantly, the entire framework of risk analysis provides a highly efficient medium of communication, a focus for evaluation and discussion, whether between one person and his superior, among the various members of a team, or possibly (looking toward the future) between consultants and the Bank or a borrower and the Bank.

(c) Risk analysis is in no sense a technique which replaces skilled judgment. On the contrary, it often requires the use of far more judgment than the traditional analysis. The technique cannot provide correct answers on the basis of false assumptions.

(d) Despite the method’s value, the treatment of correlations between variables remains a major problem. It is clear that results can be completely misleading if these correlations are not properly handled. This danger is not merely theoretical; there is apparently a systematic tendency to overlook correlations. It follows that risk analysis should be undertaken only with great caution.

References

1 Alexander H. McFarlane, “Lectures on the Corporation in Contemporary Society,” reprinted with the permission of Encore magazine (1965). Taken from The Conference Board Record (February 1965), “The Search for Purpose,” an article based on a speech delivered in 1965 as the first of a series of annual addresses at Tufts University.

2 Walter A. Kleinschrod, “The Trend to Administrative Risk Taking,” Administrative Management, Andrew Geyer McAllister, Inc. (July 1965).

3 James R. Bright, Harvard Business School Executive Letter (July 1967).

4 Rodney H. Brody, “Computers in Top-Level Decision Making,” Harvard Business Review (July—August 1967).

5 W. Senders, “Human Performance,” International Science and Technology (July 1966), pp. 56—68.

6 Frederick A. Muckler and Richard W. Obermayer, “The Human Operator,” International Science and Technology (July 1964), p. 56.

7 Lynde C. Steckle, The Man in Management (New York: Harper&Bros., 1958), p. 67.

8 Mark Spade, How to Run a Bassoon Factory or Business Explained and Business for Pleasure (London: Hamish Hamilton, 1950), pp. 15—16.

9 F. C. Mills, Statistical Methods (New York: Henry Holt&Co., 1924).

10 John McDonald, Strategy in Poker, Business and War (New

York: W. W. Norton Co., Inc., 1950).

11 Melvin Ashen, “Managerial Decisions,” in John T. Dunlop, ed., Automation and Technological Change (New York: Prentice Hall, Inc., 1962), pp. 66—83.

12 Peter F. Drucker, The New Society (New York: Harper&Bros., 1949).

13 Louis Y. Pouliquen, Risk Analysis in Project Appraisal