Is Risk Assessment Getting More Difficult?

Stephen DeAngelis

September 27, 2011

Despite access to more information and significant increases in available computing power, Carol Matlack concludes, “As the global economy gets more connected, it has become harder for insurers like Munich Re to determine risk.” [“How Munich Re Assesses Risk,” Bloomberg BusinessWeek, 2 December 2010] Munich Re is one of the world’s largest reinsurers. Simply stated, a reinsurer assumes the insurance written by another company. This allows the original insurance company to issue higher limit policies because some of that risk is now transferred to the reinsurer. How an insurance company assesses risks should be of interest to supply chain professionals since many of the risks being assessed could cause supply chain disruptions. The Munich Re website claims that the company’s “recipe for success is to anticipate risks and deliver needs-based solutions.” It continues:

“Reinsurance ‘off the peg’ is simply not enough in these days of new and changing markets with ever more complex risks that are becoming increasingly difficult to calculate. … We consistently expand and enhance our risk competence through our global network and exchange of knowledge with selected cooperation partners. This is how we produce solutions that are both forward-looking and sustainable. Solutions for tomorrow’s world.”

Obviously, for Munich Re to remain a profitable company, it has to have a pretty good idea of the risks against which people and organizations are insuring themselves. As Matlack writes, Munich Re’s reinsurance business provides the “company an unparalleled view of just about everything that could go wrong in the world.” She also admits that “figuring out where and why those things might happen is getting a lot more complicated.” In preparation for her article, Matlack interviewed Munich Re’s chief risk officer, Joachim Oechslin. He told her, “The most significant changes in risk management have taken place in the past 7 to 10 years.” Matlack continues:

“‘Today it’s not only about data gathering’—using geological records, say, to predict the likelihood of a volcanic eruption—’but trying to figure out the relationship of things,’ such as how an event like the Iceland volcano can ripple through a supply chain. While Munich Re specialists are studying the eruption, they say they still lack the tools to accurately predict the chain of damages unleashed by such a disaster. … Munich Re specialists pore over data to help them calculate the likelihood of a dizzying array of mishaps. They know the probability that Los Angeles will suffer a major earthquake in the next three decades (it’s 97 percent) and the odds that a 60-year-old American man will die from a heart attack by age 70 (3.2 percent if he doesn’t smoke, and 8.4 percent if he does). They search for patterns in data from past accidents, learning, for instance, that boats are most likely to spring leaks during the early months of an economic upswing. The reason: During downturns, vessels are often placed in dry-dock, where wood shrinks as its dries, leaving gaps where water can enter when the boat returns to service.”

Risk managers for companies that could be crippled by a supply chain disruption must do the same kind of homework being done by Munich Re analysts. Obviously, their efforts need to be focused on the risks associated with their particular business. Matlack continues:

“Increasingly, Munich Re is focusing on what it calls emerging risks: subtle, often seemingly innocuous trends that could carry the seeds of disaster—everything from rising prices at art auctions (which can increase theft) to the widespread installation of rooftop photovoltaic panels (a fire risk). … Munich Re learned the hard way about the need for more sophisticated risk controls. A decade ago, it had invested about 20 percent of its capital in equities. … After markets worldwide tanked in 2002, the company booked an unprecedented $492 million loss for 2003. Since then, Munich Re has greatly diversified its investments, with less than 3 percent in equities. … One of the new risks Munich Re is tracking is climate change. The company has the world’s most comprehensive database on natural disasters, with information going back centuries. It shows that the frequency of serious floods worldwide has more than tripled since 1980, while hurricanes and other severe windstorms have doubled. ‘Global warming is real, and it affects our business,’ says Peter Hoppe, who heads the company’s climate-change research. Munich Re has become a leading advocate for renewable-energy development, even joining a venture that plans to generate solar power in the Sahara and ship it under the Mediterranean to Europe.”

Munich Re obviously has no ideological position when it comes to climate change — it only has the bottom line to worry about. And the bottom line doesn’t look too good when it comes to paying out claims for weather-related damages caused by climate change. Matlack continues:

“Other Munich Re specialists try to understand human risk-taking behavior. Rainer Sachs, who heads the company’s emerging risks research unit, spends his days pondering such head-scratchers as the fact that, while traffic deaths have dropped sharply in recent years, the rate of serious injuries from accidents has not. His conclusion, buttressed by studies of driver behavior in several countries: With airbags and other safety features, drivers take more risks because they believe their cars are safer. ‘Everyone has his own risk thermostat,’ he says. ‘We introduce risk-mitigation devices that are supposed to make life safer—and then we change our behavior to make life more interesting.’ Those insights could help Munich Re develop computer models to predict the likelihood of accidents in a wide range of settings, including financial markets. … Other human behaviors defy prediction. Terrorism, for one. While insurers can draw conclusions by studying the actions of groups of people, ‘You cannot model the decision-making of small numbers of individuals,’ says Heike Trilovszky, Munich Re’s corporate underwriting chief. ‘We’re convinced that terrorism is not insurable.'”

Munich Re obviously has to take a holistic approach to risk management. Companies need to do the same. Jordan Kass, Executive Director of C.H. Robinson’s Managed TMS Service, claims that “overly optimistic projections” and historical extrapolation discount the magnitude of potential risks. [“Lessons From Japan,” TMC connect, 8 April 2011] He writes:

“Whether we are forecasting product demand or trying to anticipate movements in fuel prices or freight rates, there is a tendency to use past experience as a guide to future behavior. We have seen time and again that this approach is flawed, particularly as supply chains and the businesses they support have become much more complex. Maybe a better approach is to use scenario planning to prepare for future disruptions. Companies such as Shell have been using this method for a number of years, and some very interesting supply chain applications have been developed by Dr. Mahender Singh at the MIT Center for Transportation & Logistics. The basic premise of Singh’s approach is that instead of seeing the future as a single, backward-looking, linear path that starts in the past or the present, companies need to consider many possible paths. This is accomplished by creating multiple scenarios based on plausible future worlds, and brainstorming the implications of each scenario. The results are used to develop risk management strategies that prepare the company for various outcomes. Simulating possible outcomes through scenario planning reveals both the kinds of uncertainty that companies face and potential courses of action. The scenarios can be constructed to explore particular business issues and environments or they can be more generic in nature.”

In other words, Kass recommends that companies follow Munich Re’s lead — concentrate most of your efforts on the future rather than the past. Robert J. Bowman, Editor of SupplyChainBrain, writes, “Let’s assume that you’re a supply-chain manager who has finally awakened to the need for a real risk-management strategy. Where do you start?” [“Another Disaster, Another Supply-Chain Disruption. Will We Ever Learn?” 11 April 2010] Jim Lawton, president and general manager of D&B Supply Management Solutions, told Bowman that “fewer than 10 percent of the companies he deals with have contingency plans in place to cope with a major supply-chain disruption.” Bowman continues:

“Lawton says companies need to get a detailed picture of their supply chains, well beyond the Tier 1 suppliers with whom they deal directly. If some subassembler relies on Japanese-made microchips, you need to know that. The answer will determine how you distribute your global supply base. Sole-sourcing can be an effective means of holding down procurement costs and gaining maximum leverage with suppliers. But it also exposes you to a huge amount of risk, warns Lawton. Wherever possible, it’s a good idea to funnel some work to an alternative vendor on a regular basis. If Supplier A encounters a disruption, you’re in line ahead of all those other companies that are banging on Supplier B’s door for emergency parts. ‘Most of the time,’ says Lawton, ‘100 percent of a strategy is the wrong thing. A more nuanced implementation is the one that ultimately makes sense.'”

That’s just another way of saying: don’t put all your eggs in one basket. What Lawton doesn’t address is going beyond getting a “detailed picture” of supply chains to getting a better understanding what risks could disrupt that picture. Bowman continues:

“Paul Martyn, vice president of global marketing with BravoSolution, can[not] understand why so many companies have yet to devise a risk-management plan. ‘How do you plan for something you can’t foresee?’ he asks. To that question I would add: How do you sell top management on a costly effort that only proves its worth when nothing bad happens? In the end, it’s all about supply-chain agility. By all means, diversify your supplier base wherever possible. Think about shifting some production out of Asia entirely, and closer to home. But rather than painstakingly prepare for some specific event, which is seldom the one that actually happens, a company might be better off creating an organization that can react quickly to whatever happens. That means knowing precisely which individuals are responsible for executing an emergency-response plan, and equipping them in advance with the tools necessary to do the job. At the same time, companies need to question the conventional wisdom around concepts such as just-in-time manufacturing and lean inventories.”

The purpose of “what if” scenarios and simulations is not to prophesy what events will occur but to explore possibilities and figure out how your company would respond if disaster did strike. Participation in such activities makes leadership teams better prepared to respond “to whatever happens.” Like any skill, those skills associated with crisis response and disaster mitigation need to be occasionally exercised. Bowman concludes:

“Assuming, of course, that businesses really are ready to learn their lesson about the need to prepare for disruptions of any kind. ‘Supply-chain risk mitigation is an ongoing process,’ says [Sundar Kamakshisundaram, senior manager of solutions marketing with Ariba]. ‘It’s not a one-time thing. It needs to be part of the DNA of the business.’ Don’t forget it.”

So to answer the question posed in the title of this post — Is risk assessment getting more difficult? — the answer is yes. The world is getting more complicated. Historical patterns of natural disasters are being disrupted. Extended supply chains that cross borders and cultures make things more complex. Yet Munich Re’s success in recent years, including coming through the Great Recession in good shape, demonstrates that understanding risks and planning for them can have a significant payoff.