Why the term Black Swan is used so often in risk management because the risk managers feel the need to separately call out extreme impact events, regardless of probability and they pose an existential threat to a firm.
Black Swan Definition
The most common definition of a Black Swan is: an event in which the probability of occurrence is low, but the impact is high. A contemporary example is impact of coronavirus pandemic which the world is currently facing. In these, and similar events, the impact is so extreme, risk managers have felt the need to classify these events separately to tell decision makers not to get into a false sense of security because the annualized risk is low. This is where the office-talk term “Black Swan” was born. It is an attempt to assign a special classification to these types of unforeseen risks.
Black Swan is an outlier, because nothing in the past can convincingly point to its possibility. Second, it carries an extreme ‘impact’. Third, in spite of its outlier status, human nature makes us create explanations for its occurrence after the fact, making it predictable.”
It’s become a generally accepted word to describe low probability, high impact events.
Tools to describe circumstances around low probability, high impact events.
Risk managers use the term ‘Black Swan’ because they need to communicate they need a tool to draw attention to those extreme unforeseen risks that could outright end a company. There may be something that can be done to reduce the impact (e.g. diversification, Business continuity plan, preparation for pandemic, backups, etc.) or perhaps nothing can be done (e.g. market or economic conditions that cause company or sector failure). Nevertheless, risk managers would be remiss to not point this out.
Risk conditions go beyond simply calling out low probability, high impact events. They specifically deal with low probability, high impact events that do not have any or have weak mitigating controls. Categorizing it this way makes sense when communicating risk. Extreme unforeseen risks with no mitigating controls may get lost in annualized risk aggregation.
There are two types of risk conditions:
Unstable Risk Condition: Describe a situation in which the probability of a loss event is low and there are no mitigating controls in place.
Fragile Risk Condition: Very similar to an unstable risk condition, the distinction is that there is one control in place to reduce the threat event frequency.
Risk Managers, who provide risk management services, need tools to help business leaders to conceptualize actual risk. Risk conditions describe these types of events and the unique risks they pose with greater clarity and without outdated, often misused metaphors.
Business Continuity Plan
A Business Continuity Plan (BCP) is a process that defines the potential impact of disaster situations, defines policies to respond to them and helps businesses to recover so that they can function as usual. A BCP is generally formulated in advance for the disaster and involves the company’s key managerial personnel. The main goal of a BCP is to protect personnel and assets, both during and after the disaster.
Business continuity plans are difficult and differ from organization to organization. Here are some examples of what a BCP may include:
- Policy, purpose, and scope business continuity plan
- Goals and objectives of the organization
- Key roles and responsibilities of managerial personnel
- Risk mitigation plans for risk identified
- List of tasks required to keep operations flowing
- Explanation of where to go during an emergency
- Data backups protocols
- Plan maintenance protocols
- Coordination with local government bodies
- Contact information of key management personnel
Business continuity plans are an important part of any business. Disasters can lead to a loss in revenue and higher costs, which in turn can affect profitability. Businesses can’t always rely on insurance alone, as insurance doesn’t always cover every cost associated with the incident.
A BCP can also benefit a business in these two ways:
- The business will feel more prepared to handle the unforeseen.
- The business will have a plan to continue providing critical service after unfolding of the disaster.
To download the pdf file of the above post, please click on the download button below.
ABOUT US
DPNC Global LLP is a full service consulting firm providing multi-disciplinary services to clients ranging from MNCs, Indian Corporates from across industries to Family Offices and UHNIs, both in and outside India.
Our Risk Advisory Services (RAS) team offers solutions to help organizations and their management to effectively balance risk management, governance and compliance while moving towards their short-term and long-term strategic goals. Our team comprises a group of qualified and experienced professionals with in-depth knowledge and specialization in risk advisory services including for conducting Internal Audits, developing Standard Operating Procedures etc. We leverage our knowledge of industry best practices and domains across organizations of all sizes and sectors to streamline and develop systems, processes & solutions that are tailored to be suitable for our clients. To know more about our services in Risk Advisory Services, visit https://dpncglobal.com/risk-advisory/
Disclaimer: The information contained herein is in summary form and is based on information available in public domain. While the information is believed to be accurate to the best of our knowledge, we do not make any representations or warranties, express or implied, as to the accuracy or completeness of such information. This document is not an offer, invitation, advice or solicitation of any kind. We accept no responsibility for any errors it may contain or for any loss, howsoever caused or sustained, by the person who relies on it.