Compliance Risk Management – Risk analysis (part 3) RISK-ACADEMY Blog

Step 3. Determine the range of consequences for each scenario

In order to quantitatively assess compliance risks the next step involves defining the possible range of values for each consequence scenario. Typical consequences can involve the following factors:

Consequence scenario	Range of consequences
A. Small fine for violation, for example a fine for three days of water pollution	Analysis of legislation in terms of violation of the quality of the spillway Analysis of the structure of the drainage system of the entity Analysis of the volatility of the discharge indicators for supervisory and internal inspections of water quality. Statistics of court decisions (sanctions) in similar cases
B. Moderate fine calculated cumulatively for the year using extrapolation of supervisory audit results
C. Large fine calculated cumulatively for the three years using extrapolation of supervisory audit results
D. Suspension of business	Statistics of business suspensions adjusted for our company Calculate the cost of a plant’s downtime per day multiplied by the range of days
E. Criminal prosecution of company management	Expert legal assessment of the cost of legal defense and possible reputational losses due to criminal prosecution or disqualification of management.

Depending on the availability and reliability of the data various severity distributions can be used (only examples, relax, could be others):

Lognormal distribution – where the range of consequences is not bounded and there is a small probability of catastrophic losses.
PERT distribution – for simulating consequences based on expert opinions where historical data may not be available or the range of consequences is bounded by regulation.
Discrete distribution – for simulating a select number of well defined scenarios.
Fitted distributions – wherever historical data is available it can be used to fit a distribution suitable for the specific loss profile.

For each consequence scenario a distribution is selected and the range of possible values are determined, for example minimum, expected loss and maximum loss.