Compliance Risk Management – Risk analysis (part 4)

Step 4. Allocate weights to each scenario

In order to determine the weight allocated to each consequence scenario of events triggered by compliance risk, historical data, modelling, as well as expert opinions, can all be used, individually or in combination.

Weight of each scenario can involve the following factors:

  • the range of laws, along with enforcement practices and conventions by the relevant regulatory authorities;
  • the improvement of, and compliance with, the existing framework for the management of legal risk, including strategies, governance, internal rules and policies;
  • employees’ and contractors’ demonstrated compliance with laws, and the rules and policies of the organization;
  • the frequency and number of activities related to legal risk occurring within a certain period;
  • failure to record, analyse and learn from previous events;
  • benchmarking the frequency and number of activities related to legal risk occurring within a certain period against other organizations.

Wherever possible historical data on each of the consequence scenarios is collected. When no historical data is available or no claims have been made against the company in the past, we use Bayesian statistics to estimate the weights for the scenario. Depending on the availability and reliability of the data various distributions can be used to estimate the weight of each of the consequence scenarios:

  • Bernoulli or discrete distribution – where there limited historical data and the probability of a single or multiple consequences needs to be estimated.
  • Poison distribution – where we have historical data to estimate the frequency of each of the consequence scenarios.

Academic disciplines

Current controls, their effectiveness and other factors affecting the probability of claims against the company have to be accounted for when allocating weights to each of the scenarios.

To be continued…

RISK-ACADEMY offers online courses

+ Buy now

Informed Risk Taking

Learn 15 practical steps on integrating risk management into decision making, business processes, organizational culture and other activities!

+ Buy now

ISO31000 Integrating Risk Management

Alex Sidorenko, known for his risk management blog, has created a 25-step program to integrate risk management into decision making, core business processes and the overall culture of the organization.

+ Buy now

Управление рисками

В этом коротком и очень увлекательном курсе, Алексей Сидоренко расскажет о причинах внедрения риск менеджмента, об особенностях принятия управленческих решений в ситуации неопределенности и изменениях в новом стандарте ИСО 31000:2018.


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.