Compliance Risk Management – Risk analysis (part 4)

Step 4. Allocate weights to each scenario

In order to determine the weight allocated to each consequence scenario of events triggered by compliance risk, historical data, modelling, as well as expert opinions, can all be used, individually or in combination.

Weight of each scenario can involve the following factors:

  • the range of laws, along with enforcement practices and conventions by the relevant regulatory authorities;
  • the improvement of, and compliance with, the existing framework for the management of legal risk, including strategies, governance, internal rules and policies;
  • employees’ and contractors’ demonstrated compliance with laws, and the rules and policies of the organization;
  • the frequency and number of activities related to legal risk occurring within a certain period;
  • failure to record, analyse and learn from previous events;
  • benchmarking the frequency and number of activities related to legal risk occurring within a certain period against other organizations.

Wherever possible historical data on each of the consequence scenarios is collected. When no historical data is available or no claims have been made against the company in the past, we use Bayesian statistics to estimate the weights for the scenario. Depending on the availability and reliability of the data various distributions can be used to estimate the weight of each of the consequence scenarios:

  • Bernoulli or discrete distribution – where there limited historical data and the probability of a single or multiple consequences needs to be estimated.
  • Poison distribution – where we have historical data to estimate the frequency of each of the consequence scenarios.

Academic disciplines

Alex has created a short bootcamp designed to help companies implement quantitative risk management. Imagine saving the company so much money that investing in risk management competencies and resources becomes a no brainer for the executives. That's exactly what Alex Sidorenko did at a global $10B chemical company and he has been kind enough to share his top tips and lessons learned with you each week. Sign up now!

Current controls, their effectiveness and other factors affecting the probability of claims against the company have to be accounted for when allocating weights to each of the scenarios.

To be continued…

RISK-ACADEMY offers online courses

+ Buy now

Informed Risk Taking

Learn 15 practical steps on integrating risk management into decision making, business processes, organizational culture and other activities!

+ Buy now

ISO31000 Integrating Risk Management

Alex Sidorenko, known for his risk management blog, has created a 25-step program to integrate risk management into decision making, core business processes and the overall culture of the organization.

+ Buy now

Advanced Risk Governance

This course gives guidance, motivation, critical information, and practical case studies to move beyond traditional risk governance, helping ensure risk management is not a stand-alone process but a change driver for business.


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.