At the forefront of the SC quant world today is the creation of new ways of thinking about SC risk that go beyond the protection of physical assets, which has long been the principal focus of practices such as Business Continuity Planning (BCP). One of the goals of this new approach is to facilitate the creation of new risk transfer markets that allow for greater efficiency in the pricing and efficient allocation of risk across both internal (say, a manufacturing company) and external (say, an underwriter) entities. A challenge in this effort is the creation of models to understand, measure and anticipate risk. This month, Marcelo Cruz, writing in Operational Risk & Regulation, has an interesting note about the methodological differences between US and European banks in measuring operational risk. He notes:
“European banks rely more heavily on scenario analysis, while US banks have been developing models based on internal and external loss data. Basel II requires banks to use all four data types (internal losses, external losses, business control environment factors and scenario analysis) in their risk models, but devising a correct and elegant mathematical method to combine them has been a challenge.” (http://www.risk.net/operational-risk-and-regulation/opinion/2125232/credibility-analysis-operational-risk-measurement)
Cruz goes on to note that a series of recent articles have highlighted the potential use of “Credibility Theory” (“CT”) as a means for integrating these risk factors. What is Credibility Theory? Cruz explains it thus:
“Suppose a US car insurance company wants to expand its operations into a state in which it has no experience or clients. How could this company price new policies? One option would be to use data from this company’s existing portfolio. However, states differ – for example, in population density – and data from other states might not reflect the risk profile of this new state’s portfolio. The alternative would be to use external data – a database of car accidents from this state – to start with; as the company builds up its own claims experience, it will be able to use the external database less and its internal loss data more. The advantage is that the local risk profile would be better reflected in a local database than in an accident or theft profile imported from another state.
Credibility theory provides a robust framework for the insurance company to assess exactly how much importance should be given to the external data and internal data. For example, after 12 months of operation in this new market, the model might give a weight of 80% to external data and 20% for its own portfolio. After a few years, the weight of external data should be small, and large only for event types that the company has not yet experienced itself.”
In essence, CT is a dynamic allocation of risk indicators within an integrated risk measurement model. Why is this relevant to supply chain? Because in my experience the majority of SC risk models in use today (when they exist at all) have some major methodological flaws: they are static allocations, they include little data external to the owner of the SC, and they are rarely probability based. Typically, one finds a series of “risk indicators” that a risk team (usually in the Procurement or Security functions) monitor, but these indicators are not really integrated and they are certainly not dynamically linking both internal and external risk data, as one would in a model such as the one Cruz describes.
Now, actual CT models are very difficult to create. Notes Cruz:
“Credibility theory is derived from Bayesian probability theory. To evaluate a hypothesis, the analyst specifies some prior probability…which is then updated in the light of new, relevant data (the company’s own claim experience). It can be a useful tool in operational risk modeling, as it aggregates different data elements in a mathematically elegant way…There are challenges and limitations though. Bayesian mathematics and derivations are extremely complex. A modeler needs to convert every desired distribution to the Bayesian framework, which requires considerable mathematical expertise. Also, credibility standards vary for each distribution. “
Still, SC risk specialists would do well to consider the theory, if not the specifics, of CT theory. Most SC risk models today are fundamental and lack rigor. It does not have to be this way. Thorough understanding of the latest thinking in financial risk modeling, coupled with creative application of these ideas to the manufacturing and distribution domains is where the best thinking in SC risk management will focus in the coming years.