a comment on Virtual Profile Risk Exposure

THE REAL WORLD AND VIRTUAL PROFILE APPETITE FOR EXPOSURE TO RISK WHERE RISK IS A TRADABLE AND PERISHABLE MARKET CURRENCY. INCLUDING CRAIG’S CONCEPTS OF ONLINE/VIRTUAL PROFILE RISK. 

This paper is a draft to develop a risk model for non financial risks, more specifically the risk we are exposed to through our online profiles / personality.

Below is a bit of a stream of consciousness work that is effectively the very early start of an article I want to research and publish, it COULD become a great body of research/ PhD material for someone.

CONCEPT OF RISK AND TOMATOES

I was in my garden and tending to the fruits on the vines and was contemplating what to do with the glut of tomatoes; how to store and how to offload some. Of course, the best ones I would use today. This almost immediately unlocked a module in my brain that held the lexicon of Risk and Risk terminology. I soon deduced that the work Risk and Tomato were completely interchangeable, Humorous at first but this unlocked a real change in my ability to communicate Risk management to people who were not familiar with the associated concepts.

PRESENTATION OF A DOZEN ‘RULES’ OF ‘RISK’ 

1.         Tomatoes need to be ripe before picking.

2.         Tomatoes should not be left on your Managers desk.

3.         Tomatoes have a use by date.

4.         Tomatoes can be shared

5.         Tomatoes can be combined.

6.         Tomatoes leave a mess when destroyed.

7.         Tomatoes are not all equal, but should be treated with equity.

8.         Tomatoes can not be ignored in the desk drawer.

9.         Tomatoes have a value.

10.       Tomatoes are not the only fruit in the fridge.

11.       Tomatoes need to be understood in your planning.

12.       If you find a tomato, don’t hide it.

These are, in general terms self explanatory to someone who can find their way around a domestic kitchen but to expand and frame your mind set I will now discuss them briefly; I will flick between the words ‘Risk and tomatoes’ with the hope you will respect the attempt at humour to illuminate Risk management from a different perspective.

CONCEPT OF GENERAL HAZARD and RISK ASSESSMENT

I would continue my work in Risk Assessment and particularly of the way we develop our appetite for risk. I have been in general discussion over the last few months with some academic and working scientists; Both are looking at the way we perceive risk and live with it for disaster situation and in our social media/online personality.

For the last decade the individuals, collectives and companies have had to come to terms with and embraced quantifying Hazard and Risk in its workings. This has been formalised in the Regulation Frameworks and associated documentation. These documents are a subset of the regulatory regime and safety management doctrine. Technical Regulation is based on controlling risks to fitness for service, safety of personnel, and environmental compliance, which occur during design, construction and maintenance of materiel.

There are a variety of tools to assess and manage risk, from simple checklists to more elaborate spreadsheets and web based application. However, there does not exist a methodology within the fleet to approach and manage risk in a cumulative model to asses the current risk being accepted by the use of a platform.

It is worthy to discuss how risk is assessed and reported; to then propose a number of Cumulative Hazard Risk models to account for the overall risk of operating with those hazards remaining.

CONCEPT OF HAZARD ASSESSMENT

A Hazard is defined as a source of potential harm or a situation with potential to cause loss that will have an impact upon mission and outcomes. Whereby the organisation, in this case delegated by Command, must evaluate all activities conducted by with a view to both finding and reducing hazards. Whilst the process of assessing the Hazard is detailed under the Regulation Framework, the ethos to drive the process is contained within Safety Systems policy with an aim to a safe culture. This process relies heavily on experience of the organisation to identify and treat hazards and can become subjective given the differing backgrounds and experience of members of the team.

CONCEPT OF RISK ASSESSMENT

A risk is the chance of some event occurring that will have an impact upon mission and outcomes. It can be quantified in terms of likelihood and consequences. It in effect becomes a mathematical or statistical approach. Even though this process is founded in science, it can become an art form in making a valued assessment of probability.

CONCEPT OF THE HAZARD RISK INDEX

This processes outlined above have been combined and formalised into the Hazard Risk Index (HRI). On evaluation of the Severity and Likelihood, an index from 1-20 can be assigned to the situation to allow better overall assessment and handling of the hazard. This Index is used in the allocation of a priority of a technical defect. It can also be used to asses the safety of a variety of evolutions and activities. The HRI can be assigned to a number of standard evolutions to create Standing Risk Profiles. These profiles are evaluated for a series of known environmental influences and adjust for variations from the normal.

INTRODUCTION TO RISK APPETITE

This section begins to work towards a the concept of Corporate Engineering Risk Appetite in an operational environment. I will not bog down on risk assessment, but develop a series of statements on risk ownership and appetite.

CONCEPT OF RISK APPETITE AND TOLERANCE

Risk appetite and tolerance must be high on the board agenda. IRM’s guidance, while providing practical direction to facilitate debate in the boardroom, it is far from the final word on the subject. It is however, a useful tool and source of information.

Risk appetite is a core consideration in an enterprise Risk management approach. Risk appetite can be defined as ‘the amount and type of Risk that an organisation is willing to take in order to meet their strategic objectives. Organisations will have different Risk appetites depending on their sector, culture and objectives. A range of appetites exist for different Risks and these may change over time.

While Risk appetite means different things to different people, there is widespread consensus that a properly communicated, appropriate Risk appetite statement can help organisations achieve their goals and sustain their operations.

“The Risk appetite statement is generally considered the hardest part of any enterprise Risk management implementation.  However, without clearly defined, measurable tolerances the whole Risk cycle and any Risk framework is arguably at a halt”. Jill Douglas, Head of Risk, Charterhouse Risk Management

CONCEPT OF RISK APPETITE AND PERFORMANCE

While Risk appetite is about the pursuit of Risk, Risk tolerance is about what an organisation can deal with. All organisations have to take some Risks and they have to avoid others. The big question that organisations have to ask themselves is: just what does successful performance look like? This question may be easier to answer for a commercial organisation than for a government department, but can usefully be asked by boards in all sectors.

https://www.theirm.org/knowledge-and-resources/thought-leadership/Risk-appetite-and-tolerance/

DEFINITION OF LEVELS OF RISK APPETITE

The level of Risk that an organization is prepared to accept in pursuit of its objectives, and before action is deemed necessary to reduce the Risk. It represents a balance between the potential benefits of innovation and the threats that change inevitably brings.

The appropriate level will depend on the nature of the work undertaken and the objectives pursued. For example, where public safety is critical (e.g. operating a nuclear power station) appetite will tend to be low, while for an innovative project (e.g. early development on an innovative computer program) it may be very high, with the acceptance of short term failure that could pave the way to longer term success. Below are examples of broad approaches to setting Risk appetite that a business may adopt to ensure a response to Risk that is proportionate given their business objectives.

Averse Avoidance of Risk and uncertainty is a key organization objective.

Minimal Preference for ultra-safe options that are low Risk and only have a potential for limited reward.

Cautious Preference for safe options that have a low degree of Risk and may only have limited potential for reward.

Open Willing to consider all potential options and choose the one most likely to result in successful delivery, while also providing an acceptable level of reward and value for money.

Hungry Eager to be innovative and to choose options offering potentially higher business rewards, despite greater inherent Risk.

The appropriate approach may vary across an organisation, with different parts of the business adopting an appetite that reflects their specific role, with an overarching Risk appetite framework to ensure consistency.

DEFINITION OF MEASURING RISK APPETITE

Precise measurement is not always possible and Risk appetite will sometimes be defined by a broad statement of approach. An organization may have an appetite for some types of Risk and be averse to others, depending on the context and the potential losses or gains.

However, often measures can be developed for different categories of Risk. For example, it may aid a project to know what level of delay or financial loss it is permitted to bear. Where an organisation has standard measures to define the impact and likelihood of Risks, this can be used to define the maximum level of Risk tolerable before action should be taken to lower it.

DEFINITION OF PURPOSE AND BENEFITS

By defining its Risk appetite, an organisation can arrive at an appropriate balance between uncontrolled innovation and excessive caution. It can guide people on the level of Risk permitted and encourage consistency of approach across an organisation.

A defined acceptable levels of Risk also means that resources are not spent on further reducing Risks that are already at an acceptable level.

DEFINITION OF MAIN AREAS OF RISK APPETITE

In literature there are six main areas of Risk appetite:

financial

health

recreational

ethical

social

information

There is often a confusion between ‘Risk management’ and ‘Risk appetite’, with the rigor of the former now recovering some of its lost ground from the vagueness of the latter. Derived correctly the Risk appetite is a consequence of a rigorous Risk management analysis not a precursor. Simple Risk management techniques deal with the expectation values of the consequences of hazardous events, but this ignores the possibility of collateral effects of a bad outcome, such as for example becoming technically bankrupt. The quantity that can be put at Risk depends on the cover available should there be a loss, and a proper analysis takes this into account. The ‘appetite’ follows logically from this analysis. For example an organization should be ‘hungry for Risk’ if it has more than ample cover compared with its competitors and should therefore be able to gain greater returns in the market from high Risk ventures.

https://en.wikipedia.org/wiki/Risk_appetite

CONCEPT OF CUMMULATIVE RISK AND RISK TRADE

In my previous worked papers in Cumulative Risk and viewing Risk as a tradable but perishable commodity. These concepts would be extended and incorporate the work from the finance sector in developing consumer Risk Appetite Indices. I would explore how our Corporate Engineering Risk Appetite changes with the financial, operational and psychosocial climate of the company.

CONCEPT OF RISK AND TRADING IT AS A MARKET CURRENCY 

My Previous Paper did not look at the time component of risk and also it lacked a view of what to do if we needed to absolve our team from an unavoidable Risk. These concepts could be extended and incorporate the work from the finance sector in developing consumer Risk Appetite Indices. I would explore how our Corporate Engineering Risk Appetite changes with the financial, operational and psychosocial climate of the group or enterprise.

I have started to think more about this thing being Risk. It has I feel for too long been referred to more as a verb or a thing we do, but I think it should be a noun, a thing we own.

Perhaps John Mayer impacted on my thoughts here in his recent song that discussed the difference between verbs and nouns in human relationships.

Risk is created once we analyse a situation. Engineering authorities will give it some deep analysis and treatment before handing it to an executive authority. Much like a baker or artist uses skills to create a product for the customer.

Just a quick side note here on the concept of creation: There is a law of the conservation of energy, stating that is cannot be created or destroyed. There is a great, but misleading TV ad for an energy company (energy provider) that they make energy daily. This is false, energy cannot be made, and it can only be moved from one form to another. There may be some robust discussion here about the theory of relativity and some breaking research in the fields of quantum physics, but they are on the side for now.

So in my view, we can supply this product called Risk, much like we do with creating energy at a power station. It is then a product for use. Much like electricity it has to be used and managed there and then or it becomes a little obsolete. It has to be stored, classified and a plan made for its future.

So given that Risk is now a thing, I wondered if I could trade it, like I do with Comics, cash or cars. I chose those comparisons carefully as they all have varying values. Cash devalues in its own economy at a steady rat. Comics have a set face value on release, but can drift down or soar well above this from supply and demand with other collectors. Finally Cars have a very high retail value that plummets in the first year, before a steady decay. Value can improve if it is an exotic or fall further from poor upkeep of the item.

So what can I compare Risk to from the suite above? I feel it is perhaps like the comic. It has a very fixed value for a short period, but after this there is a wide range of values it can take. It could drop in value if no one wants to own it. There could be rise in value if it is a boutique Risk with a low chance of occurrence. There may also be ability for this Risk to fit into a set of other Risks so its value may be impacted by the others in the set.

I may be losing readers here, because many may be thinking who would want to own lots of Risks, just get rid of them. Well it is not that simple, by commanding a fleet unit we have Risk and we produce them daily. My point here is that we should not continue to amass them. We need to understand them, value them and then trade them somewhere else. In general terms we need to trade our operational Risks to operating authorities, the currency being earned by this trade is resources of time and people. The technical Risk should be traded to the maintenance authorities, this transaction frees up organic resources, so may also require the handing over of some of those resources to settle the deal.

In many ways, it appears that the actual payment for the transaction accompanies the Risk; that is people are paid more to take on a Risk rather than recompensed for losing the item.

But this is not always the case. In the insurance game, the ownership of Risk is the backbone of the industry. Insurance companies will take on the Risk for the insured entity. This is accompanied by a premium that’s serves as the income for the company.

Does this then imply that all our Risks at sea should be owned by a big brother company in return for them pocketing our premium payments? Sure of course it does. This group is made up of a suite of shareholders being technical repair authorities, Capability providers and Operational authorities.

We must as Engineers and operators continue to assess hazards and consequences and produce valuable Risk assessments. These then need to be carefully analysed for who is going to own them. If they are in our Risk appetite, we should hold them and manage them. If they are outside our domain they must be traded away.

CONCEPT OF VIRTUAL PROFILE APPETITE FOR EXPOSURE TO RISK

In the every expanding world of digital media our School aged citizens are faced with an increasingly wide variety of choices. There is a primary phase of choice in the selection of our online personality and the information we either share or traits we create for this on line presence. Much is defined in how we create this profile and where it sits on a spectrum of real or imaginary. This profile then facilitates a series of choices both for the behaviour of the Digital character and for the real world presence. All decision contain risk, and the context of the risk is defined by the character. In the real world, we are largely unable to modify the context of risk, but on line we can alter the scenario and actors of the situation. This may be a simple case of using a software reset to re complete a scenario or modifying the attributes of the Avatar to give it an advantage. It would be ideal that the digital and real world actors were perfectly matched, but this is rarely if ever the case. It allows then for the avatar to be placed in situations with a different appetite for risk to what the controller would accept, this also then may give a digital result that, while low on validity, drives real world behaviour when faced with risk. This paper details the impact on real world risk perception and management as a result of the fidelity and realism of the creation of the avatar and the risk this online profile is exposed to…..

I am revisiting my notes this week after reading about the new Pokemon Go Applications and how people are getting hurt in the real world from an online game. This is specifically the area I want to look at. That is the level of risk to our real and online profiles we take based on the completeness and accuracy of our online presence to the real world user profile.

STATEMENTS FOR LATER WORK; THIS NOTE FORMS CRAIG’S CONCEPTS OF ONLINE/VIRTUAL PROFILE RISK: 

A MORE COMPLETE ONLINE PROFILE ENCOURAGES LESS VIRTUAL EXPOSURE TO RISK BY THE PROFILE OWNER.

A MORE ACCURATE ONLINE PROFILE ENCOURAGES LESS VIRTUAL EXPOSURE TO RISK BY THE PROFILE OWNER. 

So I will wrap this essay up here for now and therefore leave my last two assertions untested. They do serve as a nice bookmark though for later work on the topic. I would like to firstly work out if they are in fact true and then look a a tool to see how much risk exposure can be expected from both the completeness and accuracy of a new or renewed online profile and how by encouraging more complete data to be included in the profile does the risk exposure change. It must be noted that this risk exposure is only to be studied as a realistic risk that is encountered by the online actions of the profile owner This could included, bullying, Harassment, identity theft, property theft, data mining and . The Study could not study unrealistic risks such as those created by subversive online presences such as cyber crime against largely groups of profiles, not aimed at the specific user. The study could be extended to the use of online tools that manage real work risk such as financial or environmental risk warning systems.

End of File July 2016 – Draft and sources notes within as required