Evaluating novel or interconnected risks

Sherpa is a systematic approach to evaluating novel or interconnected risks, estimating their possible impacts and forecasting the effectiveness of different mitigation measures. It is designed to use the data available to help you plot a path through complex risk environments, and provide auditable evidence for the actions you decide to take to reduce your exposure to risks.

Sherpa draws on advanced risk analysis techniques, stochastic modelling and Bayesian inference to enable you to understand the risk profile across the whole of your enterprise. It accounts for the uncertainty inherent within the assumptions that underpin risk estimates and allows a range of forecasts to be produced, taking into account different potential risk outcomes.

Sherpa integrates historical data, expert judgement and structured estimates to build bespoke risk pathways that are based on your organisation and risk profile. This approach is particularly applicable to risks for which there is little precedent, such as evolving cyber risks, new technological threats or risks relating to reputational damage from emerging communication platforms.

If you are interested in understanding how Sherpa can help you provide an evidence-based justification for your risk reduction strategy, please get in touch.

1Planning the risk model

This involves considering the risks which affect your organisation, describing their impact and identifying the measures which could be taken to mitigate these risks.

2Surveying the risks

This requires the risks themselves to be studied in detail and broken down into their constituent stages. Understanding the way in which a risk event would unfold within your organisation, is the first step to working out how to militate against it effectively.

3Selecting the right data

Collecting relevant data, eliciting expert judgement in the right format and developing structured estimates for variables where data is unavailable, are all part of the process of selecting the right data with which to build a risk model.

4Testing the risk model

The initial risk model must be tested and its outputs validated against expert assessment before its full-scale implementation. This step prevents valuable resources being misallocated to the task of populating the wrong model.

5Running the risk model

This involves first testing and then populating the model with processed data and carrying out the calculations in order to generate outputs relating to the size of the risks and the quantified effectiveness of different mitigation options.

6Informing the decision

Reducing uncertainty and informing the decision-maker is the whole focus of the Sherpa approach. This final step is about interpreting and presenting the output of the risk model in a form which provides clear auditable evidence to underpin risk mitigation decisions.