Between Data and Decisions

Calculating risk with predictive analytics expert Dr. Andrew Banasiewicz.

If you watch the evening news, you would be justified in thinking that the job description of a “risk manager” is to help companies survive the endless array of catastrophic disasters, violent attacks, and acts of war that are reported upon. According to Dr. Andrew Banasiewicz—who after a year as a part-time senior lecturer has transitioned to full-time associate professor of the practice of administrative sciences—this is a rational way of thinking about the nature of “risk.” It also happens to be inaccurate.

Andrew Banasiewicz
Dr. Banasiewicz teaches Introduction to Risk and Continuity Management; International Business, Economics, and Culture; Marketing and Economic Research and Analysis; and Quantitative and Qualitative Decision-Making.

“To the layperson, ‘risk’ means bad storms, earthquakes, or things being blown up,” says Banasiewicz, who coordinates the Department of Administrative Sciences’ online master’s in Business Continuity, Security & Risk Management and online graduate certificate in Risk Management & Organizational Continuity. “This is akin to saying that getting sick is synonymous with getting cancer. In reality, most people who get sick suffer from far less severe and life-threatening illnesses. Businesses need a plan for extreme scenarios, but if you’re a risk manager for a typical Fortune 500 company, you’re going to be focused on lesser-magnitude, higher-frequency things that happen year after year.”

In the context of business, risk management involves developing frameworks that allow companies to identify, analyze, and strategize a response to each event that could cause damages or financial loss. These might include disasters, but are far more likely to involve supply-chain interruptions, power outages, employee problems, lawsuits, or product obsolescence. An effective risk management strategy not only protects assets, but creates value for investors and other stakeholders, and demonstrates organizational responsibility in a globally interconnected environment. “There is a very thoughtful and systematic process of identifying, and then managing, risk: some problems you have to ignore, some require you go buy insurance coverage, and some you may mitigate,” says Banasiewicz. “Most of the time and effort that goes into risk management is to deal with organizational threats that are far more mundane, but also more likely.”

Banasiewicz points to workers’ compensation as an example. Laws require that companies provide for medical costs and continuation of pay for employees who suffer on-the-job injuries—expenses that can take a massive financial toll. The risk manager must have a plan in place to respond to these situations, says Banasiewicz. “You never hear about workers’ compensation on the news, but it happens to companies every day. A large organization spends a lot more time and effort on issues such as this than it does planning for fifty-year events like Hurricane Sandy.”

Sample SCA Scorecard
A securities class action (SCA) scorecard offers a concise summary of analytically derived conclusions, in this case for “D&O liability”—risks related to directors and officers of public companies.

Another example is drawn from Banasiewicz’ background in an area known as ‘executive risk’—where damage is caused by governance breakdown or scandal. “Shareholders have the right to sue directors and officers of public companies if there is any evidence of fraudulent activity,” he explains. “Securities laws have very stringent disclosure requirements, and sometimes people who are on the inside don’t follow all these laws. Powerful people like Dennis Kozlowski of Tyco, Kenneth Lay of Enron, and Bernard Ebbers of WorldCom have ended up in prison. If a building gets destroyed, we have insurance and we rebuild it—it’s not the end of the world. But when a CEO of a powerful company winds up in a federal penitentiary? That case study has a lot more potential in illustrating enterprise risk.”

Banasiewicz, a predictive analytics expert, brings to the MET classroom over fifteen years of hands-on industry experience in quantitative risk assessment and marketing analytics, and more than a decade of practice managing and developing analytic teams in business organizations. He has created predictive models to forecast executive risk in public companies, and has authored three books on applied statistical analysis and multivariable statistical modeling, entitled Marketing Database Analytics, Cracking the Code of Executive Risk, and Risk Profiling of Organizations.

“Predictive analytics is the art of using different types of data, depending on the context, to estimate the probability and severity of future outcomes.”

“Predictive analytics is the art of using different types of data, depending on the context, to estimate the probability and severity of future outcomes,” explains Banasiewicz. “In the context of risk, for instance, say that a university purchases property and casualty insurance. The question is, how much is the university willing to pay in the event of damages? Predictive analytics helps risk managers make sense of pertinent data in order to develop objective insights around such decisions, and to devise a plan accordingly. Yes, you have to buy insurance coverage, but how much? From whom? And, how much should you pay? Those are the real questions. Between the data and the decisions, there is a lot to consider—and that is my domain.”

Since becoming a full-time faculty member, Banasiewicz has been busy developing and reevaluating elements of the risk management curriculum for the fall 2014 semester. “I think our Business Continuity, Security & Risk Management program is one of the few in the country that actually provides the kind of risk management training that organizations are looking for,” he asserts. Significantly, the program will gain a new moniker, “Enterprise Risk Management,” more aligned with its focus. “While the word ‘security’ in the current program title refers to cyber security, it tends to imply guards with guns—we’re dealing with corporate risk, not physical security,” clarifies Banasiewicz. “Enterprise risk management has its own set of frameworks, and within that we will delineate specific areas of risk analytics, risk communication, and the measuring and management of risk. We are not only going to teach students how to buy insurance or how to plan for catastrophes—we are going to cover all the different manifestations of risk that companies face. We are going to be one of the very few schools in the nation that has such a comprehensive view of risk.”

Administrative Sciences Chair Kip Becker agrees, noting that the Business Continuity, Security & Risk Management program prepares graduates to face challenges in such diverse areas as cyber-security, enterprise risk management, international supply-chain control, and international strategy. “Dr. Banasiewicz is a pioneer in the modeling of risk,” emphasizes Becker. “He has extensive knowledge of multivariate predictive analytics and data-mining techniques, as well as ‘big data’ manipulation and analysis. His background assures that our graduates receive the most relevant and up-to-date knowledge as they prepare for the next decade of global business demands.”

SCA Model Results
A securities class action (SCA) scorecard offers a concise summary of analytically derived conclusions, in this case for “D&O liability”—risks related to directors and officers of public companies.

For those seeking a rewarding career change, as well as those already working in generally defined areas of risk, such as the insurance industry or emergency response departments, MET’s risk management programs enhance the skills needed to prepare for an eventual position as chief risk officer in a large corporation. “A graduate level of education is required,” advises Banasiewicz. “And, you must get used to dealing with data—organizations have invested millions and millions of dollars in databases, infrastructure, and database administrators. Now, they are bursting with data—and, unlike wine, data does not get better with age. If you want to substantiate your decisions concerning risk with objective information, you have to analyze data, to seek and recognize patterns, and to interpret the meaning. You have to know how to use data the right way.”