When you make a decision, whether in your personal or professional life, you should be asking:
If I do this, what might happen?
If I do that, what might happen?
Which is the better option?
If you are faced with the unwelcome news that your primary competitor has reduced their prices by 15% and is going after your customers, you have to decide what to do about it.
There will be options, each with a range of possible outcomes. In fact, for each option, there will in all likelihood be multiple things that might happen.
For example, if you match the price increase, that might (and might not) prevent your customers fleeing to the competition. There’s an outside but unlikely chance that you might be able to snatch a customer or two of theirs. You might be able to gain the customers of other competitors who, until now, have competed based on price alone. But it’s almost certain that your revenue will drop and your cash flow will ebb. The domino effect of a reduction in cash flow might be significant in several ways. Maybe you will have to slow or cancel other business projects, such as the purchase of a new system for trade compliance. Maybe your sales representatives will see the potential loss of commissions as an incentive to leave.
Several things might happen, and work has to be done to assess the range of effects and likelihoods of those effects on your business objectives.
But there are other options, such as to ignore the price increase, cut your prices more than the opposition, or to stress your product quality or service as deserving the higher price.
You can rely on your experience and knowledge to make the decision, or you can look to improve its quality using the sort of tools available to practitioners.
If used carefully, these tools can provide quality analysis of what might happen in a way that you can compare the options and make an informed and intelligent decision.
A recent article in Security Management, How to Use Scenario Analysis to Manage in Uncertain Times is worth reading.
It is written for information security practitioners, but has merit for everybody, including those on the board and in the executive suite.
Here are a couple of useful excerpts:
- Every single decision in an organization is made under a certain degree of uncertainty…. Often, leaders make these decisions based on anticipated events, along with corresponding best-case and worst-case predictions about what might happen. Whether or not these predictions will actually come to pass is unknown at the time the decision is made.
- …it is clear that no one future path is inevitable for any organization. A wide range of potential outcomes is possible and subject to unforeseen events and random occurrences. But this does not mean that all forecasting efforts are fruitless. The business world is dynamic and competitive, and because the external environment often drives the need for change, organizations need to hone their abilities to manage uncertainty. Thus, wrestling with future possibilities is crucial, especially for reasons of preparedness, possible expansion, and strategic planning.
The article continues with an introduction to Scenario Analysis:
- Scenario analysis is a method for creating responses to various future events with the aim of reducing uncertainty and maximizing the chances of achieving a desired outcome. This process requires investments of people, time, and money. Imagination also comes into play as managers use scenario analysis to determine or invent possible courses of action to take so the organization can reduce its overall risk and maximize its value.
- Historically, scenario analysis arose out of military planning during World War II. During the war, it was a means to offer specific descriptions of different futures; summarize and synthesize variables into a coherent picture for each possible future; suggest multiple and distinct choices that each future would entail; and increase the likelihood of achieving desired outcomes by exploring a range of responses or solutions.
- In conducting a scenario analysis, specific future uncertainties and corresponding realities are evaluated by exploring different possible ways to arrive at a desired outcome. This requires assessing internal capabilities, such as the strengths and weaknesses of the operation, and external factors, such as the existing and future opportunities and threats in the business environment.
- Scenario analysis does not reveal one exact road to successful decision making, nor does it assume that historical data patterns and past observational findings will replicate themselves in the future. The process will never erase all uncertainty, and it does not predict the future…. Instead, when done well, the process brings to light many possible future developments and turning points, which present several alternative paths to the desired outcome. It can provide a clearer understanding of what is plausible and should be taken seriously, and what is not. In the end, it is about describing various futures or different outcomes. This analysis results in the option to make advance decisions that are either strategic (planned actions) or tactical (immediate responses) in nature, depending on the event.
The example in the article is excellent. Even though it is written for information security practitioners, it describes an analysis led by the risk practitioner of the options available to address a business operations problem.
The authors point out, as do I in my books and blogs, that there is a range of possible effects, each with their own likelihood, not a single point risk level (let alone having multiple effects, some positive and some not). They describe how IBM misguessed the PC market 40 years ago because they used a single point estimate for the number of PCs that might be sold.
I thoroughly recommend the article for a careful and thoughtful read.
The only additions I would make is that all decisions should consider how the achievement of enterprise objectives might be affected, and some tools like Monte Carlo Analysis should be part of every analysts armory.
I welcome your thoughts.
He retired in early 2013. However,he still blogs, writes, trains, and speaks – and mentors individuals and organizations when he can.
- When enterprise risk-based audit plans are not enough - November 15, 2023
- More useful information about cyber risk - October 18, 2023
- How do you measure internal audit effectiveness? - October 3, 2023
