Primary navigation:

QFINANCE Quick Links
QFINANCE Reference

Home > Financial Risk Management Best Practice > Own Risk and Solvency Assessment (ORSA): Strategy, People, and Complexity

Financial Risk Management Best Practice

Own Risk and Solvency Assessment (ORSA): Strategy, People, and Complexity

by Neil Cantle

This Chapter Covers

  • The integral nature of strategy and risk.

  • Risk management as a tool to identify and understand the uncertainty inherent in your strategy.

  • People who are at the heart of risk management.

  • How to harness expert input within risk management.

  • How to assess and understand “complex” risks.


Modern risk management is hard. The difficulty arises primarily because modern business is complex. When we look at the strategy our business is trying to deliver we see a forest of multiple factors—which depend on other factors, which in turn interact with others. It really is hard to “see the wood for the trees” and make sense of it all. This chapter explains how to make sense of modern risk and the role that people play within it, and it provides an overview of the tools available to modern risk managers to cut through this complexity.

Strategy and Risk

Around the world, many insurers are being asked to plan for the completion of “own risk and solvency assessment” (ORSA) style exercises. Although the details vary slightly in each country, the primary purpose is rather similar—to identify the risks inherent in your organization and to ensure that you have the resources and know how to manage them appropriately.

Strategy is all about the identification of a direction for the company, with associated goals, and an idea of how you are going to get there. The chosen strategy usually reflects some aspect of differentiation from the competition, such as: the use of skills or resources which you feel you can deploy better than your competitors; or a product that in some way is more attractive than competitors’ products.

The achievement of strategic goals is rarely a certain outcome. The reality of the business world means that, although they should be somewhat clustered around the planned outcome, the actual results could be quite different to what was planned. Some of these outcomes could be welcome outperformance, but many will not—and risk represents the possibility of these unwelcome outcomes.

The development of the risk management discipline has been an ongoing journey of finding ways to identify the sources of uncertainty associated with the pursuit of corporate goals and seeking ways to “optimize” the chances of being successful through risk mitigation, management, or avoidance. Historically, the focus has been very much on avoiding or controlling risk, but in recent years this has evolved to incorporate an understanding of which risks are being sought in return for rewards or accepted in the pursuit of these. Through the use of mechanisms such as risk appetite, companies are seeking to ensure that they take the risks they intend to and earn appropriate rewards for taking them. This moves risk management forward from being a pure “control” or “compliance” exercise toward being an integral part of the strategic planning and performance management processes of the business.

Back to Table of contents

Further reading


  • Blockley, D. I. New Dictionary of Civil Engineering. London, UK: Penguin, 2005.
  • Checkland, Peter. Systems Thinking, Systems Practice. Chichester, UK: Wiley, 1993.
  • Fenton, Norman, and Martin Neil. Risk Assessment and Decision Analysis with Bayesian Networks. Boca Raton, FL: CRC Press, 2013.
  • Gunderson, Lance H., and C. S. Holling (eds). Panarchy: Understanding Transformations in Human and Natural Systems. Washington, DC: Island Press, 2002.
  • Mitleton-Kelly, Eve. “Ten principles of complexity & enabling infrastructures.” In Mitleton-Kelly, Eve (ed). Complex Systems and Evolutionary Perspectives of Organisations: The Application of Complexity Theory to Organisations. Oxford, UK: Elsevier, 2003. Online at: [PDF].
  • Thompson, Michael. Organising & Disorganising: A Dynamic and Non-Linear Theory of Institutional Emergence and its Implications. Axminster, UK: Triarchy Press, 2008.


  • Allan, Neil, Neil Cantle, Patrick Godfrey, and Yun Yin. “A review of the use of complex systems applied to risk appetite and emerging risks in ERM practice.” British Actuarial Journal 18:1 (March 2013): 163–234. Online at: [PDF].
  • Arthur, W. Brian. “Inductive reasoning and bounded rationality (the El Farol problem).” American Economic Review 84:2 (May 1994): 406–411. Online at:
  • Cantle, Neil, Jean-Pierre Charmaille, Martin Clarke, and Lucy Currie. “An application of modern social sciences techniques to reverse stress testing at the UK Pension Protection Fund.” Enterprise Risk Management Symposium, Chicago, April 22–24, 2013. Online at:
  • Eden, Colin. “Cognitive mapping: A review.” European Journal of Operational Research 36:1 (July 1988): 1–13. Online at:
  • Ingram, David. “The human dynamics of the credit crisis and implications for the afterlife.” Wilmott (January 2010).
  • Ingram, David, and Michael Thompson. “Changing seasons of risk attitudes.” Actuary 8:1 (February/March 2011): 20–24. Online at: [PDF].
  • Tversky, Amos, and Daniel Kahneman. “Judgment under uncertainty: Heuristics and biases.” Science 185:4157 (September 27, 1974): 1124–1131. Online at: [PDF].

Back to top

Share this page

  • Facebook
  • Twitter
  • LinkedIn
  • Bookmark and Share