Primary navigation:

QFINANCE Quick Links
QFINANCE Reference
Add the QFINANCE search widget to your website

Home > Operations Management Best Practice > Building Potential Catastrophe Management into a Strategic Risk Framework

Operations Management Best Practice

Building Potential Catastrophe Management into a Strategic Risk Framework

by Duncan Martin

Table of contents

Executive Summary

Most organizations recognise the need for a strategic risk framework. Such a framework typically identifies and analyzes the key strategic risks faced by the organization, such as competitive, regulatory, technological, demographic, or environmental changes. Adopted at the highest level of the organization, effective strategic risk frameworks drive resource allocation and, consequently, the ability of the organization to achieve its goals.

However, many organizations do not integrate the potential impact of catastrophes into the strategic risk framework. This can result in an organization suffering large unexpected losses from a catastrophe despite investing significant time and energy into a risk management framework. For example, a business might foresee–and mitigate–the entry of a new competitor into their market, but be caught off guard by a major flood that causes equal disruption and loss in value.

To avoid being blind-sided in this way, best practice risk management builds catastrophe risk management into the same framework as strategic (and other) risks. In this way, the full spectrum of risks is measured and managed consistently, and resources are directed at those risks that pose the greatest threat to the organization. Such optimal resource allocation underpins long run organizational success.


What is catastrophic risk? Catastrophic risk is: Stuff happens. Some unexpected, perhaps unexpectable, natural event occurs. Half a world away from its source in southern China, SARS kills 38 people in Toronto; a nuclear reactor at Chernobyl is driven into a state its designers never even imagined, even as its operators disable critical safety features, and it explodes; events in the Middle East cause Britons to blow themselves up on the London Underground.

Strategic risk is also stuff happening, but from a business point of view. An ailing computer manufacturer trounces established consumer electronics firms by producing the killer portable music device, and then follows up with a mobile phone that is both revolutionary and beautiful; tiny car firms constrained by post-war, small island scarcity eliminate waste by worshipping quality, end up reinventing the entire manufacturing process, and brutally upend incumbents; Wall Street’s best and brightest simulate endless market disruption scenarios, except the one that finally happens–no bids and no offers; total paralysis.

Beyond strategic and catastrophe risk, financial and operational risk are equally necessary if less glamorous parts of a fully functional risk framework. Only through the consistent identification, measurement, and management of the full spectrum of risks can an organization ensure that it meets its objectives successfully.

Core Concepts

More formally, there are four core concepts in risk: Frequency, severity, correlation, and uncertainty.

An event is frequent if it occurs often. Most catastrophes are, mercifully, infrequent. Historically, there is a severe earthquake (seven or greater on the Richter scale) about once every 25 years in California. Hence, the frequency of big earthquakes in California is 1/25 or about 4% each year.

An event is severe if it causes a lot of damage. For example, according to the US Geological Survey (USGS), between 1900 and 2005 China experienced 13 earthquakes which, in total, killed an estimated 800,000 people. The average severity was 61,000 people.

Most people’s perception of risk focuses on events that are low frequency and high severity such as severe earthquakes, aircraft crashes, and accidents at nuclear power plants. Strategic risk also focuses on low frequency/high severity changes, such as disruptive technologies or new entrants. However, a fuller notion of risk includes two additional concepts: Correlation and uncertainty.

Events are correlated if they tend to happen at the same time and place. For example, the flooding of New Orleans in 2005 was caused by a hurricane; the 1906 earthquake in San Francisco also caused an enormous fire.

Estimates of frequency, severity, and correlation are just that: Estimates. They are usually based on past experience, and as investors know well, past performance offers no guarantees for the future. Similarly, the probabilities, severities, and correlations of events in the future cannot be extrapolated with certainty from history: They are uncertain.

The rarer and more extreme the event, the greater the uncertainty. For example, according to the US National Oceanic and Atmospheric Administration, in the 105 years between 1900 and 2004 there were 25 severe (category four and five) hurricanes in the US. At the end of 2004, you would have estimated the frequency of a severe hurricane at 25/105, or about 24% per year. However, there were four severe hurricanes in 2005 alone. Recalculating the frequency at the end of 2005, you would end up with about 27% per year (29/106). That’s a large difference, and would have a material impact on preparations.

Which estimate is correct? Neither, and both: Uncertainty prohibits “correctness.” Uncertainty is the essence of risk and coping with it is the essence of risk management.

Both catastrophic and strategic risk management are then predicting and managing the consequences of rare, severe, and potentially correlated events under great uncertainty.

Back to Table of contents

Further reading


  • Abraham, Thomas. 21st Century Plague: The Story of SARS. Baltimore, MD: Johns Hopkins University Press, 2005.
  • Cullen, W. Douglas, Lord. The Public Inquiry into the Piper Alpha Disaster. London: HMSO, 1990.
  • Junger, Sebastian. The Perfect Storm. London: Harper Perennial, 2007.
  • Martin, Duncan. Managing Risk in Extreme Environments. London: Kogan Page, 2008.
  • Perrow, Charles. Normal Accidents. Princeton, NJ: Princeton University Press, 1999.
  • Pyne, Stephen. Year of the Fires. London: Penguin, 2002.
  • Singer, Peter. Corporate Warriors: The Rise of the Privatized Military Industry. Ithaca, NY: Cornell University Press, 2004.



Back to top

Share this page

  • Facebook
  • Twitter
  • LinkedIn
  • Bookmark and Share