# What is a Monte-Carlo simulation?

The Monte Carlo simulation is a mathematical procedure from stochastics or probability theory, in which repeated random samples of a distribution are drawn using random experiments. The aim is to use the samples taken to solve problems numerically that cannot be solved analytically or can hardly be solved. The basis for this is above all the law of large numbers. The random experiments can be carried out in a simple form, for example by rolling the dice. In complex contexts, the computer calculations are carried out using Monte Carlo algorithms.

## The Monte Carlo method

These algorithms build a model of possible outcomes using a probability distribution for each variable with inherent uncertainty. The results are then recalculated over and over again, each time using a different set of random numbers between the minimum and maximum values. This calculation of these values can be performed thousands of times, producing a large number of probable outcomes. A simple example is the result of rolling two standard dice. The probability of one of the 36 possible outcomes occurring can be calculated manually or using a Monte Carlo simulation. This simulates the rolling of the dice many 1000 times at the touch of a button and is thus able to make much more precise predictions about the outcome of the dice.

Monte Carlo simulations are an extremely accurate method of forecasting and are therefore also used for long-term forecasts. As the number of inputs increases, so does the number of forecasts, so that results can be projected further into the future - with greater accuracy of the values. At the end of a Monte Carlo simulation, it provides a range of possible outcomes and the probability of each outcome occurring.

## The use of the Monte Carlo method in risk management

The calculation of expected values using conventional methods is often error-prone. The Monte Carlo method, on the other hand, delivers reliable results based on risk quantification through a large number of random experiments. Risks are evaluated based on the probability of occurrence, distribution functions and the extent of the damage (e.g. 3-point estimate). An aggregated risk (risk aggregation) is determined with the aid of simulations. Dependencies between risks can be taken into account here. Results are not shown as an absolute value, but in any range of results (quantiles). In BIC GRC (formerly risk2value) you will find an integrated Monte Carlo tool for risk assessment, which allows you to carry out a superior analysis of the overall risk situation at any time through the targeted query of risk information. You always have the option of mapping the entire risk management process through to risk analysis and are able to provide management with information relevant to decision-making for corporate planning.

## Easy made Monte Carlo simulation with BIC GRC

With BIC GRC you can easily add quantitative methods to your risk management by performing statistical calculations and using the Monte Carlo methods. The topic of quantification may seem complicated and challenging. The idea of having to deal with topics such as simulations, Monte Carlo analysis, probability, distribution and random numbers for days or weeks often represents a hurdle. Perhaps you too have already considered taking the first steps towards risk quantification but then refrain from supposedly too much effort and too little traceability.

### We understand the challenges you face

- Lack of basic skills in quantification and/or risk simulations
- Major obstacles in quantifying all risks (larger burden on risk managers)
- Focus on individual risks since qualified risks cannot be aggregated
- Simulation-driven risks analysis that provides no added insights or knowledge to executives
- Restricted use of stochastic simulations (limited to select experts)

### Your advantages with the simulation in BIC GRC

- Robust results on the total risk situation
- Visible effects on the company’s total risk portfolio
- Solid foundation for making decisions, taking actions and evaluating options
- Transparent display of correlations and effects
- List of most significant risks
- Incorporation of action budgets
- Analysis of worst-case scenarios

## Get to know our risk management software BIC GRC

Join our webinar “How Much Risk Can Your Company Handle?” to learn more about risk aggregation and risk-bearing capacity from our GRC experts and see a real-world implementation live in our tool. Get to know BIC Enterprise Risk, our professional, prebuilt risk management solution that fulfills all leading standards out of the box.

### How much risk can your company handle?

Discover the effective way to aggregate and simulate risks with BIC Enterprise Risk. (webinar in german)

Request webinar recording

### BIC Enterprise Risk

BIC Enterprise Risk is our intuitive, fast-to-implement standardized solution that fulfills leading standards.

## Companies need to take action

We have observed that purely qualitative evaluations no longer suffice for many companies. The trend is moving towards quantitative evaluations – mostly in preparation for using simulation methods. This trend has also been recognized by Gartner, which emphasizes the growing significance of quantitative methods.

IDW PS 340, the auditing standard of the German Institute for Public Auditors since 2021, requires quantitative methods for publicly traded companies. Experience suggests that it will also have a spillover effect on smaller companies in the future. At the core of the new auditing standard is a legally binding examination of the early warning system by the auditor. IDW PS 340 incorporates the following topics:

Emphasis on the company's obligations regarding its ability to aggregate and bear risks

Clarification of the analysis of net risk and risk controls as examples of the basic elements to be checked in the early warning system

Details on the basic elements of an early warning system based on those developed for installing and examining risk management and compliance systems

The emphasis here lies on the points regarding risk-bearing ability, risk aggregation and the analysis of net risk. These requirements force companies to view risks in a quantitative manner. Calculating the aggregate risk and its effects on risk-bearing capacity are only feasible with quantitative methods such as the Monte Carlo simulation.

Gear up your risk management and fulfill the latest IDW PS 340 requirements with BIC GRC. Read our white paper for more information.

Expand your knowledge with our e-learnings on BPM & GRC.