LR-301g · Module 1

Monte Carlo Simulation for Risk

4 min read

Monte Carlo simulation runs thousands of random scenarios through your risk model to produce a probability distribution of total outcomes. Each simulation randomly samples from the frequency and impact distributions of each risk, calculates the total loss for that scenario, and records the result. After ten thousand simulations, the aggregate results show the probability distribution of total annual risk exposure — including scenarios where multiple risks materialize simultaneously.

The power of Monte Carlo is in tail risk visibility. The expected loss — the average across all simulations — tells you the most likely outcome. The 95th percentile tells you the outcome you should be prepared for. The 99th percentile tells you the outcome that keeps the CFO awake. Simple expected value calculations hide these tail scenarios. Monte Carlo reveals them.

Do This

Run at least 10,000 simulations for stable results — fewer simulations produce unstable distributions
Model risk correlations — risks that tend to materialize together produce correlated tail events that independent modeling underestimates
Present results as cumulative probability curves — the decision-maker sees the probability of exceeding any given loss level

Avoid This

Report only the expected value from Monte Carlo — the expected value hides the tail risk that Monte Carlo is designed to reveal
Assume risks are independent when they are correlated — a data breach may trigger both regulatory fines and client indemnification simultaneously
Run Monte Carlo without validating the input distributions — garbage in, garbage out applies to simulation as forcefully as to any other analysis. [RISK]: Overconfident input distributions produce underconfident results.