Risk mitigation, risk assessment, risk management: We insure ourselves against risk, put buffers in our estimates to compensate for risk, and we make decisions based on risk. Or do we?
ADVERTISEMENT |
We think risk is a thing. It’s rarely a thing. Risk is part of the system we’re creating. It’s the variation, the unknowns, the bit that makes “value add” something someone hasn’t done before, and risk is always a result of experiments we’re running. Here are five risky ways we think about risk.
1. Risk is quantifiable
Quantifying risk is like quantifying love. We don’t say, “There is a 0.9 correlation between your attractiveness attributes and my desire criteria. Therefore love, marriage, and children are a reasonably low-risk venture, and I’m willing to invest my life in it.” With eHarmony we could do exactly that. But we know that people don’t work that way. Even with firm evaluation criteria, people themselves are fraught with variation.
Risk, too, is fraught with variation, and regardless how much actuarial science we bring to the table, it’s always going to be a gamble.
Risk, therefore, is actually an emotional determination. Are we (personally) willing to accept the risk we see before us? Is the gamble of the venture appealing enough to take the risk?
2. Risk is knowable
Risk always involves some degree of unknown. Things that are 100-percent certain aren’t risky. They may be foolish, but not risky. If there’s a man running around with a machine gun shooting everyone with perfect accuracy, I can be certain that if I come around the corner, he’ll shoot me. But turning the corner itself isn’t risky; it’s just a really bad idea.
3. One person knows risk
Time and again I see one project manager, one CEO, one person making decisions about risk. It’s his job to assess risk, I’m told. But he’s one person addressing a sea of unknowns. It’s one perspective on a large, multifaceted, and evolving target.
Risk, therefore, requires some care in consideration. Different people bring different viewpoints. Engineering, design, management, finance, sales, marketing, regulatory compliance, and human resources all bring different professional views of risk.
One perspective is a limited perspective. One perspective guarantees your view of risk will be stilted.
4. Risk assessments are completed
Your product, project, and context are always evolving. Risk is evolving with them. Very few people leave the house assessing all the risks for their drive. We start the drive and watch the road vigilantly for bicycles, potholes, impaired drivers, or other hazards. While backseat drivers may annoy us, from time to time they do call our attention to risks from their perspective as well (see No. 3).
With many products (e.g., medicine, software, insurance policies, electronics) even after their release we’re still watching to make sure they work right, don’t hurt anyone, and aren’t becoming illegal in some way. Doing a risk assessment up front, creating a plan, and then not reassessing during the project is shortsighted.
5. Risk assessments are just business
The framing effect, experimenter’s bias, the availability heuristic, and a host of other cognitive biases complement and are the product of the previous four risks. Business, after all, is a human endeavor by humans and certainly involves them. We’re the creatures who make the choices, we interpret the data, and we take the risks. When we convince ourselves that risk is solely based on statistical models and that our interpretation of those models is rational simply “because the numbers say so,” we’re placing ourselves in a precarious position indeed.
We’ve all seen leaders gather “facts” and then dismiss them because they have a vision. When they’re lucky and succeed (like Steve Jobs and Winston Churchill), they are lauded forever. When they’re unlucky and get nailed, they are not. Either way, they made decisions like we all do—partially on information and partially on intuition.
When we understand that part of the variation in our risk assessment system is our own interpretation of the data, that’s when we can start to honestly (not perfectly) assess risk.
First published April 1, 2015, on the Modus Cooperandi blog.
Add new comment