What's Hot

"Risk Dashboards should serve the stakeholder" | Advanced Risk Dashboards

Saturday, March 26, 2016

The risk of doing nothing

Norman Marks recently published a blog on "Why do people take risks" [LINK] which has inspired this commentary.

In this quick but explicit blog response, we explore eight iterative considerations that should be transgressed for effective decision making in the realm of risk management.

Norman, thank you for posting this most interesting topic as per usual and congratulations on a successful Caribbean risk management conference. It is rewarding in so many ways when one receives such positive feedback from their work. Well Done !!!

So onto why do people take risks?

This needs to be answered with; people have no choice in taking risk when primarily there is a risk in doing nothing. So given this, people are compelled to make decisions about the future which is uncertain one way or another and whether they like this reality or not, it’s a reality.

This bring us onto a set of progressive steps that evolve our thinking around risk management.

Eight Iterative Considerations
The Eight Progressive Steps of Risk Management

[1] Given that there is no such place as zero risk, which risks are we willing to take and which ones do we want to avoid?
Okay, that’s kind of obvious ...
[2] Thinking a bit further then, if we were to modify the risk horizon by standardising it or controlling it or even transferring it, does our objective still have value or is the cost of control simply too much? 

What residual risk are we left with after we have modified our objectives’ operating environment? Can we still go forward with our objectives, ie; are they economically viable to progress forwards with?
Okay, that makes sense ...
[3] So let us ponder further for a moment. If we were to take a risk for some desired outcome, what opportunity costs, what other risks and potential opportunities are we giving away in exchange?
This sounds like economic choice and opportunity cost ...
[4] Thinking even further as one should, can two or more opportunities cohabitate together? Does the addition of a new objective or asset to our existing position increase the aggregated or netted risk in what we have right now?

Do we have a dose response to our total risk space by adding new things to it?
This is getting tricky ...
[5] Let’s continue on with the progressive steps. Are we able to define our objectives; measure, identify performance and gather effective data (to be defined) to assess our prevailing risk?
Oh dear this sounds like we are travelling into a place dominated by risk models or model risk as it is ...
[6] How long are we exposed, is there a contingent liability from the decisions we make now?
Wow, uncertainty could have a convex relationship to time ...
[7] Thinking even further again (let the torture continue), what do we not know we don’t know?

Where is the tail position in our risk domain and is there an option for extraction if that highly unlikely event occurs or are we trapped in a binary outcome?

Beyond all of that, am I being compensated for taking any of these portfolio of risks and that tail position in the first place? Am I compensated for taking these exposures on from the outset?
This might be complex to model and difficult to explain to our stakeholders ...
[8] Can we enact what we do? This strategy under the seven steps above, can it be transacted without impeding our moral boundaries?
It appears to me that risk management is about asking questions ...
The whole concept of doing anything in life is based around risk appetite or some extension of risk attitude to be inline with ISO 31000 verbiage that unfortunately is relatively untreated in the global risk standard.

If you have a choice and the best risk management solutions will expand your optionality but if you have a choice, a coherent thinker will aim to maximise their returns while minimizing downsides. They can achieve this by preparing answers for the eight iterative questions of logic I have described above.

Gambling with Traffic Lights
To finish up on gambling. I personally try to avoid describing risk situations through gambling examples, especially simple ones. When we attempt to explore risk management paradoxes in such a manner, we oversimplify reality. We make what shouldn’t be, arcane.

So in your gambling example you have one opportunity that is out of the money and one that is deeply in the money but the universe we generally operate in is rarely so straightforward.

This brings me onto the last point I want to make here which is on traffic light risk reporting disasters.

Let’s ask ourselves one more simple question, just one.

How far down the iterative risk management perspectives or the eight steps I have described above does a risk traffic light reporting tool take us?

If you think this through, you will come to the realisation I hope, that we don’t evolve beyond the first step. So then, are risk traffic light reporting systems useful?

No they are not because they don’t address reality.


  1. Safety Auditing : Visit us for AS 4801 Safety Audit, Safety Assessment, ISO 18001 SAFETY AUDIT (Auditor). AS 4801 Safety Audit