The Failure of Risk Management. Douglas W. Hubbard
Чтение книги онлайн.

Читать онлайн книгу The Failure of Risk Management - Douglas W. Hubbard страница 10

Название: The Failure of Risk Management

Автор: Douglas W. Hubbard

Издательство: John Wiley & Sons Limited

Жанр: Ценные бумаги, инвестиции

Серия:

isbn: 9781119522041

isbn:

СКАЧАТЬ quality control to avoid. In a way, human error was an even-more-common common mode failure in the system.

      But the common mode failure hierarchy could be taken even further. Suppose that the risk management method itself was fundamentally flawed. If that were the case, then perhaps problems in design and inspection procedures, whether it is hydraulics or software, would be very hard to discover and much more likely to materialize. In effect, a flawed risk management is the ultimate common mode failure.

      And suppose they are flawed not just in one airline but in most organizations. The effects of disasters like Katrina, the financial crisis of 2008/2009, Deepwater Horizon, Fukashima, or even the 737 MAX 8 could be inadequately planned for simply because the methods used to assess the risk were misguided. Ineffective risk management methods that somehow manage to become standard spread this vulnerability to everything they touch.

      The ultimate common mode failure would be a failure of the risk management process itself. A weak risk management approach is effectively the biggest risk in the organization.

      Fortunately, the cost to fix the problem is almost always a fraction of a percent of the size of what is being risked. For example, a more realistic evaluation of risks in a large IT portfolio worth over a hundred million dollars would not have to cost more than a million—probably a lot less. Unfortunately, the adoption of a more rigorous and scientific management of risk is still not widespread. And for major risks, such as those in the previous list, that is a big problem for corporate profits, the economy, public safety, national security, and you.

      A NASA scientist once told me the way that NASA reacts to risk events. If she were driving to work, veered off the road and ran into a tree, NASA management would develop a class to teach everyone how not to run into that specific tree. In a way, that's how most organizations deal with risk events. They may fix that immediate cause but not address whether the original risk analysis allowed that entire category of flaws to happen in the first place.

      There are numerous topics in the broad term of risk management but this term is often used in a much narrower sense than it should be. This is because risk is used too narrowly, management is used too narrowly, or both. And we also need to discuss a few other key terms that will come up a lot and how they fit together with risk management, especially the terms risk assessment, risk analysis, and decision analysis.

      For now, I'll focus on a definition that, although it contradicts some uses of the term, best represents the one used by well-established, mathematical treatments of the term (e.g., actuarial science), as well as any English dictionary or even how the lay public uses the term.

      DEFINITION OF RISK

      Long definition: A potential loss, disaster, or other undesirable event measured with probabilities assigned to losses of various magnitudes

      Shorter (equivalent) definition: The possibility that something bad could happen

      The second definition is more to the point, but the first definition describes a way to quantify a risk. First, we determine a probability that the undesirable event will occur. Then, we need to determine the magnitude of the loss from this event in terms of financial losses, lives lost, and so on.

      Because risk management generally applies to a management process in an organization, I'll focus a bit less on personal risks. Of course, my chance of having a heart attack is an important personal risk to assess and I certainly try to manage that risk. But when I'm talking about the failure of risk management—as the title of this book indicates—I'm not really focusing on whether individuals couldn't do a better job of managing personal risks like losing weight to avoid heart attacks. I'm referring to major organizations that have adopted what is ostensibly some sort of formal risk management approach that they use to make critical business and public policy decisions.

      Now, let us discuss the second half of the phrase risk management. Again, as with risk, I find multiple, wordy definitions for management, but here is one that seems to represent and combine many good sources.

      DEFINITION OF MANAGEMENT

      Long definition: The planning, organization, coordination, control, and direction of resources toward defined objective(s)

      Shorter, folksier definition: Using what you have to get what you need

      DEFINITION OF RISK MANAGEMENT

      Long definition: The identification, analysis, and prioritization of risks followed by coordinated and economical application of resources to reduce, monitor, and control the probability and/or impact of unfortunate events

      Shorter definition: Being smart about taking chances

      Risk management methods come in many forms, but the ultimate goal is to minimize risk in some area of the firm relative to the opportunities being sought, given resource constraints. Some of the names of these efforts have become terms of СКАЧАТЬ