The dictionary defines “risk management” as the identification, evaluation, and prioritization of risks followed by coordinated and economical application of resources to minimize, monitor, and control the probability or impact of unfortunate events or to maximize the realization of opportunities. Business owners implement risk management strategies to brace for the future and protect their investments. And if these strategies are applied correctly, they can be a tremendous asset. But what if your strategies are flawed from the beginning? What if you’re relying on a faulty safety net? As a management consultant, Douglas W. Hubbard is well aware of the failures of our current risk management system. And that’s why he’s drafted a solution. So, over the course of this summary, we’ll explore the gaps in modern risk management and learn about Hubbard’s solutions for filling those gaps.
Chapter 1: Choose Your Battles
At the end of the day, risk management could probably be boiled down to that one simple phrase. We all know that life is fraught with risks, many of which we can’t predict. That means it’s impossible to adequately prepare for or prevent all of them. So, what can we do? We can use risk management strategies to identify and prepare for the risks that would likely do the most damage and that we can most likely prevent. For example, you might be concerned that your business will suffer a crippling financial loss. You might worry that your product will suddenly go out of style or, if you live in a state like Florida or California, you might worry that your office will be affected by a natural disaster. These are just a few examples of the risks that we might worry about. But now that we’ve identified the potential risks, let’s turn our attention to the management part. How are we to manage these potential threats? What does that look like in practice?
In short, the author affirms that risk management is the act of using the resources we have to prevent negative events that would diminish or deplete those resources. In this respect, risk management is no different from any other task you might carry out. For example, if you were to use your company’s money to purchase advertising space or launch an advertising campaign, that would mean you’re using the resources you have to get what you want. Likewise, you might use a resource like money, time, or insurance to protect yourself against liabilities. You might consult with a Risk Management Officer to assess the potential danger of a new business venture. These are some common examples of risk management strategies. But the author posits that the strategies we rely on are severely flawed. And over the course of the next few chapters, we’ll examine these strategies and learn why they don’t work.
Chapter 2: The Common Failures of Risk Management
In the previous chapter, we learned a little bit about risk management and what it is. We identified what a risk is and what resources we would commonly use to manage it. So, by now, terms like “risk management” probably seem both universally understood and straightforward. And indeed they are; they have to be. Because unless we can embrace a universal definition of a term, we can’t hope to make sense when communicating with one another. We certainly can’t attempt to effectively manage risks together. And yet, this dangerous communication deficit is precisely what we have. The author observes that this has occurred because we haven’t standardized our lingo.
For example, we throw around terms like “low probability” or “high probability,” but they mean different things in different risk management circles. The same is true with terms like “very likely” or “highly likely.” In the context of one company, “very likely” might equate to 80%. But in another company, it might be 20%. As a result, it’s no surprise that we struggle to stay on the same page! In fact, that means it’s almost impossible to communicate effectively or to know whose estimate you can trust. This is especially true when it comes to another form of risk assessment: evaluating the relationship between risks. Because we have to consider the law of cause and effect, it is vital that we analyze the interconnected nature of some risks. Without doing so, we cannot claim to be adequately prepared or protected against risks.
For example, let’s say that you were concerned about your business being impacted by a natural disaster. As we mentioned in the previous chapter’s example, let’s say that you live in a volatile state like Florida or California and you know you need to prepare for the likelihood of hurricanes, severe storms, or flooding. Maybe you’re worried that your office building will be washed away. Maybe you’re worried that your building isn’t situated on a strong foundation. So, to assess this risk, you ask your Risk Management Officer to consider things like the security of your building’s foundation and the climate of the soil in which your building is situated. So far, that sounds like you’re doing all the right things.
But what if your Risk Management Officer simply took a look at the soil and foundation on a sunny day and said everything was all good? What if he failed to consider the impact of prolific rainfall on the soil? What if it was later discovered that a certain amount of rain would loosen the soil around your building so much that the foundation was in danger? What if it was revealed that, under the right circumstances, your building might slide right off the cliff and straight into the ocean? All of these things would be important to know. In fact, it would be impossible to feel safe or have an accurate risk assessment without this information! But what if you finally got that information… and the person who performed your risk assessment still didn’t calculatethe amount of rainfall in your area? Would you feel like you had a complete risk assessment? Probably not, right?
Although this is a bit of an over-exaggerated example, it serves to illustrate the necessity of evaluating the relationship between risks. Because the risks we examined in this example are interconnected, you can’t claim to provide an accurate and comprehensive risk assessment until you’ve evaluated their relationships. But unfortunately, our current risk management models do not mandate analyzing risk relationships. As a result, the author argues that this is one of the most significant failures of modern risk management.
Chapter 3: Improving the Future of Risk Management Through the Monte Carlo Simulation
But if the current models of risk management are failing us, how can we get it right? What model should we use? The author posits that we can improve the future of risk management by relying on the Monte Carlo simulation. So, in this chapter, we’ll learn more about this tool and understand what it is, how it works, and why we need it. Let’s start by taking a look at what it is. The popular investment website Investopedia charts the history of the Monte Carlo simulation by explaining that, “Monte Carlo simulations are named after the popular gambling destination in Monaco, since chance and random outcomes are central to the modeling technique, much as they are to games like roulette, dice, and slot machines. The technique was first developed by Stanislaw Ulam, a mathematician who worked on the Manhattan Project.
After the war, while recovering from brain surgery, Ulam entertained himself by playing countless games of solitaire. He became interested in plotting the outcome of each of these games in order to observe their distribution and determine the probability of winning. After he shared his idea with John Von Neumann, the two collaborated to develop the Monte Carlo simulation.
The basis of a Monte Carlo simulation is that the probability of varying outcomes cannot be determined because of random variable interference. Therefore, a Monte Carlo simulation focuses on constantly repeating random samples to achieve certain results. A Monte Carlo simulation takes the variable that has uncertainty and assigns it a random value. The model is then run and a result is provided. This process is repeated again and again while assigning the variable in question with many different values. Once the simulation is complete, the results are averaged together to provide an estimate.”
So, now that we’ve learned about what a Monte Carlo simulation is and how it works, let’s examine its practical application in the field of risk management. As you can see through Investopedia’s explanation, a Monte Carlo simulation is valuable because it runs a holistic and unbiased analysis of all possible scenarios and their outcomes. This is extremely helpful because it allows us to eliminate the problems we discussed in the previous chapter. When running a Monte Carlo simulation, there is no need to account for the possibility of human error or an incomplete risk assessment. Likewise, we don’t have to worry about a simulation employing subjective terminology. This means that you can safely use a Monte Carlo simulation in the field of business, finance, telecommunications, and a host of other fields. However, additional personal research may sometimes be required so that your simulation can accurately assess the complex relationships between variables or the significant amount of variables you might have.
Chapter 4: How to Cope With a Lack of Data
Now that we’ve discussed the value and function of the Monte Carlo simulation, it’s time to take a look at something else: the potential problems you might run into. Sadly, although the Monte Carlo simulation might seem perfect, it does come with a few issues that need to be considered before we rely on it as our primary model for risk assessment. Because it is only an automated simulation, it’s understandable that there are limits to the program’s powers. One of those limitations involves the availability of data. As we discussed in the previous chapter, the Monte Carlo simulation is capable of calculating vast amounts of data and producing results about a wealth of potential outcomes and scenarios. But it can only do so if you provide it with all the necessary data at the onset. And unfortunately, there will always be scenarios where we simply don’t have enough data for an automated simulation to produce accurate or effective results.
So, what can you do instead? How can you perform accurate risk assessments when you don’t have all the necessary data? In these cases, the author posits that you can use something called the deconstruction model. The deconstruction model works by doing exactly what it sounds like: breaking down each individual component of the risk model and assessing the potential risks for each one of those individual pieces. For example, if your business is an insurance company, you would use the deconstruction model to examine every individual facet of your building, workforce, and geographic location. For example, maybe you want to know about the potential risk of natural disasters. Although a significant number of large-scale natural disasters have occurred in the world today, we don’t have sufficient data to assess every disaster that has ever happened or every one that will happen in the future. But by analyzing every part of your company that you do know about, you can draw on your wealth of data and insight to accurately analyze potential risks.
Compiling this information is a great way to construct an accurate, personalized assessment with the data you do have. And once you’ve collected this data with the help of real people and real human minds, you can then plug your information into an automated assessment tool like the Monte Carlo simulation to search for risk relationships and potential outcomes that you might have missed on your own. Because the Monte Carlo simulation can generate an infinite number of scenarios, you can use these combined resources to assess the risk of an innumerable host of possibilities. Some of them may never happen. Some of them may never have happened in the history of the world as we know it. But by utilizing all the resources at your disposal, you can be prepared.
Chapter 5: Final Summary
“Risk management” can best be defined as the identification, evaluation, and prioritization of risks followed by coordinated and economical application of resources to minimize, monitor, and control the probability or impact of unfortunate events or to maximize the realization of opportunities. We attempt to assess, predict, and manage risks so that we can keep ourselves safe. But our sense of security is false if we use the wrong methods to assess and manage potential risks. And the author argues that that’s precisely what we’re doing.
By exploring the failures of our current model of risk management, the author has been able to identify gaps and inconsistencies. And having done so, he has posed solutions like the use of standardized terminology and assessments to help us close these gaps. If we could get on the same page and construct assessments that evaluate the relationships between risks, this would be a big step in the right direction! From there, we can then implement risk assessment models like the Monte Carlo simulation and the deconstruction model.