One of Ron’s favorite business books, Against the Gods: The Remarkable Story of Risk, Peter L. Bernstein, 1996. Some notes from the book:
- A revolutionary idea that defines the boundary between modern times and past is the mastery of risk. Until man crossed that boundary the future equaled the past.
- Without risk management, no bridges would be built, homes would still be heated by fireplaces, there would be no power grids, we’d still have polio but no airplanes, and space travel would still be a distant dream.
- Soviets tried to administer risk and uncertainty out of existence through government planning, choking off dynamism and economic progress.
- Gambling is paying to take a risk, but there’s no learning or knowledge gained, unlike entrepreneurial risk-taking.
- Without risk life has no mystery.
- Ben Franklin established the first fire-insurance company, First American, in 1752.
- Essence of risk management: maximizing areas where we have some control over outcomes while minimizing areas where we have no control.
- Chance is only the measure of our ignorance.
- Economist Frank Knight distinguished between uncertainty (nonmeasurable) and risk (measurable).
- Once we realize life isn’t up to the spin of the wheel, we are free souls. Our decisions matter. We can change the world.
- Risk can be calculated when: 1) low uncertainty; 2) few alternatives; and 3) high amounts of data to make estimates.
Another highly recommended book is Risk Savvy: How to Make Good Decisions, byGerd Gigerenzer, 2014. Points made by the book:
- We have a risk-illiterate society.
- 9/11 low-probability events (dread risk). To convince his wife to fly after 9/11, not drive, Gigerenzer says, "If reason conflicts with a strong emotion, don’t try to argue. Enlist a conflicting and stronger emotion."
- He asked his wife: How many miles would you have to drive by car until the risk of dying was equal to taking a nonstop flight? The answer: 12 miles!
- “Many of us smile at old-fashioned fortune-tellers. But when the soothsayers work with computer algorithms rather than tarot cards, we take their predictions seriously and are prepared to pay for them.”
- A system is not intelligence if it doesn’t make errors.
- Hospitals (negative error culture, leads to defensive medicine) vs. Aviation (positive error culture). If aviation had the same culture as hospitals, there would be two plane crashes per day.
- Defensive decision making: Choose an inferior option B to protect itself in case something goes wrong. (procedure over performance).
- Always ask the doctor what they’d do if was them, their son or mother, etc.
- Logic is good for known risks, intuition is better for uncertainty. Heuristics can work in a complex world!
Satisfice (satisfy + suffice) is when you select the first good enough option.
Risk-seeking vs. risk-adverse person classification is misleading.
Ed's Thoughts on Risk
Without a doubt the most misunderstood, yet vitally important area of project management in the market place is risk. Consultants are wary of talking about risk with their prospects and customers. The irony here is that the reason why they are hired is risk.
All projects have risk. They are the elephant in the room that no one will talk about for fear of losing the customer.
Risk, simply, is an uncertain event that if it occurs, will have a positive or negative impact on the project. Risk has two primary components: probability of occurrence (usually expressed as a percentage) and impact of the risk (usually expressed in dollars). Please note that risks, while often perceived as negative, can be positive.
Classifications of risk. Three common ways of classifying risk are effect-based, source-based, and level of uncertainty.
- Effect-based risk classification refers to part of the triangle of truth that the risk might affect, meaning timeline, cost, quality, and scope.
- Source-based risk classification refers to which function or type of activity is associated with the risk.
- Levels of uncertainty classification refers to how much is known about the risk. These include: knowns, known-unknowns, and unknown-unknowns. It is the progression of risks from un- known-unknowns to knowns that is important.
Risk tolerance. The level of risk a project manager or key stakeholder is willing to take is called risk tolerance. The three basic types of risk tolerance behaviors are:
- Risk seekers who prefer uncertain outcome and are willing to possibly pay a penalty to take a high risk if the potential payback is high enough
- Risk neutrals whose tolerance is proportional to the amount of money at stake
- Risk averters who are unlikely to take any risk that is high regardless of the potential payoff
It is most important to identify the risk tolerance of the executive sponsor of projects.
One should try to avoid politicians logic in assessing risks.
No such thing as a bad risk, only bad premiums.
There is no actuarial model for pricing risk by the hour.
Ed mentioned Donald Rumsfeld's infamous video of him trying to explain the effect-based classifications of risk.