Back to

What’s Wrong with Risk Management?

Posted in on
April 9, 2021

Author: Ron Dembo

Every day I see examples of our need for a formalized, science-based approach to risk. And this need is especially dire since we have moved into a much faster-paced, data-driven world where the clear fragility of our economic systems has shattered recent wisdom on how to best manage.

A couple of weeks back, I received a series of articles – including this one – regarding risk management from McKinsey, one of the foremost strategy companies in the world. And, once again, it was a lot about the problem and a lot of vagaries about the solution.

What they and others need is what we call “risk thinking”. We need to rid ourselves of ad hoc approaches to our ever-more fragile, risky world and instead create a formalized, codified, consistent process for analysing risk and subsequently managing it effectively.

What’s Currently the Problem?

Correctly citing the increasing uncertainty and quickening evolution of climate change, the digital revolution, stakeholder expectations, and geopolitical risk in the 21st century, McKinsey claim that “nearly all organizations need to refresh and strengthen their approach to risk management to be better prepared for the next normal.”

So far, so good. But what’s the process?

According to McKinsey, it’s three steps that together create “dynamic risk management”.

First, perform “hyperdynamic identification and prioritization of risks”. Then, find a “systematic way to decide which risks to take and which to avoid”. And finally, “make risk decisions rapidly and flexibly, laying out and executing responses, whether immediate or prolonged, about how to avoid, control, or accept each risk.”

The way companies must do this, however, is all rather vague. It involves things like “authoriz[ing] cross-functional teams to make rapid decisions”, learning to “harness [the] power of data and analytics”, developing “risk talent” with “new capabilities and expanded domain knowledge”, and fortifying a “risk culture” by building ownership in the front lines and “hold[ing] executives accountable”.

Setting aside the fact that these are hardly new ideas, McKinsey and the majority of risk management firms operating today seem stuck offering a bunch of truisms and analysis that doesn’t analyse.

Nailing Down a Formal Approach to Risk

We require a formal, followable process for risk management that provides the necessary tools, algorithms and data to put it into practice.

Without it, the impact of global risks such as the climate emergency will continue to be miscalculated in many domains, including the financial sector. Put succinctly, we will continue to fail to price radical uncertainty into our markets.

Risk Thinking: The Mindset

“Risk thinking” is a mindset that comprehends plausible futures through the lens of scenario generation. Risk thinking – in contrast to conventional forecasting – generates a set of scenarios that spans the best and worst cases. And it takes a close look at a number of possible actions, including hedging the “bad” scenarios while orienting to the best ones.

Relying on the latest scientific publications and research data, the risk thinking process generates a forward-looking understanding of an issue such as climate change or a pandemic using machine learning, crowdsourcing trusted experts (Structured Expert Judgement) to estimate the future possibilities for each and every risk factor affecting them. In many cases of radical uncertainty, the only truly forward-looking data we have is in the heads of experts. But it is how to use this source that is the innovation in risk thinking.

Ultimately, it is the unique ability to generate scenarios using a mathematically sound algorithm that allows us to achieve consistency across companies and market sectors. And consistency allows us to properly price risk and to compare the effects of different risks on companies in a way that allows investors to choose rationally between stocks.

Risk Thinking: The Methodology

  1. Split your problem into the deterministic and the random or stochastic parts.
  2. Eliminate the deterministic parts through planning, practice, and efficiency.
  3. Gather forward-looking data to measure the uncertainty on each of the individual radically uncertain risk factors that affect what is being measured. Do this through structured expert judgment, using polling or machine learning (if you have the luxury of time and a team of data scientists).
  4. Generate consistent, forward-looking, scenarios for combinations of these risk factors that span possible futures (those that include the best and worst outcomes).
  5. Evaluate the impact on you or your institution under each scenario.
  6. Decide which scenarios you will ignore (take a bet on), and which you will mitigate to hedge possible negative outcomes, regardless of their likelihood.
  7. Constantly re-evaluate your strategy, updating scenarios at regular intervals towards the horizon, accounting for new information produced within the scientific community or elsewhere.

Insights, News and Case Studies

Sign up to our newsletter to receive regular updates.

We promise not to spam you and you can unsubscribe at any time.

Become a Partner

Request a Demo

Contact Us