Risk - What Can Go Wrong

There is so many definitions of risk. The newer versions include 'positive risk' and variations thereof. These definitions try to be very inclusive, to make sure they cover all possible perspectives and manifestations of risk. It can be a bit confusing. Some days I am tempted to find a simple, clear, usable definition of risk.

I am not yet convinced that 'positive risk' should have the word 'risk' appended to it. On those days when I look at risk management as 'the management of uncertainty' I have no problem accepting that positive risks belong to this domain.

But for now, I will use as the most basic definition of risk:

Risk = what can go wrong.

Risk management = managing what can go wrong

The ‘wrong’ already implicitly includes a reference to our objectives.  If something can go wrong from our point of view, it means something going wrong in relation to our interests.  Something that doesn’t affect us is not something going wrong. So I don’t have to extend it to ‘something that can go wrong with regard to our objectives’  (in any case, I prefer to use ‘interests’ rather than objectives).

The ‘managing’ in ‘managing what can go wrong encompasses identification, assessment, and mitigation.

Let’s see how far these definitions will let me go.

Review of "The Failure of Risk Management: Why It's Broken and How to Fix It" Part 2

In Chapter two of his book, Douglas Hubbard's discusses where the risk
management industry has been and where it currently thinks it is.

The chapter starts out with a very brief history of risk management
('800 words' according to the author), tracing the route from the
discovery of mathematical probabilities, to its initial commercial
application in insurance, and finally down to the modern day emerging
'new character' or risk management, incarnated in regulations like
Basel II, and in applications like Enterprise Risk Management. His
history is not very complimentary, comparing today's state of risk
management as similar to the Old West gold rush towns, where things
look brightly painted and pretty, but built on shaky foundations and
filled with snake oil peddlers.

His history aligns quite well with Peter Bernstein's own summary,
although at a very very high level and, I suspect, very much framed to
support his thesis (which I suppose is what the rest of the book is
about).

Hubbard then makes a brief discussion of the common risk assessment
approaches (expert intuition, weighted scoring, probabilistic models,
etc) and suggests that some of these are not up to par for the role
risk management is playing (corporate growth survival, after all) and
will probably need to be dispensed with.

The next section covers risk mitigation approaches. He has a brief
treatment of the common approaches (what risk management book
doesn't?): avoid, reduce, transfer, retain. The most interesting part
of this section is his list of examples of concrete manifestations of
risk mitigation approaches (in contrast to the abstract approaches of
avoid, reduce, etc. His list includes selection processes, contractual
risk transfer, insurance, liquid asset position, etc.).

In the final section, Hubbard discusses 3 major surveys of enterprise
risk management, conducted by Aon, The Economist, and Protiviti. The
surveys show what the executives in these companies thought about what
their top risks are (reputation, market, human capital, and regulatory
environment figure very high). The surveys indicate that risk
management is present in those companies primarily because they are
being required to have it (a necessary evil). It also shows that risk
management is well represented and increasingly so at the board level.
The executives seem pretty confident that they are doing risk
management well.

Hubbard suggests that that is not the case at all.