Tactics

Risk Capacity

Risk Capacity Jonathan Poland

Risk capacity is the maximum level of risk that an organization or individual is able to withstand in order to achieve their goals. It represents the total amount of risk exposure that is consistent with the organization’s or individual’s strategy and objectives. Risk capacity is often compared to risk tolerance, which refers to an organization or individual’s willingness to take on risk. Risk tolerance may be influenced by factors such as the organization’s or individual’s risk appetite, risk culture, and risk management capabilities.

Determining an organization’s or individual’s risk capacity involves evaluating the potential consequences of different risks and assessing the organization’s or individual’s ability to absorb or mitigate those risks. This can be done using a variety of techniques, such as risk assessment tools, risk analysis techniques, or risk management software. Understanding risk capacity is an important aspect of risk management, as it helps organizations and individuals to align their risk-taking with their goals and objectives. By accurately assessing risk capacity, organizations and individuals can make more informed decisions about the risks they are willing and able to take on, and allocate resources more effectively to manage and mitigate those risks. The following are illustrative examples of a risk capacity.

Investing

An investor is completely risk adverse but wants to make 7% per year to meet their goals for retirement. This may require the investor to increase their risk capacity beyond their risk tolerance. The exact level of risk required depends on market conditions, particularly interest rates. If interest rates are near 7%, the investor may achieve their goals with little risk. Alternatively, if interest rates are near 0% significant risk may be required to have any chance of returns exceeding 7%.

Risk Management

An investment manager is expected to outperform the market which typically requires taking on more risk than the market average. However, the investment manager is also constrained to a risk exposure level set by a risk management team. This risk exposure level can be described as the manager’s risk capacity.

Professional

A professional wants a promotion within a year to pay for changes to their lifestyle. This typically requires taking on additional responsibilities and increased visibility. If the individual is risk adverse, they may need to take on risk exposure that exceeds their risk tolerance to have a realistic chance of a timely promotion.

Projects

An IT project has zero risk tolerance, needs to be completed in a month, has a $1 million budget and a long list of requirements that are all high priority. A risk analysis shows that there is an 95% chance of project failure with a total risk exposure of $5 million meaning that the budget and schedule have a high probability of significant overruns. The business unit has a choice to accept this risk and proceed as planned with a $5 million risk capacity. Alternatively, dropping requirements, extending budget and increasing timelines will reduce risk capacity towards their risk tolerance level.

Dread Risk

A dread risk is a risk that people fear such that they are willing to pay to minimize risk exposure. When the goal is to minimize risk, risk capacity is near zero and risk exposure is driven as low as is feasible given constraints such as budget and technical limitations. For example, the public expect aircraft to be extremely safe and it is not considered acceptable to take risks with flight safety.

Unmanaged Risk

An unmanaged risk is a risk that isn’t managed despite its ability to disrupt your goals. In this case, risk capacity may be low as you aren’t expecting an unmanaged risk to disrupt your plans but actual risk exposure may be very high as nothing is done to treat risk. For example, a society that leaves known environmental risks unmanaged despite the likelihood these risks will disrupt quality of life, health and economic goals.

Risk Estimates

Risk Estimates Jonathan Poland

Risk estimates are predictions or projections of the likelihood and potential consequences of risks. They are used to inform risk management efforts, such as measuring risk exposure and identifying strategies for reducing or mitigating risks.

There are a variety of methods that organizations can use to estimate risks, including probability analysis, impact analysis, risk assessment tools, risk analysis techniques, and risk management software. These methods can help organizations to understand the potential impacts of risks, to prioritize risks based on their likelihood and potential impact, and to develop strategies for managing and mitigating risks.

Risk estimates are an important element of effective risk management, as they help organizations to better understand and manage the risks that they face. By accurately forecasting the probability and impact of risks, organizations can make more informed decisions and allocate resources more effectively to mitigate or reduce risks.

Basic

A single estimate of probability and impact based on historical comparisons and/or the opinions of subject matter experts. For example, a product development team estimates the risk that a product will fail on the market as a 20% chance of a $100,000 loss. The risk exposure calculation is an estimate of the probable cost of a risk. It isn’t an upper bound on risk.

Risk Exposure = 0.2 x 100,000 = $20,000

Probability-Impact Matrix

A single estimate of probability and impact is often overly simplistic as there may be many levels of potential impact, each with a separate probability of occurring. A more accurate risk estimate can often be obtained with a matrix of probabilities and impacts.

Probability Distribution

A more detailed risk estimate can be represented with a smooth curve that gives you a probability for every possible impact.

Parametric Estimates

Risk estimates that go beyond the educated guesses of subject matter experts to calculate risk probabilities and impacts using formulas or algorithms based on a number of parameters. Such calculations are industry and risk specific.

Reference Class Forecasting

Developing or validating risk estimates using data about historical losses that occurred with comparable strategies, operations or projects. For example, risk estimates for an infrastructure project based on a database of historical infrastructure projects of similar magnitude. If projects in your industry have a 20% failure rate and your risk estimate is 3%, you might be missing something.

Risk Exposure

Risk Exposure Jonathan Poland

Risk exposure refers to the potential costs that an organization could incur as a result of a particular risk or set of risks. This concept is used to assess the potential impact of risks on an organization’s operations, and is typically calculated for a specific strategy, program, project, or initiative.

To calculate risk exposure, organizations typically consider the probability of a risk occurring, as well as the potential impact of the risk if it does occur. This can be done using a variety of techniques, such as risk assessment tools, risk analysis techniques, or risk management software. The results of this analysis can be used to inform decision making and to develop strategies for managing and mitigating risks.

Risk exposure is an important concept in risk management, as it helps organizations to understand the potential costs associated with risks and to allocate resources accordingly. It is also useful for identifying the risks that pose the greatest threat to an organization, and for developing strategies to address these risks. By accurately assessing risk exposure, organizations can better prepare for and respond to potential risks, and minimize their impact on operations.

There are several ways that organizations can calculate risk exposure, including:

  1. Probability analysis: This involves estimating the likelihood that a particular risk will occur. This can be done using a variety of techniques, such as historical data analysis, expert judgment, or statistical modeling.
  2. Impact analysis: This involves estimating the potential consequences of a risk occurring. This can include financial impacts, as well as non-financial impacts such as damage to reputation or the environment.
  3. Risk assessment tools: There are a variety of risk assessment tools that organizations can use to assess risk exposure. These tools often use a combination of probability and impact analysis to estimate the risk exposure of a particular risk or set of risks.
  4. Risk analysis techniques: There are several risk analysis techniques that organizations can use to assess risk exposure, including risk matrices, fault tree analysis, and Monte Carlo simulations. These techniques can help organizations to understand the potential consequences of risks and to identify strategies for managing and mitigating them.
  5. Risk management software: There are a variety of risk management software tools that organizations can use to assess risk exposure. These tools often use a combination of probability and impact analysis, as well as risk assessment tools and risk analysis techniques, to calculate risk exposure.

By using one or more of these methods, organizations can accurately assess risk exposure and develop strategies for managing and mitigating risks.

Acceptable Risk

Acceptable Risk Jonathan Poland

An acceptable risk is a level of risk that is deemed to be tolerable for an individual, organization, community, or nation. These risks are determined based on their probability and potential impact, and are used as a guide for risk management efforts.

The moment of risk refers to the expected time frame in which an identified risk is likely to occur. Risks often change over time and may be associated with specific events or periods. For example, the risk associated with testing a new rocket may be concentrated at the time of launch. Identifying the moment of risk can help to mitigate or avoid it. For example, if an investor anticipates that a stock may be volatile around its quarterly earnings announcement, they may choose to sell the stock beforehand in order to reduce their risk.

It is generally not possible to completely eliminate all risks, due to factors such as cost and the potential for creating new risks in the process of reducing others. Acceptable risks provide a practical goal for risk management and are often more useful than the ideal of zero risk. The following are illustrative examples of acceptable risk.

Infrastructure

A proposed tsunami shelter is constructed to withstand a 12 meter, or 39 foot, tsunami. Models indicate that a tsunami larger than 12 meters will strike the area once every 1300 years. This risk is published to the community and accepted as part of the project approval process.

Transportation

A jet engine has a historical failure rate of 0.4 per million departures. Regulators and customers generally view this as an acceptable level of risk.

Business

A bicycle manufacturer depends on a single supplier for tires. Without a supply of these tires, production will cease and revenue will decline. The probability of a major supply disruption is forecast to be 0.6% per annum. The management of the company decide to accept this risk.

Individual

A professional skateboarder estimates a 20% chance of a broken bone in a year. They decide this is acceptable given the rewards they find in the sport.

Risk Management Techniques

Risk Management Techniques Jonathan Poland

Risk management is the process of identifying, assessing, and prioritizing risks in order to minimize their potential impact on an organization. It is an essential element of effective business planning and decision making, as it helps organizations to identify and mitigate potential negative consequences that could arise from their operations or activities. The following are common risk management techniques and considerations.

Risk Identification
Risk identification involves a creative element as it is essentially a process of imagining the future. It is also approached using analysis and systems thinking.

  • Known Unknowns
  • Reference Class Forecasting
  • Risk Intelligence
  • Risk Register
  • Systems Thinking
  • Unintended Consequences

Risk Analysis
Modeling and measuring risk.

  • Acceptable Risk
  • Cone Of Uncertainty
  • Extreme Value Theory
  • Moment Of Risk
  • Risk Capacity
  • Risk Estimates
  • Risk Evaluation
  • Risk Exposure
  • Risk Impact
  • Risk Matrix
  • Risk Probability
  • Risk Profile
  • Risk Tolerance
  • Risk Triggers
  • Risk-Reward Ratio
  • Uncertainty

Treatments
At its core, risk management is a process of treating risks. The following are types of risk treatment.

  • Antifragile
  • Resilience
  • Risk Acceptance
  • Risk Contingency
  • Risk Control
  • Risk Mitigation
  • Risk Monitoring
  • Risk Prevention
  • Risk Reduction
  • Risk Response
  • Risk Sharing

Strategies & Techniques
Techniques that go beyond the regular process of identifying and treating risk.

  • Business As Usual
  • Calculated Risk
  • Fail Well
  • Failure Is Not An Option
  • Resilience
  • Risk Communication
  • Risk Culture
  • Sanity Check

Special Practices
Variations of risk management for special categories of risk.

  • Contingency Planning
  • Disaster Preparedness
  • Dread Risks
  • Enterprise Risk Management
  • Innovation Risk Management
  • Positive Risk
  • Project Risk
  • Upside Risk

Plan
Pulling everything together as a risk management plan.

  • Contingency Plan
  • Risk Management Plan

Risks
Types of risk.

  • Business Risks
  • Competition
  • Compliance
  • Economic Risk
  • Financial Risk
  • Innovation Risk
  • Investing Risk
  • Political Risk
  • Positive Risk
  • Reputational Risk
  • Resource Risk
  • Seasonal Risk
  • Strategy Risk
  • Tactical Risk
  • Technology Risk

Failures & Challenges
Common challenges and patterns of risk management failure.

  • Cascading Failure
  • Failure Of Imagination
  • Residual Risk
  • Risk Awareness
  • Secondary Risk
  • Unknown Risks
Learn More
Technology Risk Jonathan Poland

Technology Risk

Technology risk refers to the risk that technology shortcomings may result in losses for a business. This can include the…

Long Tail Model Jonathan Poland

Long Tail Model

The long tail refers to a business model that allows a large number of niche products or services to be…

Intellectual Capital Jonathan Poland

Intellectual Capital

Intellectual capital is the intangible value of an organization that is derived from the knowledge, skills, and expertise of its…

Analytical Skills Jonathan Poland

Analytical Skills

Analytical skills are the abilities, knowledge, and experience related to the gathering, processing, organizing, and interpreting of information. These skills…

Elastic Demand Jonathan Poland

Elastic Demand

Elastic demand is a term used in economics to describe the responsiveness of the quantity of a good or service…

Big Picture Thinking Jonathan Poland

Big Picture Thinking

“The big picture” refers to the broadest possible perspective that can be taken in a thought process. Big picture thinking…

Self-Assessment Jonathan Poland

Self-Assessment

Self assessment is the process of evaluating one’s own work performance and identifying areas for improvement. This can be a…

Unstructured Data Jonathan Poland

Unstructured Data

Unstructured data refers to information that is not organized in a specific, predefined way that is easily understood by computers.…

Asset Based Lending Jonathan Poland

Asset Based Lending

Asset-based lending (ABL) is a type of business financing in which a loan or line of credit is secured by…

Content Database

Search over 1,000 posts on topics across
business, finance, and capital markets.

Design to Value Jonathan Poland

Design to Value

Design to value refers to the design requirements and considerations that aim to maximize the value of a product or…

Agency Cost Jonathan Poland

Agency Cost

An agency cost is an inefficiency that arises when there are differences in the motivations and access to information between…

Organization 101 Jonathan Poland

Organization 101

A business organization is a group of individuals or entities that come together to pursue a common business goal or…

What Is Analysis? Jonathan Poland

What Is Analysis?

Analysis is the process of breaking something down into its component parts in order to better understand it. This is…

Foot in the Door Jonathan Poland

Foot in the Door

The foot-in-the-door technique is a persuasion strategy that involves asking for a small favor or agreement first, before making a…

Specifications Jonathan Poland

Specifications

A specification is a detailed description of the requirements or procedures that are necessary to implement or carry out a…

Relational Capital Jonathan Poland

Relational Capital

Relational capital refers to the value that a company derives from its relationships with stakeholders, such as customers, employees, suppliers,…

Joint Ventures Jonathan Poland

Joint Ventures

A joint venture is a business venture or partnership between two or more parties. It is a collaborative effort in…

Marketing Experimentation Jonathan Poland

Marketing Experimentation

Marketing experimentation involves making changes to various aspects of a company’s marketing efforts, such as its products, prices, promotional strategies,…