Tactics

Risk Capacity

Risk Capacity Jonathan Poland

Risk capacity is the maximum level of risk that an organization or individual is able to withstand in order to achieve their goals. It represents the total amount of risk exposure that is consistent with the organization’s or individual’s strategy and objectives. Risk capacity is often compared to risk tolerance, which refers to an organization or individual’s willingness to take on risk. Risk tolerance may be influenced by factors such as the organization’s or individual’s risk appetite, risk culture, and risk management capabilities.

Determining an organization’s or individual’s risk capacity involves evaluating the potential consequences of different risks and assessing the organization’s or individual’s ability to absorb or mitigate those risks. This can be done using a variety of techniques, such as risk assessment tools, risk analysis techniques, or risk management software. Understanding risk capacity is an important aspect of risk management, as it helps organizations and individuals to align their risk-taking with their goals and objectives. By accurately assessing risk capacity, organizations and individuals can make more informed decisions about the risks they are willing and able to take on, and allocate resources more effectively to manage and mitigate those risks. The following are illustrative examples of a risk capacity.

Investing

An investor is completely risk adverse but wants to make 7% per year to meet their goals for retirement. This may require the investor to increase their risk capacity beyond their risk tolerance. The exact level of risk required depends on market conditions, particularly interest rates. If interest rates are near 7%, the investor may achieve their goals with little risk. Alternatively, if interest rates are near 0% significant risk may be required to have any chance of returns exceeding 7%.

Risk Management

An investment manager is expected to outperform the market which typically requires taking on more risk than the market average. However, the investment manager is also constrained to a risk exposure level set by a risk management team. This risk exposure level can be described as the manager’s risk capacity.

Professional

A professional wants a promotion within a year to pay for changes to their lifestyle. This typically requires taking on additional responsibilities and increased visibility. If the individual is risk adverse, they may need to take on risk exposure that exceeds their risk tolerance to have a realistic chance of a timely promotion.

Projects

An IT project has zero risk tolerance, needs to be completed in a month, has a $1 million budget and a long list of requirements that are all high priority. A risk analysis shows that there is an 95% chance of project failure with a total risk exposure of $5 million meaning that the budget and schedule have a high probability of significant overruns. The business unit has a choice to accept this risk and proceed as planned with a $5 million risk capacity. Alternatively, dropping requirements, extending budget and increasing timelines will reduce risk capacity towards their risk tolerance level.

Dread Risk

A dread risk is a risk that people fear such that they are willing to pay to minimize risk exposure. When the goal is to minimize risk, risk capacity is near zero and risk exposure is driven as low as is feasible given constraints such as budget and technical limitations. For example, the public expect aircraft to be extremely safe and it is not considered acceptable to take risks with flight safety.

Unmanaged Risk

An unmanaged risk is a risk that isn’t managed despite its ability to disrupt your goals. In this case, risk capacity may be low as you aren’t expecting an unmanaged risk to disrupt your plans but actual risk exposure may be very high as nothing is done to treat risk. For example, a society that leaves known environmental risks unmanaged despite the likelihood these risks will disrupt quality of life, health and economic goals.

Risk Estimates

Risk Estimates Jonathan Poland

Risk estimates are predictions or projections of the likelihood and potential consequences of risks. They are used to inform risk management efforts, such as measuring risk exposure and identifying strategies for reducing or mitigating risks.

There are a variety of methods that organizations can use to estimate risks, including probability analysis, impact analysis, risk assessment tools, risk analysis techniques, and risk management software. These methods can help organizations to understand the potential impacts of risks, to prioritize risks based on their likelihood and potential impact, and to develop strategies for managing and mitigating risks.

Risk estimates are an important element of effective risk management, as they help organizations to better understand and manage the risks that they face. By accurately forecasting the probability and impact of risks, organizations can make more informed decisions and allocate resources more effectively to mitigate or reduce risks.

Basic

A single estimate of probability and impact based on historical comparisons and/or the opinions of subject matter experts. For example, a product development team estimates the risk that a product will fail on the market as a 20% chance of a $100,000 loss. The risk exposure calculation is an estimate of the probable cost of a risk. It isn’t an upper bound on risk.

Risk Exposure = 0.2 x 100,000 = $20,000

Probability-Impact Matrix

A single estimate of probability and impact is often overly simplistic as there may be many levels of potential impact, each with a separate probability of occurring. A more accurate risk estimate can often be obtained with a matrix of probabilities and impacts.

Probability Distribution

A more detailed risk estimate can be represented with a smooth curve that gives you a probability for every possible impact.

Parametric Estimates

Risk estimates that go beyond the educated guesses of subject matter experts to calculate risk probabilities and impacts using formulas or algorithms based on a number of parameters. Such calculations are industry and risk specific.

Reference Class Forecasting

Developing or validating risk estimates using data about historical losses that occurred with comparable strategies, operations or projects. For example, risk estimates for an infrastructure project based on a database of historical infrastructure projects of similar magnitude. If projects in your industry have a 20% failure rate and your risk estimate is 3%, you might be missing something.

Risk Exposure

Risk Exposure Jonathan Poland

Risk exposure refers to the potential costs that an organization could incur as a result of a particular risk or set of risks. This concept is used to assess the potential impact of risks on an organization’s operations, and is typically calculated for a specific strategy, program, project, or initiative.

To calculate risk exposure, organizations typically consider the probability of a risk occurring, as well as the potential impact of the risk if it does occur. This can be done using a variety of techniques, such as risk assessment tools, risk analysis techniques, or risk management software. The results of this analysis can be used to inform decision making and to develop strategies for managing and mitigating risks.

Risk exposure is an important concept in risk management, as it helps organizations to understand the potential costs associated with risks and to allocate resources accordingly. It is also useful for identifying the risks that pose the greatest threat to an organization, and for developing strategies to address these risks. By accurately assessing risk exposure, organizations can better prepare for and respond to potential risks, and minimize their impact on operations.

There are several ways that organizations can calculate risk exposure, including:

  1. Probability analysis: This involves estimating the likelihood that a particular risk will occur. This can be done using a variety of techniques, such as historical data analysis, expert judgment, or statistical modeling.
  2. Impact analysis: This involves estimating the potential consequences of a risk occurring. This can include financial impacts, as well as non-financial impacts such as damage to reputation or the environment.
  3. Risk assessment tools: There are a variety of risk assessment tools that organizations can use to assess risk exposure. These tools often use a combination of probability and impact analysis to estimate the risk exposure of a particular risk or set of risks.
  4. Risk analysis techniques: There are several risk analysis techniques that organizations can use to assess risk exposure, including risk matrices, fault tree analysis, and Monte Carlo simulations. These techniques can help organizations to understand the potential consequences of risks and to identify strategies for managing and mitigating them.
  5. Risk management software: There are a variety of risk management software tools that organizations can use to assess risk exposure. These tools often use a combination of probability and impact analysis, as well as risk assessment tools and risk analysis techniques, to calculate risk exposure.

By using one or more of these methods, organizations can accurately assess risk exposure and develop strategies for managing and mitigating risks.

Acceptable Risk

Acceptable Risk Jonathan Poland

An acceptable risk is a level of risk that is deemed to be tolerable for an individual, organization, community, or nation. These risks are determined based on their probability and potential impact, and are used as a guide for risk management efforts.

The moment of risk refers to the expected time frame in which an identified risk is likely to occur. Risks often change over time and may be associated with specific events or periods. For example, the risk associated with testing a new rocket may be concentrated at the time of launch. Identifying the moment of risk can help to mitigate or avoid it. For example, if an investor anticipates that a stock may be volatile around its quarterly earnings announcement, they may choose to sell the stock beforehand in order to reduce their risk.

It is generally not possible to completely eliminate all risks, due to factors such as cost and the potential for creating new risks in the process of reducing others. Acceptable risks provide a practical goal for risk management and are often more useful than the ideal of zero risk. The following are illustrative examples of acceptable risk.

Infrastructure

A proposed tsunami shelter is constructed to withstand a 12 meter, or 39 foot, tsunami. Models indicate that a tsunami larger than 12 meters will strike the area once every 1300 years. This risk is published to the community and accepted as part of the project approval process.

Transportation

A jet engine has a historical failure rate of 0.4 per million departures. Regulators and customers generally view this as an acceptable level of risk.

Business

A bicycle manufacturer depends on a single supplier for tires. Without a supply of these tires, production will cease and revenue will decline. The probability of a major supply disruption is forecast to be 0.6% per annum. The management of the company decide to accept this risk.

Individual

A professional skateboarder estimates a 20% chance of a broken bone in a year. They decide this is acceptable given the rewards they find in the sport.

Risk Management Techniques

Risk Management Techniques Jonathan Poland

Risk management is the process of identifying, assessing, and prioritizing risks in order to minimize their potential impact on an organization. It is an essential element of effective business planning and decision making, as it helps organizations to identify and mitigate potential negative consequences that could arise from their operations or activities. The following are common risk management techniques and considerations.

Risk Identification
Risk identification involves a creative element as it is essentially a process of imagining the future. It is also approached using analysis and systems thinking.

  • Known Unknowns
  • Reference Class Forecasting
  • Risk Intelligence
  • Risk Register
  • Systems Thinking
  • Unintended Consequences

Risk Analysis
Modeling and measuring risk.

  • Acceptable Risk
  • Cone Of Uncertainty
  • Extreme Value Theory
  • Moment Of Risk
  • Risk Capacity
  • Risk Estimates
  • Risk Evaluation
  • Risk Exposure
  • Risk Impact
  • Risk Matrix
  • Risk Probability
  • Risk Profile
  • Risk Tolerance
  • Risk Triggers
  • Risk-Reward Ratio
  • Uncertainty

Treatments
At its core, risk management is a process of treating risks. The following are types of risk treatment.

  • Antifragile
  • Resilience
  • Risk Acceptance
  • Risk Contingency
  • Risk Control
  • Risk Mitigation
  • Risk Monitoring
  • Risk Prevention
  • Risk Reduction
  • Risk Response
  • Risk Sharing

Strategies & Techniques
Techniques that go beyond the regular process of identifying and treating risk.

  • Business As Usual
  • Calculated Risk
  • Fail Well
  • Failure Is Not An Option
  • Resilience
  • Risk Communication
  • Risk Culture
  • Sanity Check

Special Practices
Variations of risk management for special categories of risk.

  • Contingency Planning
  • Disaster Preparedness
  • Dread Risks
  • Enterprise Risk Management
  • Innovation Risk Management
  • Positive Risk
  • Project Risk
  • Upside Risk

Plan
Pulling everything together as a risk management plan.

  • Contingency Plan
  • Risk Management Plan

Risks
Types of risk.

  • Business Risks
  • Competition
  • Compliance
  • Economic Risk
  • Financial Risk
  • Innovation Risk
  • Investing Risk
  • Political Risk
  • Positive Risk
  • Reputational Risk
  • Resource Risk
  • Seasonal Risk
  • Strategy Risk
  • Tactical Risk
  • Technology Risk

Failures & Challenges
Common challenges and patterns of risk management failure.

  • Cascading Failure
  • Failure Of Imagination
  • Residual Risk
  • Risk Awareness
  • Secondary Risk
  • Unknown Risks
Learn More
Strategic Risk Jonathan Poland

Strategic Risk

Strategy risk refers to the potential for losses resulting from the implementation of a particular strategy. All strategies carry some…

Adoption Rate Jonathan Poland

Adoption Rate

Adoption rate refers to the speed at which users begin to utilize a new product, service, or feature. It is…

Overhead Costs Jonathan Poland

Overhead Costs

Overhead costs, also known as “indirect costs” or “indirect expenses,” are the costs that a company incurs in order to…

Division of Labor Jonathan Poland

Division of Labor

The process of dividing work into specific roles, tasks, and steps is known as division of labor. This allows individuals…

What is a Superior Good? Jonathan Poland

What is a Superior Good?

A superior good is a type of good that tends to see an increase in demand as income levels rise.…

Employee Development Jonathan Poland

Employee Development

Employee development is the process of providing employees with learning and experience opportunities that support their career aspirations and the…

Value of Offerings Jonathan Poland

Value of Offerings

Value is a concept that refers to the usefulness, worth, and importance that customers assign to products and services. This…

Fiduciary Duty Jonathan Poland

Fiduciary Duty

Fiduciary duty refers to the legal obligation of one party to act in the best interests of another party. This…

Adaptive Performance Jonathan Poland

Adaptive Performance

Adaptive performance is the ability of an individual to perform well in changing, uncertain, and stressful situations. This type of…

Content Database

Search over 1,000 posts on topics across
business, finance, and capital markets.

Rental Lease 101 Jonathan Poland

Rental Lease 101

In general, a rental lease is a contract between a landlord and a tenant that outlines the terms and conditions…

Manufacturing 150 150 Jonathan Poland

Manufacturing

Manufacturing is a critical phase in business development, especially for companies that produce physical goods. The synergies between manufacturing and…

Algorithmic Pricing Jonathan Poland

Algorithmic Pricing

Algorithmic pricing involves using automation to set prices dynamically based on a variety of factors, such as customer behavior, market…

Change Management Jonathan Poland

Change Management

Change management is the process of planning and implementing changes within an organization. It involves analyzing the current state of…

What is the Iterative Process? Jonathan Poland

What is the Iterative Process?

An iterative process is a method of working through a problem or project by repeating a series of steps, each…

Management by Exception Jonathan Poland

Management by Exception

Management by exception is a management technique that involves automating standard processes and empowering teams to handle routine business conditions.…

Marketing Metrics Jonathan Poland

Marketing Metrics

Marketing metrics are a way to evaluate the success of marketing efforts at various levels, such as the organization, team,…

Brand Metrics Jonathan Poland

Brand Metrics

Brand metrics are used to assess the effectiveness of branding efforts and marketing strategies in terms of brand identity, positioning,…

Change Strategy Jonathan Poland

Change Strategy

Change strategy is the process of planning and implementing change within an organization in a systematic and effective manner. It…