Risk Capacity

Risk Capacity Jonathan Poland

Risk capacity is the maximum level of risk that an organization or individual is able to withstand in order to achieve their goals. It represents the total amount of risk exposure that is consistent with the organization’s or individual’s strategy and objectives. Risk capacity is often compared to risk tolerance, which refers to an organization or individual’s willingness to take on risk. Risk tolerance may be influenced by factors such as the organization’s or individual’s risk appetite, risk culture, and risk management capabilities.

Determining an organization’s or individual’s risk capacity involves evaluating the potential consequences of different risks and assessing the organization’s or individual’s ability to absorb or mitigate those risks. This can be done using a variety of techniques, such as risk assessment tools, risk analysis techniques, or risk management software. Understanding risk capacity is an important aspect of risk management, as it helps organizations and individuals to align their risk-taking with their goals and objectives. By accurately assessing risk capacity, organizations and individuals can make more informed decisions about the risks they are willing and able to take on, and allocate resources more effectively to manage and mitigate those risks. The following are illustrative examples of a risk capacity.


An investor is completely risk adverse but wants to make 7% per year to meet their goals for retirement. This may require the investor to increase their risk capacity beyond their risk tolerance. The exact level of risk required depends on market conditions, particularly interest rates. If interest rates are near 7%, the investor may achieve their goals with little risk. Alternatively, if interest rates are near 0% significant risk may be required to have any chance of returns exceeding 7%.

Risk Management

An investment manager is expected to outperform the market which typically requires taking on more risk than the market average. However, the investment manager is also constrained to a risk exposure level set by a risk management team. This risk exposure level can be described as the manager’s risk capacity.


A professional wants a promotion within a year to pay for changes to their lifestyle. This typically requires taking on additional responsibilities and increased visibility. If the individual is risk adverse, they may need to take on risk exposure that exceeds their risk tolerance to have a realistic chance of a timely promotion.


An IT project has zero risk tolerance, needs to be completed in a month, has a $1 million budget and a long list of requirements that are all high priority. A risk analysis shows that there is an 95% chance of project failure with a total risk exposure of $5 million meaning that the budget and schedule have a high probability of significant overruns. The business unit has a choice to accept this risk and proceed as planned with a $5 million risk capacity. Alternatively, dropping requirements, extending budget and increasing timelines will reduce risk capacity towards their risk tolerance level.

Dread Risk

A dread risk is a risk that people fear such that they are willing to pay to minimize risk exposure. When the goal is to minimize risk, risk capacity is near zero and risk exposure is driven as low as is feasible given constraints such as budget and technical limitations. For example, the public expect aircraft to be extremely safe and it is not considered acceptable to take risks with flight safety.

Unmanaged Risk

An unmanaged risk is a risk that isn’t managed despite its ability to disrupt your goals. In this case, risk capacity may be low as you aren’t expecting an unmanaged risk to disrupt your plans but actual risk exposure may be very high as nothing is done to treat risk. For example, a society that leaves known environmental risks unmanaged despite the likelihood these risks will disrupt quality of life, health and economic goals.

Risk Estimates

Risk Estimates Jonathan Poland

Risk estimates are predictions or projections of the likelihood and potential consequences of risks. They are used to inform risk management efforts, such as measuring risk exposure and identifying strategies for reducing or mitigating risks.

There are a variety of methods that organizations can use to estimate risks, including probability analysis, impact analysis, risk assessment tools, risk analysis techniques, and risk management software. These methods can help organizations to understand the potential impacts of risks, to prioritize risks based on their likelihood and potential impact, and to develop strategies for managing and mitigating risks.

Risk estimates are an important element of effective risk management, as they help organizations to better understand and manage the risks that they face. By accurately forecasting the probability and impact of risks, organizations can make more informed decisions and allocate resources more effectively to mitigate or reduce risks.


A single estimate of probability and impact based on historical comparisons and/or the opinions of subject matter experts. For example, a product development team estimates the risk that a product will fail on the market as a 20% chance of a $100,000 loss. The risk exposure calculation is an estimate of the probable cost of a risk. It isn’t an upper bound on risk.

Risk Exposure = 0.2 x 100,000 = $20,000

Probability-Impact Matrix

A single estimate of probability and impact is often overly simplistic as there may be many levels of potential impact, each with a separate probability of occurring. A more accurate risk estimate can often be obtained with a matrix of probabilities and impacts.

Probability Distribution

A more detailed risk estimate can be represented with a smooth curve that gives you a probability for every possible impact.

Parametric Estimates

Risk estimates that go beyond the educated guesses of subject matter experts to calculate risk probabilities and impacts using formulas or algorithms based on a number of parameters. Such calculations are industry and risk specific.

Reference Class Forecasting

Developing or validating risk estimates using data about historical losses that occurred with comparable strategies, operations or projects. For example, risk estimates for an infrastructure project based on a database of historical infrastructure projects of similar magnitude. If projects in your industry have a 20% failure rate and your risk estimate is 3%, you might be missing something.

Risk Exposure

Risk Exposure Jonathan Poland

Risk exposure refers to the potential costs that an organization could incur as a result of a particular risk or set of risks. This concept is used to assess the potential impact of risks on an organization’s operations, and is typically calculated for a specific strategy, program, project, or initiative.

To calculate risk exposure, organizations typically consider the probability of a risk occurring, as well as the potential impact of the risk if it does occur. This can be done using a variety of techniques, such as risk assessment tools, risk analysis techniques, or risk management software. The results of this analysis can be used to inform decision making and to develop strategies for managing and mitigating risks.

Risk exposure is an important concept in risk management, as it helps organizations to understand the potential costs associated with risks and to allocate resources accordingly. It is also useful for identifying the risks that pose the greatest threat to an organization, and for developing strategies to address these risks. By accurately assessing risk exposure, organizations can better prepare for and respond to potential risks, and minimize their impact on operations.

There are several ways that organizations can calculate risk exposure, including:

  1. Probability analysis: This involves estimating the likelihood that a particular risk will occur. This can be done using a variety of techniques, such as historical data analysis, expert judgment, or statistical modeling.
  2. Impact analysis: This involves estimating the potential consequences of a risk occurring. This can include financial impacts, as well as non-financial impacts such as damage to reputation or the environment.
  3. Risk assessment tools: There are a variety of risk assessment tools that organizations can use to assess risk exposure. These tools often use a combination of probability and impact analysis to estimate the risk exposure of a particular risk or set of risks.
  4. Risk analysis techniques: There are several risk analysis techniques that organizations can use to assess risk exposure, including risk matrices, fault tree analysis, and Monte Carlo simulations. These techniques can help organizations to understand the potential consequences of risks and to identify strategies for managing and mitigating them.
  5. Risk management software: There are a variety of risk management software tools that organizations can use to assess risk exposure. These tools often use a combination of probability and impact analysis, as well as risk assessment tools and risk analysis techniques, to calculate risk exposure.

By using one or more of these methods, organizations can accurately assess risk exposure and develop strategies for managing and mitigating risks.

Acceptable Risk

Acceptable Risk Jonathan Poland

An acceptable risk is a level of risk that is deemed to be tolerable for an individual, organization, community, or nation. These risks are determined based on their probability and potential impact, and are used as a guide for risk management efforts.

The moment of risk refers to the expected time frame in which an identified risk is likely to occur. Risks often change over time and may be associated with specific events or periods. For example, the risk associated with testing a new rocket may be concentrated at the time of launch. Identifying the moment of risk can help to mitigate or avoid it. For example, if an investor anticipates that a stock may be volatile around its quarterly earnings announcement, they may choose to sell the stock beforehand in order to reduce their risk.

It is generally not possible to completely eliminate all risks, due to factors such as cost and the potential for creating new risks in the process of reducing others. Acceptable risks provide a practical goal for risk management and are often more useful than the ideal of zero risk. The following are illustrative examples of acceptable risk.


A proposed tsunami shelter is constructed to withstand a 12 meter, or 39 foot, tsunami. Models indicate that a tsunami larger than 12 meters will strike the area once every 1300 years. This risk is published to the community and accepted as part of the project approval process.


A jet engine has a historical failure rate of 0.4 per million departures. Regulators and customers generally view this as an acceptable level of risk.


A bicycle manufacturer depends on a single supplier for tires. Without a supply of these tires, production will cease and revenue will decline. The probability of a major supply disruption is forecast to be 0.6% per annum. The management of the company decide to accept this risk.


A professional skateboarder estimates a 20% chance of a broken bone in a year. They decide this is acceptable given the rewards they find in the sport.

Risk Management Techniques

Risk Management Techniques Jonathan Poland

Risk management is the process of identifying, assessing, and prioritizing risks in order to minimize their potential impact on an organization. It is an essential element of effective business planning and decision making, as it helps organizations to identify and mitigate potential negative consequences that could arise from their operations or activities. The following are common risk management techniques and considerations.

Risk Identification
Risk identification involves a creative element as it is essentially a process of imagining the future. It is also approached using analysis and systems thinking.

  • Known Unknowns
  • Reference Class Forecasting
  • Risk Intelligence
  • Risk Register
  • Systems Thinking
  • Unintended Consequences

Risk Analysis
Modeling and measuring risk.

  • Acceptable Risk
  • Cone Of Uncertainty
  • Extreme Value Theory
  • Moment Of Risk
  • Risk Capacity
  • Risk Estimates
  • Risk Evaluation
  • Risk Exposure
  • Risk Impact
  • Risk Matrix
  • Risk Probability
  • Risk Profile
  • Risk Tolerance
  • Risk Triggers
  • Risk-Reward Ratio
  • Uncertainty

At its core, risk management is a process of treating risks. The following are types of risk treatment.

  • Antifragile
  • Resilience
  • Risk Acceptance
  • Risk Contingency
  • Risk Control
  • Risk Mitigation
  • Risk Monitoring
  • Risk Prevention
  • Risk Reduction
  • Risk Response
  • Risk Sharing

Strategies & Techniques
Techniques that go beyond the regular process of identifying and treating risk.

  • Business As Usual
  • Calculated Risk
  • Fail Well
  • Failure Is Not An Option
  • Resilience
  • Risk Communication
  • Risk Culture
  • Sanity Check

Special Practices
Variations of risk management for special categories of risk.

  • Contingency Planning
  • Disaster Preparedness
  • Dread Risks
  • Enterprise Risk Management
  • Innovation Risk Management
  • Positive Risk
  • Project Risk
  • Upside Risk

Pulling everything together as a risk management plan.

  • Contingency Plan
  • Risk Management Plan

Types of risk.

  • Business Risks
  • Competition
  • Compliance
  • Economic Risk
  • Financial Risk
  • Innovation Risk
  • Investing Risk
  • Political Risk
  • Positive Risk
  • Reputational Risk
  • Resource Risk
  • Seasonal Risk
  • Strategy Risk
  • Tactical Risk
  • Technology Risk

Failures & Challenges
Common challenges and patterns of risk management failure.

  • Cascading Failure
  • Failure Of Imagination
  • Residual Risk
  • Risk Awareness
  • Secondary Risk
  • Unknown Risks
Learn More
Innovation Risk Jonathan Poland

Innovation Risk

Innovation is a proactive approach to business and design that aims to make significant improvements, rather than simply making incremental…

Pricing Techniques Jonathan Poland

Pricing Techniques

Pricing involves carefully considering various factors in order to determine a price that will maximize a company’s profits over the…

Servant Leadership Jonathan Poland

Servant Leadership

Servant leadership is a leadership style in which the leader puts the needs of the team or organization above their…

What is Demand? Jonathan Poland

What is Demand?

Demand refers to the quantity of a particular good, asset, or other value that market participants are willing and able…

Sales Development Jonathan Poland

Sales Development

Sales development is a crucial part of the sales process that involves identifying potential buyers and developing qualified leads. This…

Strategic Communication Jonathan Poland

Strategic Communication

Strategic communication is the deliberate planning, dissemination, and use of information to influence attitudes, beliefs, and behaviors. It is a…

Customer Dissatisfaction Jonathan Poland

Customer Dissatisfaction

Customer dissatisfaction refers to a customer’s negative evaluation of a product or service. It can be measured by asking customers…

Turnaround Management Jonathan Poland

Turnaround Management

Turnaround management is a specialized form of management that involves developing and implementing strategies and plans to rescue an organization…

Pricing Strategy Jonathan Poland

Pricing Strategy

Pricing strategy is the process of determining the right price for a product or service based on market conditions, business…

Latest Thinking

Qualified Small Business Stock (QSBS) Jonathan Poland

Qualified Small Business Stock (QSBS)

Qualified Small Business Stock (QSBS) refers to a special classification of stock in the United States that offers significant tax…

Barrick Gold Jonathan Poland

Barrick Gold

Barrick Gold Corporation (NYSE: GOLD) is a significant player in the global economy, particularly within the gold mining industry. Its…

Newmont Corporation Jonathan Poland

Newmont Corporation

Newmont Corporation (NYSE: NEM), being the world’s largest gold mining corporation, with extensive operations in mining and production of not…

Gold is Money Jonathan Poland

Gold is Money

Overview The history of gold as money spans thousands of years and has played a pivotal role in the economic…

What is Leadership? Jonathan Poland

What is Leadership?

In the modern business world, where rapid changes, technological advancements, and global challenges are the norm, effective leadership is more…

Product Durability Jonathan Poland

Product Durability

A durable product, often referred to as a durable good, is a product that does not quickly wear out or,…

Durable Competitive Advantage Jonathan Poland

Durable Competitive Advantage

The most important aspect of durability is market fit. Unique super simple products or services that does change much if…

Praxeology Jonathan Poland


Praxeology is the study of human action, particularly as it pertains to decision-making and the pursuit of goals. The term…

Business Models Jonathan Poland

Business Models

Business models define how a company creates, delivers, and captures value. There are numerous business models, each tailored to specific…