Chris Bradley

We have to reengineer how we evaluate people, particularly in risky contexts. Rather than “you are your numbers,” take a holistic performance view. How do we make sure noble failures get rewarded and dumb luck does not?

Chris Bradley

Dan Lovallo is a professor who works in applying psychology on biases to management topics. A simple test he did at an investment bank showed that if you applied the CEO’s risk tolerance to all the investment decisions made at lower levels rather than the more junior decision makers’ risk tolerance, the decisions would have had a 32 percent better outcome. So, there is this … [ Read more ]

First Round Review

What most crisis communication systems neglect is closing the loop with colleagues in the same careful manner as they do with their customers.

Krista Berlincourt

If luck is what happens when opportunity meets preparation, a crisis is difficulty meeting unreadiness. You can’t avoid every iceberg, but you can add a few more safety boats.

Warren Buffett

A Russian roulette equation — usually win, occasionally die — may make financial sense for someone who gets a piece of a company’s upside but does not share in its downside. But that strategy would be madness for Berkshire. Rational people don’t risk what they have and need for what they don’t have and don’t need.

Julie Goran, Laura LaBerge, Ramesh Srinivasan

The critical question for executives concerned with their organization’s risk appetite is whether they are trusting their employees, at all levels, to make big enough bets without subjecting them to red tape.

Sanjay Kalavar, Mihir Mysore

In our experience, it helps to think of a crisis in terms of “primary threats” (the interrelated legal, technical, operational, and financial challenges that form the core of the crisis) and “secondary threats” (reactions by key stakeholders to primary threats). Ultimately, the organization will not begin its recovery until the primary threats are addressed, but addressing the secondary threats early on will help the organization … [ Read more ]

Joseba Eceiza, Piotr Kaminski, Thomas Poppensieker

Nonfinancial risk has typically been addressed by one-off showcase initiatives based on a specific regulation or requirement, and left to experts in each field. What principles exist typically focus on adhering to formal standards and providing evidence that appropriate controls are in place. They are usually not embedded into the business but are instead delegated to risk and compliance departments, which have a limited understanding … [ Read more ]

Tucker Bailey, James M. Kaplan, Chris Rezek

When companies think about cybersecurity […] most ask, “How can we protect ourselves and comply with standards or regulations?” instead of “How do we make confident, intelligent investments given the risks we face?” Many also treat cybersecurity primarily as a technology function rather than integrating it into business operations. As a result, they get the wrong answer about how to construct a cybersecurity program.

Gerd Gigerenzer

Just imagine, a few centuries ago, who would have thought that everyone will be able to read and write? Now, today, we need risk literacy. I believe if we teach young people, children, the mathematics of uncertainty, statistical thinking, instead of only the mathematics of certainty – trigonometry, geometry, all beautiful things that most of us never need – then we can have a new … [ Read more ]

Gerd Gigerenzer

We need statistical thinking for a world where we can calculate the risk, but in a world of uncertainty, we need more. We need rules of thumb called heuristics, and good intuitions. That distinction is not made in most of economics and most of the other cognitive sciences, and people believe that they can model or reduce all uncertainty to risk.

David Greenberg

The future of risk management lies in an ability to incorporate and inspire more of the behaviors we want, finding new models to map, monitor, intervene, support, and react to the behaviors of individuals and groups—both the behaviors we want to encourage and those we’d like to avoid. Critically, this taking account of behavior means that we need a much sharper comprehensive strategy for corporate … [ Read more ]

Nassim Nicholas Taleb

Rank beliefs not according to their plausibility but by the harm they may cause.

Field Marshal Erwin Rommel

If you can recover from the loss, it’s a risk. If not, it’s a gamble.

Gökçe Sargut, Rita Gunther McGrath

Simple decision rules, structures and relationships are not likely to be effective approaches when the task at hand involves making decisions in the context of complex systems. Ironically, many of our most embedded management practices—such as designing for optimization and for efficiency—only exacerbate the risks of things going wrong at a systems level. Somewhat counter-intuitively, the most robust complex systems are often not designed for … [ Read more ]

Ulrich Beck

Risk acceptability depends on whether those who carry the losses also receive the benefits. Where this is not the case, the risk will be unacceptable to those affected. If even the benefit is in dispute it is not enough to demonstrate that the ‘residual risk’ is, statistically speaking, highly improbable. A risk cannot be considered in and of itself. It is always framed by the … [ Read more ]

Ulrich Beck

Technical experts have lost their monopoly on rationality in the original sense: they no longer dictate the proportions by which judgment is measured. Statements of risk are based on cultural standards, technically expressed, about what is still and what is no longer acceptable. When scientists say that an event has a low probability of occurring, and hence is a negligible risk, they are necessarily encoding … [ Read more ]

Ulrich Beck

In risk conflicts, the central question of power is a question of definition. It is the question of who, with what legal and intellectual resources, gets to decide what counts as a ‘risk’, what counts as a ‘cause’, and what counts as a ‘cost’. The question of determining who is responsible, and who has to bear the burden of paying for damages, has been transmuted … [ Read more ]

Christian Gollier

How can we decide whether a risk is acceptable to society? Using the language of cost-benefit analysis, we can say that the risk is acceptable if its benefits to society exceed its costs. But to say this is merely to re-state the problem, for by assumption the benefits and costs are uncertain. Where these benefits and costs have known probabilities, and where individuals can diversify … [ Read more ]

Peter Drucker

One should not minimize risks any place, for it minimizes opportunities. Minimizing risk is a self-defeating strategy and not a particularly intelligent one… One doesn’t begin with risks. You list the opportunities and then you compare the risk against them. The opportunity-risk ratio determines your strategy, not the risks.

There are risks that you can afford to take because the opportunities are so great. There are … [ Read more ]