Risk analysis is not about predicting events; it’s about understanding the probability of possible scenarios, according to Elisabeth Paté-Cornell, professor at the Stanford School of Engineering.
In her latest research, she argues that expressions such as “black swan” and “perfect storm”, which have become journalistic shorthand when describing catastrophes, are just excuses for poor planning. Managers, should “think like engineers” and take a systematic approach to risk analysis. They should figure out how a system works and then identify the probable ways in which it could fail.
What interested you in this idea?
After a disaster, people often say: “There is nothing we could have done about it because it was a ‘perfect storm’ or it was a ‘black swan’.” But that is nonsense. A black swan – an event that is impossible to imagine because we’ve known nothing like it in the past – is extremely rare. Usually, there are important clues that can be monitored to steer quick responses.
Give me an example.
The attacks on 9/11 were not black swans. There were signals that were missed. It was known in some parts of the government that questionable people were taking flying lessons on large aircraft and that they focused on taking off. In 1994, a group of terrorists who took over an Air France jet bound for Paris had a similar plot.
So does a black swan event exist?
The only one that I can think of is the Aids epidemic. In the case of a true black swan, you cannot anticipate it.
And what about ‘perfect storms’?
A combination of rare events is often referred to as a perfect storm. I think people underestimate the probability of them because they wrongly assume that the elements of a perfect storm are independent. If something happened in the past – even though it may not have happened at the same time as something else – it is likely to happen again in the future.
Why should managers take an engineering approach to analysing the probability of perfect storms?
Engineering risk analysts think in terms of systems – their functional components and their dependencies. If you’re in charge of risk management for your business, you need to see the interdependencies of any of the risks you’re managing: how the markets that you operate in are interrelated, for example.
You also need imagination. Several bad things can happen at once. Some of these are human errors and once you make a mistake, others are more likely to happen. This is because of the sequence of human error. When something bad happens or you make a mistake, you get distracted which means you’re more likely to make another mistake, which could lead to another bad event. When you make an error, stop and think. Anticipate and protect yourself.
How can you compute the likelihood of human error?
There are lots of ways to use systems analysis to calculate the probability of human error. Human errors are often rooted in the way an organisation is managed: either people are not skilled enough to do their jobs well; they do not have enough information; or they have the wrong incentives. If you’re paid for maximum production you’re going to take risks.
So in the case of a financial company I’d say monitor your traders, and maybe especially those that make a lot of money. There are a lot of ways you can make a lot of money: skill, luck, or through imprudent choices that sooner or later are going to catch up with you.
So you can do risk analysis even without reliable statistics?
We generally do a system-based risk analysis because we do not have reliable statistics. The goal is to look ahead and use the information we have to assess the chances that things might go wrong.
The upshot is that business schools ought to do a better job of teaching MBAs about probability.