Risk Management and Mitigation

Risk Management and Mitigation

As risk plays such a large role in our lives, there is a large body of literature on risk management and risk mitigation. In general, risk management consists of the following procedure:

  1. Identify each risk
  2. Quantify or measure each risk
  3. Mitigate the risk
  4. Validate the entire process

Note that this traditional process addresses only risk mitigation (reduction) but ignores the return dimension. That is, it doesn’t take into consideration the expected rewards for taking on various levels of risk. A complete decision making framework requires accounting for both risk and expected return.

The Cardinal Sin of Risk Management

The cardinal sin of risk management for the risk averse (the majority of the population), is to systematically underestimate risk. Getting the risk assessment wrong once in a while is inevitable, and as long as we get the assessments right in other areas, will not sink us. However, a systematic underestimation of risk sets the stage for disaster.

An example of systematically underestimating risk may be found in the recent subprime crisis, in which most of the nation’s financial institutions consistently misunderstood and underestimated the risks involved. Even more strangely, they explicitly took actions that made the risks worse! One specific example was the decision, instituted in the latter part of the lending bubble (2005-2006), to dispense with verification of borrower-reported responses on loan applications.

Comments are closed.