David Apgar on Risk IntelligenceBack in December, I read a review in the Wall Street Journal of a new book by David Apgar, managing director of the Corporate Executive Board. Risk Intelligence: Learning to Manage What We Don't Know addresses a subject — business risk — that I'm interested in both for its own sake and because I have found it neglected in the training that businesses provide to their employees.
Michael Kaplan's review of Apgar's book is basically positive. However, at the end he cites as the book's "most significant flaw" a failure to acknowledge that building risk intelligence is a demanding process, one that is beyond the capacity of many employees.
While I would agree that not everyone is able, or needs, to develop the expertise to follow the process for improving risk intelligence that Apgar presents (summarized in his final chapter), I do think it's vitally important for any business to cultivate practical fluency in the concepts Apgar discusses.
Those concepts center on what Apgar calls the four rules of risk intelligence (represented by the mnemonic, R.I.S.K.):
- Recognize which risks are learnable.
For example, the risk that a new product will sell poorly is in the learnable category because a company can do market research to reduce its uncertainty. In contrast, the risk that a change in exchange rates will make producing in China more costly is not learnable; it's a random risk whose uncertainty cannot be reduced (though it can, and should, be managed).
- Identify the risks you can learn about fastest.
This is where measuring risk intelligence comes in. Apgar presents a five-question tool for assessing the magnitude of the learnable risk involved in undertaking any particular initiative (or other decision). Each of the following questions is answered by considering your organization's situation relative to competitors:
How often do you have experiences related to the risk? (This gets at the raw amount of information you are able to draw on.)
How relevant are these experiences to what might influence the risk? (The more relevant the better.)
How surprising are these experiences? (Improbable experiences can be especially informative about what influences the risk.)
How diverse are these experiences as sources of information? (The less redundancy the better.)
How methodically do you keep track of what you learn from the experiences? (Only data you can actually retrieve is useful, especially when others who have not personally gathered the experiences are involved in the risk assessment.)
- Sequence risky projects in a "learning pipeline."
Building the pipeline involves conducting a risk strategy audit.
First, you rate the principal risk for each project (or other type of decision) in terms of (1) how well you can assess the risk (a measure of your organization's learning advantage), (2) how much the risk is correlated with the other risks as a group (a measure of risk diversification), and (3) the risk's magnitude, measured in terms of value at risk, project size, revenue potential, or whatever other measure is feasible and meaningful.
Then you check that the actual pattern of risks — the company's de facto risk strategy — is consistent with the company's growth strategy. For example, it would be unwise to be pursuing an aggressive growth strategy that entails a sizeable number of undiversified and hard-to-assess risks.
Finally, look for any gaps and clumps in the pipeline. Does the company need more areas in which expertise makes it dominant? Are there too many learning challenges all at once, as opposed to having a reasonable degree of focus in the projects the company is tackling? Is there a lack of experimentation with new opportunities? Is the company's risk too concentrated?
- Keep networks of partners to manage all risks.
As a tool, Apgar offers a matrix that distinguishes four risk roles that a company might take, depending on (1) the degree to which a risk under consideration helps in diversifying the company's overall risk picture, and (2) the degree to which the risk is correlated with movements in the stock market (i.e., the overall market). The risk role that is most appropriate in a particular situation determines how the company negotiates risk-sharing and pricing with customers, suppliers, and finance partners.