Why corporate culture needs risk literacy

Why corporate culture needs risk literacy

Risk can be calculated with at least fair amount of confidence. Uncertainty cannot. Therein lies confusion.

It is important to recognize the distinction between two fundamental but closely related concepts in risk analysis – the difference between uncertainty and risk. Trouble ensures when companies and organizations fail to develop a clear understanding of the nature of each. “A corporation that confuses risk with uncertainty very likely (doesn’t) understand risk,” argued a previous post. Even at the highest levels of corporate governance in many sophisticated organizations, general confusion is common.

In 1921, Frank Knight offered the classic definitions of risk and uncertainty in his book, Risk, Uncertainty, and Profit (available free online from the Library of Economics and Liberty). Knight treats the differences at length in Chapter VII, “The Meaning of Risk and Uncertainty.” Without going into his “theory of knowledge” and “the relation between knowledge and behavior” – which reveals straightaway Knight’s concept of the problem – we can summarize his views this way:

It will appear that a measurable uncertainty, or “risk” proper…is so far different from an unmeasurable one….(that) we shall accordingly restrict the term “uncertainty” to cases of the non-quantitative type.

This simple distinction is widely misunderstood, much to the detriment of risk management policies and activities. For Knight, risk is quantifiable. We can calculate the odds. Uncertainty, however, cannot be calculated. Uncertainty is unknowable. The problem is, we must manage both. To do so requires different approaches appropriate to each.

Risk is predictable, uncertainty common

A game of dice entails risk. The outcomes can be calculated and are known in advance. Certain corporate risks can be calculated a priori with reliable precision. The chance that a particular building will burn, Knight writes, is a statistical probability that “rests on an empirical classification of instances.” These are insurable risks.

Most risks encountered in business are actually uncertainties. These do not lend themselves to statistical analysis. It is a common mistake in risk analysis to rely heavily on quantitative models to illuminate what are essentially uncertainties. Risk models are generally used to derive estimated probabilities, which Knight characterizes as having “no valid basis of any kind” because they are a “form of probability…involved in the greatest logical difficulties.”

He writes, “The import of this distinction is that the first, mathematical…type of probability is almost never met with in business, while the second is extremely common.”

Little wonder that corporate risk models sometimes fall short in efficacy.

Risk literacy as a component of risk culture

These misunderstandings diminish a company’s risk culture and undermine its risk management activities. More importantly, the confusion is an impediment to the development of a mature risk management culture within a company.

A mature risk management culture should manifest an understanding of the distinction between risk and uncertainty in its policies and activities. It is, in the words of Gerd Gigerenzer, “risk literate.”

Gigerenzer, Managing Director of the Max Planck Institute for Human Development in Berlin, was interviewed recently by the HBR Blog Network. He echoed Knight’s message from over 90 years ago: “Most of our problems are about uncertainty… We need statistical thinking for a world where we can calculate the risk, but in a world of uncertainty…we need rules of thumb called heuristics, and good intuitions.”

A good way to develop a mature risk culture might be to create and foster a capacity for risk literacy at all levels. Corporations should adopt risk literacy as a fundamental starting point for understanding risk and maturing their risk culture. While risk culture begins with the Board and C-level officers, it must, like any culture, permeate the organization from top to bottom. Risk literacy enables lower level managers and employees to have ownership of risks assigned to them. They can get results from heuristics as well as any quant can get estimates from spreadsheets.

Risk literacy can be taught

Risk literacy is a method to spread a risk culture throughout a corporate organization, beyond its traditional limits among the upper echelons.

Unfortunately, risk literacy is in short supply in society in general. It is also lacking in corporate culture. The good news is, it can be developed. “We can make people risk savvy – with the proper tools,” Gigerenzer wrote in the journal, Applied Cognitive Psychologyin 2013.

Under circumstances of uncertainty, heuristic models can be more effective than their statistical cousins. One immediate benefit of developing a risk literacy capacity is the use of risk models appropriate to the situation. “If the world is highly predictable, you have lots of data and few parameters to estimate, then do your complex models. But if the world is highly unpredictable and unstable, as in the stock market, you have many parameters to estimate and relatively little data. Then make (models) simple,” Gigerenzer told HBR.

Corporations can create value by eliminating the cost of their misunderstanding the difference between risk and uncertainty.

Categories: Economics, International

About Author

Steven Slezak

Steven is on the faculty at Cal Poly in San Luis Obispo, California, where he teaches finance and strategy. He taught financial management and financial mathematics at the Johns Hopkins University MBA program. He holds a degree in Foreign Service from Georgetown University and an MBA in Finance from JHU.