This little page is a sidebar to Risk management is (not) calculating the ‘expected’ loss or gain.
For the simple bet example, we calculated an expected value of +$7.50 per bet instance. On that basis alone I would take the bet. But then suppose I only have $10 and I need that to get home safely and away from the lurking loan sharks. I would not take the bet. The full value of a losing outcome includes not only the lost $10, but also the experience of being stranded with the loan sharks a long way from home. Factoring that into the expected valuation would give it a negative expected value. Possibly someone else with deeper pockets and greater risk capacity will make a different decision and take my place, and may be very profitable for them.
Looking in the other direction, there is a sense in which a course of action with a seemingly negative expected value can be acceptable and even compelling in a desperate situation.
An opposite example of desperation appears in COSO ERM Understanding and Communicating Risk Appetite – look for ‘defense contractor dealing in trucks’ on page 4. In the example, the decision to ‘bet the company’ was taken despite a limited likelihood of a profit or overall success. The reason was that not ‘betting the company’ would almost certainly result in the company going out of business. The COSO source does not say anything about the magnitude or likelihood of outcomes from ‘betting the company’. However, it might have had a negative ‘expected value’ if the ‘expected value’ took into account only the potential profits from the vehicle project. In doing that, the future existence of the company would have been given zero value – not a very sensible approach. If the future existence of the company had been given proper value in the ‘expected value’ calculation, the expected value of betting the company would have been positive.
Risk (only) arises where there is non-compliance Risk (only) arises from change. Risk (only) arises where governance or control processes are not mature. Risk is (only) whatever can stop the plan from being executed. Risk management is (just) designing controls. Risk management is (not) workshops, consensus, and voting. Risk management is (not) about re-directing blame. Risk management can (not) be achieved by risk scoring. Risk management is (not) just a matter of monitoring. Risk management is (not) calculating the ‘expected’ loss or gain.
|For Everyone: This series assumes you have no prior knowledge. It does not use technical terms without explaining them first. Stream supplements are available as drill-downs.