Second Edition
This second edition first published 2020
© 2020 by Douglas W. Hubbard. All rights reserved.
Published by John Wiley & Sons, Inc., Hoboken, New Jersey.
Published simultaneously in Canada.
Edition History
John Wiley & Sons, Inc. (1e, 2009)
No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600, or on the Web at www.copyright.com. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at www.wiley.com/go/permissions.
Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Neither the publisher nor author shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages.
For general information on our other products and services or for technical support, please contact our Customer Care Department within the United States at (800) 762-2974, outside the United States at (317) 572-3993, or fax (317) 572-4002.
Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some material included with standard print versions of this book may not be included in e-books or in print-on-demand. If this book refers to media such as a CD or DVD that is not included in the version you purchased, you may download this material at http://booksupport.wiley.com. For more information about Wiley products, visit www.wiley.com.
Library of Congress Cataloging-in-Publication Data
Names: Hubbard, Douglas W., 1962– author.
Title: The failure of risk management : why it's broken and how to fix it / Douglas W. Hubbard.
Description: Second edition. | Hoboken, New Jersey : Wiley, 2020. | Includes index.
Identifiers: LCCN 2019051494 (print) | LCCN 2019051495 (ebook) | ISBN 9781119522034 (hardback) | ISBN 9781119522027 (adobe pdf) | ISBN 9781119522041 (epub)
Subjects: LCSH: Risk management.
Classification: LCC HD61 .H76 2020 (print) | LCC HD61 (ebook) | DDC 658.15/5—dc23
LC record available at https://lccn.loc.gov/2019051494
LC ebook record available at https://lccn.loc.gov/2019051495
Cover Design: Wiley
Cover Image: © RomoloTavani/iStock.com
I dedicate this book to my entire support staff: my wife, Janet, and our children, Evan, Madeleine, and Steven, and to the Armed Forces of the United States of America.
Mr. Hubbard's career in quantitatively based management consulting began in 1988 with Coopers & Lybrand. He founded Hubbard Decision Research in 1999 and he developed the applied information economics (AIE) method to solve complex, risky decisions. He has used AIE in many fields, including cybersecurity, aerospace, biotech, environmental policy, commercial real estate, tech startups, entertainment, and military logistics, to name a few. His AIE methodology has received critical praise from respected research firms such as Gartner, Forrester, and others.
He is the author of the following books (all published with Wiley between 2007 and 2016):
His books have sold over 140,000 copies in eight languages and are used as textbooks in dozens of university courses including at the graduate level. Two of his books are required reading for the Society of Actuaries exam prep, and he is the only author with more than one on the list. In addition to his books, Mr. Hubbard has published articles in Nature, The American Statistician, IBM Journal of R&D, CIO Magazine, and more.
A lot has happened in the decade since the first edition of this book, both in the world of risk management and in my own work. Since then, I've written two more editions of my first book, How to Measure Anything: Finding the Value of Intangibles in Business as well as writing Pulse: The New Science of Harnessing Internet Buzz to Track Threats and Opportunities and How to Measure Anything in Cybersecurity Risk. By 2017 this book (along with How to Measure Anything) was placed on the required reading list for the Society of Actuaries Exam Prep.
Regarding the broader topic of risk management, there were several more examples of risk management gone wrong since the first edition. The Fukushima Daiichi nuclear power plant disaster in Japan, the Deepwater Horizon oil spill in the Gulf of Mexico, and multiple large cyberattacks that compromised hundreds of millions of personal records. But I won't dwell on these anecdotes or the events that occurred prior to the first edition. This book should be just as relevant after the next big natural disaster, major product safety recall, or catastrophic industrial accident. Better yet, I hope readers see this book as a resource they need before those events occur. Risk management that simply reacts to yesterday's news is not risk management at all.
I addressed risk in my first book, How to Measure Anything: Finding the Value of Intangibles in Business. Risk struck me as one of those items that is consistently perceived as an intangible by management. True, risk is intangible in one sense. A risk that something could occur—the probability of some future event—is not tangible in the same way as progress on a construction project or the output of a power plant. But it is every bit as measurable. Two entire chapters in the first book focused just on the measurement of uncertainty and risks.
Unfortunately, risk management based on actual measurements of risks is not the predominant approach in most industries. I see solutions for managing the risks of some very important problems that are in fact no better than astrology. And this is not a controversial position I'm taking. The flaws in these methods are widely known to the researchers who study them. The message has simply not been communicated to the larger audience of managers.
All of my books—not just the two that explicitly mention risk in the title—are really about making or supporting critical decisions where there is a lot of uncertainty and a cost to being wrong. In other words, I write about risky decisions. I was drawn to this topic after watching consultants come up with a lot of questionable schemes for assessing risks, measuring performance, and prioritizing portfolios with no apparent foundation in statistics or decision science. Arbitrary scoring schemes and other qualitative methods have virtually taken over some aspects of formalized decision-making processes in management. In other areas, some methods that do have a sound, scientific, and mathematical basis are consistently misunderstood and misapplied.
I just didn't see enough attention brought to this topic. Of all the good, solid academic research and texts on risk analysis, risk management, and decision science, none seem to be directly addressing the problem of the apparently unchecked spread of pseudoscience in this field. In finance, Nassim Taleb's popular books, Fooled by Randomness and The Black Swan have pointed out the existence of serious problems. But in those cases, there was not much practical advice for risk managers and very little information about assessing risks outside of finance. There is a need to point out these problems to a wide audience for a variety of different risks.
Writing on this topic would be challenging for several reasons, not the least of which is the fact that any honest and useful treatment of risk management steps on some toes. That hasn't changed since the first edition. Proponents of widely used methods—some of which have been codified in international standards—have felt threatened by some of the positions I am taking in this book. Therefore, I've taken care that each of the key claims I make about the weaknesses of some methods is supported by the thorough research of others and are not just my own opinion. The research is overwhelmingly conclusive—much of what has been done in risk management, when measured objectively, has added no value to the issue of managing risks. It may actually have made things worse.
The biggest challenge would be reaching a broad audience. Although the solution to better risk management is, for most, better quantitative analysis, a specialized mathematical text on the analysis and management of risks would not reach a wide-enough audience. The numerous technical texts already published haven't seemed to penetrate the management market, and I have no reason to believe that mine would fare any better. The approach I take here is to provide my readers with just enough technical information so that they can make a 180-degree turn in risk management. They can stop using the equivalent of astrology in risk management and at least start down the path of the better methods. For risk managers, mastering those methods will become part of a longer career and a study that goes beyond this book. This is more like a first book in astronomy for recovering astrologers—we have to debunk the old and introduce the new.
Douglas W. Hubbard
February 2020
Many people helped me with this book in many ways. Some I have interviewed for this book, some have provided their own research (even some prior to publication), and others have spent time reviewing my manuscript and offering many suggestions for improvement. In particular, I would like to thank Dr. Sam Savage of Stanford University, who has been extraordinarily helpful on all these counts.
Reed Augliere | Jim Dyer | Harry Markowitz |
David Bearden | Jim Franklin | Jason Mewis |
Christopher “Kip” Bohn | Andrew Freeman | Bill Panning |
Andrew Braden | Vic Fricas | Sam Savage |
David Budescu | Dan Garrow | John Schuyler |
Bob Clemen | John Hester | Yook Seng Kong |
Ray Covert | Steve Hoye | Thompson Terry |
Dennis William Cox | David Hubbard | David Vose |
Tony Cox | Karen Jenni | Stephen Wolfram |
Diana Del Bel Belluz | Rick Julien | Peter Alan Smith |
Jim DeLoach | Daniel Kahneman | Jack Jones |
Robin Dillon-Merrill | Allen Kubitz | Steve Roemerman |
Rob Donat | Fiona MacMillan |