Fire Your Risk Manager Now, Part 2

From the Game Theory in Management Blog
Modelling Business Decisions and their Consequences

About this Blog


Recent Posts

Hey, Leader! Where Are We Going?

A Simple Trick to Enhance Project Team Harmony

The Three Horsemen of the Leadership Apocalypse

The Last Word on Sponsorship

“First Learn Balance!”

Email Notifications off: Turn on

In my previous post, I put forth a few reasons why I believe that large parts of risk management theory, as currently practiced, are of relatively little (or even no) value, and the time, effort, and resources devoted to its analysis and output are a complete waste. To completely bury any remaining opposing arguments, I want to delve a little bit into the realm of management information system epistemology – but don’t worry, I won’t get all fancy-smanshy in making my points. After all, that’s the approach the risk managers take all the time, and it makes me crazy.

As I discuss at length in my recently-released, must-have book, Game Theory In Management, while information is the life blood of the organization, not all information is valuable. In order for a given piece of information to have value, it must possess three characteristics:

·         It must be accurate. Inaccurate information is worse than useless – it’s actually misleading.

·         It must be timely. Among competitors, the one with the most timely information will win every match.

·         Finally, valuable information must be relevant.

Okay, Hatfield, you say, the first two bullets are measurable. But how does one know which information streams are relevant, and which aren’t? To make this assessment for any given information stream, you are going to have to purchase my previously-mentioned, recently-released, must-have book. For this blog, though, we only have to evaluate the risk management-flavored information stream.

Management information – especially actionable management information – isn’t free. It requires time and effort to collect raw data, process it into info, and deliver in a readily-understandable format. For project managers, one of the most valuable analyses available is the output from the critical path methodology. Let’s say you are the PM for a construction project, and you have an estimate from your concrete pourers that it will take 20 days for them to finish pouring your building’s foundation. Since the framers can’t start until the foundation is done, you have scheduled them to arrive on-site on day 21. After day 10, however, your scheduler has learned that the concrete pourers are only 25% done. A quick calculation from your CPM-capable software reveals that, at this rate of performance, the foundation will not be finished until day 40. If the framers don’t get a call telling them to not arrive until day 41, they will spend 20 days standing around, unable to do anything other than incur actual costs. Clearly this information is highly relevant, since its unavailability would have lead directly to negative cost variances.

Can risk management methodologies make the same claim? Before we evaluate RM techniques for relevance, let’s do a quick check to see if they meet the other two requirements put forth for information value. Is, say, a Monte Carlo cost and schedule contingency analysis timely? I suppose it can be, so I’ll pass it on that count. Is it accurate? It may or may not be, and this is where a particularly insipid piece of MIS legerdemain is allowed to creep in. If the Monte Carlo analysis happened to quantify a potential scenario that actually unfolded, then the risk managers claim victory. What about all of the potential scenarios that didn’t come about? Shouldn’t they represent system failures? And, if something happens that wasn’t captured in any of the risk managers’ analysis, they just claim it was an “unknown unknown.” Convenient, huh?

Finally, the relevance evaluation. Let’s say in the previously discussed construction project that your customer insisted on a robust risk management program, but didn’t care about critical path scheduling. Since you had access to only one project management analyst, you assigned her to perform a risk analysis. Your framers show up on day 21, but the foundation is only half complete. Your analyst comes to you with one of the following two reports. Which one is relevant?

·         “I know you wanted a complete risk analysis by now, but I’m having trouble with the software. However, I did have a feeling that something like this might happen.”

·         “According to the completed risk analysis, we projected a 34% chance that this would happen, and that the impact would be the cost of the framers having to stand around for 20 days, or $100,000. So, we put $34,000 into the contingency reserve, since that’s $100,000 times 34%.”

If you said that neither of these reports is relevant, go to the head of the class.

And, once you are standing at the head of the class, inform your risk manager that his information is only tangentially accurate, completely irrelevant, and that he needs to go away and stop pestering you. Next up: when to tell your accountant to sit down and shush.

Posted on: December 17, 2012 08:45 PM | Permalink


Please Login/Register to leave a comment.


If you can't convince them, confuse them.

- Harry Truman