Friday, November 7, 2014

$10 words in risk management

When you get into risk management a bit, there are some biggies that get thrown around -- I call them $10 words -- and there are two that more or less divide risk management along the lines of
  1. The unknown that is possibly knowable with some legwork
  2. The unknown that is likely to remain unknowable
First case
For the first case, this is all about knowledge, the nature of knowledge, and how better to improve knowledge. Generally, this is called "epistemology" (ka-ching: $10 please) -- understanding the nature and scope of knowledge.

Risks that are subject to a better understanding by simply (I say simply, but often it's not simple) digging out more information are called "epistemic risks"

More simply yet, epistemic risks are those you can do something about -- they are actionable by nature of greater understanding and knowledge development.

In other words, epistemic risks are those for which the uncertainty can reduced -- if you spend the money to try.

And here's another opportunity to make $10: epistemic risks can be set in an organized framework of knowledge, said knowledge frameworks are called ontologies, and so epistemic risks are sometimes called ontological risks (OMG! this just gets better and better)

Second case
For the second case, it's all about the hidden, latent, unknowable (you may not find out what you don't know to ask, etc) that just happens by chance. For example, games of chance, like dice, you simply have no way of knowing what is going to come up next. There's no question you can ask to find out. And, the games are "memoryless" and thus independent; the former outcome has no bearing -- seemingly -- on the next outcome.

Such risks are called aleatoric risks, from the word aleatory meaning "related to random choice or outcome"

The good news, if there is any, is that aleatoric risks have probability distributions that is quantitative description of their random outcomes. If you can discover something about the distribution, you have something to work with re mitigating effects.

Operationally, you can't really reduce the uncertainty surrounding aleatoric risks, but you can immunize your project to the random or chance outcomes -- within limits of course -- by providing slack, buffers, redundancy, loose coupling, etc. In other words, to make the project less fragile and susceptible to the shock of a such a risk outcome.

Read in the library at Square Peg Consulting about these books I've written
Buy them at any online book retailer!
Read my contribution to the Flashblog