Risk Management (and why most people get it wrong)

Why is Philip Morris still in business? Why do some people refuse to board an airplane? Do you play the  lottery?

Most people are horrible at risk management. Our human brains aren’t wired to handle probability calculations. There’s a ton of cognitive biases working against us.

But I’m convinced we can improve on this. In this article, I will show you how to assess risk and how you can benefit from this skill in everyday life.

So far, I’ve met two kinds of people who get it right: engineers (but not all of them) and gamblers (but only some of them). Let’s start with the gamblers.


A gambler can calculate the expected value of a bet with this formula:

Expected Value = Probability x Outcome

For example, if you flip a coin for 1$, you will lose $1 half the time (= 50% = 0.50), and you will win $1 the other half. So you calculate the expected value of a coinflip like this:

Expected Value (coinflip) = 0.50 x (-$1) + 0.50 x (+$1) = $0

The expected value of a coinflip is exactly $0. Of course, the true results will deviate from this theoretical result. If you flip it 10 times, someone will probably be ahead a few bucks. But in the long run, there is no money to be made on even-money coinflips. On average, you stand nothing to gain, and nothing to lose. For a gambling proposition, this is not a particularly bad one, it’s just a waste of time.

Dice hustle

Now let’s take it one step further: my favorite dice hustle.  It goes like this: I put a pair of dice on the bar, and a $20 bill. I then tell my potential victims that if they put up $1 and throw a pair of 6’s, they can have the $20. Obviously, for $5, they can throw five times.

They will throw a 6 on average one time out of six (duh).  So the probability of throwing a pair of 6’s is 1/6 * 1/6 or 1/36. So 1 out of 36 times I will lose $20, the other 35 times, I will win $1. Let’s calculate the expected value:

Expected Value (dice) = 35/36 x (+$1) + 1/36 x (-$20) = $0.42

On average, I will win 42 cents for every roll of the dice.

Blade guard

So we know that a smart gambler can calculate his odds of winning. How do the engineers do it? Well, as it turns out, in the same way.

When engineers design a new type of equipment, they will perform a risk analysis on the design. They start by making a list of all the potential risks, called a risk inventory. In the case of a table saw, an example of a risk might be: “mutilation by contact with rotating blade”.

The next step in risk analysis is to quantify the risk. Engineers do this by using the same formula as the gamblers:

Risk = Probability x Outcome

Let’s return to the table saw. The risk was that your hand  would get caught in the rotating blade. The probability number for a human error is 5. The impact number for permanent injury is 7. So the risk number will be 35. When the risk number is higher than 15, action needs to be taken. In the example of the table saw, this might be: “Equip table saw with blade guard”.

How to get it wrong

The lesson to be learned from gamblers and engineers is that risk is the product of probability and outcome.

Three types of errors are lurking:

1 – Not being able to estimate the probability that a certain event will occur

2 – A bad judgement of the impact of an expected outcome

3 – The inability to assess risk, even when probability and outcome are known


We humans are terrible at estimating probability. We overestimate events that have caused an emotional impact in the past. We underestimate effects that occur far into the future. We think that because it’s come up red five times in a row, the next time it’s more likely to land on black.

There’s so many cognitive biases affecting our ability to estimate probability that I couldn’t possibly cover all of them, so I’ll just cherry pick two extremes (which are different sides of the same coin).

I never pick the right line at the supermarket.

The side with the butter on it always lands face down.

Sucker Bet

As with probability, the potential for error when estimating outcomes is unlimited, so let’s pick two: fear and ignorance.

Fear is obvious: we overestimate a possible negative impact because we are afraid of it. We think that if we lose our job, we’ll never find a new one. If we don’t take this fabulous discount, we’ll never find a deal like this again.

Ignorance is equally obvious. If we’ve never experienced a certain outcome, how can we assess it? This is what happens when a smoker says: “We all have to die of something”. Anyone who’s witnessed a loved one fight against cancer will be quick to point out to him that he has no clue what he’s talking about.

Even when you can estimate the probability and outcome of a risk, there’s no guarantee that you will assess the risk correctly. It’s not intuitive (at first) and you need practice to get better. But don’t worry, by simply being aware of your biases, you will already be ahead. Over time, you will get a feel for it, and learn to spot a sucker bet if you see one.

Lottery and lightning

From a risk management point of view, playing the lottery isn’t terrible. There’s a huge probability that you will lose a little, and a tiny possibility of winning big. The expected value of the bet is negative, because lotteries typically only pay out around half of the prize pool. This means that for every $1 you spend on lottery tickets, you should expect to lose $0.50. For a gambler, these are terrible odds. But as far as risk is concerned? It’s manageable.

Being struck by lightning is almost the perfect inverse of winning the lottery. Instead of a small cost, there’s a small gain when you go outside during a thunder storm: you get where you wanted to go. And instead of the outside chance at a huge win, there’s the tiny possibility of, well, death. Most of us don’t worry too much about this, since the chance of being struck by lightning in a given year is around one in a million. As with buying a lottery ticket, this is a risk not worth worrying about.

Drunk drivers, smokers, and base jumpers

To be clear, I’m not comparing base jumpers to drunk drivers on a moral basis. But I am from a risk management point of view. These decisions are the really bad ones. Why? Because they have a small upside and a big downside. This is never a good proposition.

What do you gain when driving home drunk? A $10 cab fare. What do you lose when you kill someone in a car crash? Everything.

It’s the same with base jumping. When things go as planned, you get an adrenaline rush. When they don’t, you die.

And as for smoking? When you smoke a cigarette, you get a short nicotine kick. When you are diagnosed with cancer, your life is over. (I was a smoker for 15 years by the way).

What makes this so much worse than going outside in a thunder storm is that the chance of a negative outcome in these cases is not negligible. It’s estimated that 5% of all base jumpers die. 1 in 2300 jumps ends with a fatality.

General terms

Ok, so you’re not a smoker or a base jumper, you don’t play the lottery and you certainly don’t drive home drunk. Have you been wasting your time reading this?

I don’t think so. I’m convinced that everybody can benefit from improving his risk management skills in everyday life. So for my last example, I’ll give you something more ordinary.

Do you read the general terms of an insurance policy before you sign it? And I’m not talking about the price quotation. I’m talking about the fine print, the 49 pages of legalese that you don’t get to see if you don’t specifically ask for it.

You should. This is a more hidden case of small upside, big downside. What do you gain by not reading it? Half an hour. What do you lose when you find out that scuba diving was excluded from the policy and you’re in the hospital with decompression sickness?

Don’t fall for the standard reply when you ask someone to strike a certain phrase from a contract: “Oh but that’s just in there because of the lawyers, we’ll never actually use it.” Your standard reply should be: “Well in that case, there’s no reason to keep it in there, right?”


I would like to end with a quote from a source I can’t remember:

Luck is just chance taken personally.

This entry was posted in Risk management and tagged , , . Bookmark the permalink.

3 Responses to Risk Management (and why most people get it wrong)

  1. Patrick says:

    “Luck is probability taken personally. It is the excitement of bad math.”

    Penn F. Jillette

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s