Getting More Precise at Risk Assessment
How precisely does your company watch how projects can go askew? Learn how to assess risk the mathematical way, and take the quiz to see where you rate. (Baseline)In life-and-death decisions, people want facts. Health insurance with "medium" coverage doesnt cut it at the emergency room, and the nations vague multicolor terror-alert system has generated plenty of nervous confusion. Still, despite all of the money at stake, many businesses rely on simplistic weighted scores to measure and protect against risk. But a risk-assessment scale of "1 to 5" or "low to severe" is about as effective as a placebo, warns Doug Hubbard, chief executive of Hubbard Decision Research in Glen Ellyn, Ill. Mathematical formulas are used to measure risks in everything from insurance coverage to stock portfolios, but CIOs rarely take this approach when trying to assess their information-technology risks, Hubbard says. "I.T. isnt some special case that defies all risk analysis," he says. "Its just the last place to use it."
Doug Hubbard of Hubbard Decision Research offers the following advice to beef up risk-assessment systems:
1. Remove ambiguity. Instead of rating "technology risk" on a scale of 1 to 5, drill in on the variables. Is there a chance the vendor wont be around to support the software in two years? Could implementation costs exceed the approved budget? 2. Bet on it. Pretend your risks are tied to hard-money wagers. People are better at assessing odds when dollars are involved, even if its a simulated exercise. 3. Study past forecasts. Work from historical numbers, not memory. People remember when theyre right, not when theyre wrong, which leads to overconfidence. Reviewing actual track records will temper that. 4. Find the experts. Recruit the statisticians in your companyactuaries, ratings specialists, market-analysis expertswho are already trained to do sophisticated statistical analysis. How precise is your companys assessment of risk? Download the quiz to find out.