The Failure of Risk Management

Why It's Broken and How to Fix It

by Douglas W. Hubbard

Number of pages: 304

Publisher: Wiley

BBB Library: Operations Management

ISBN: 978-0470387955

About the Author

Hubbard is the inventor of Applied Information Economics (AIE). He is an internationally recognized expert in the field of measuring intangibles, risks, and value, especially in IT value, and is a popular speaker at numerous conferences. He has written articles for InformationWeek, CIO Enterprise, and DBMS magazine.


Editorial Review

Risk Management methods are many and are fairly new. They are growing in popularity. Some are well-established and highly regarded. Some take a very soft qualitative approach and others are rigorously quantitative. When such methods are measured rigorously, they don't appear to work. The answer for the second question is also no; most managers would not know what they need to look for to evaluate a Risk Management method and can be fooled by groupthink about the method. A more typical circumstance is that the Risk Management method itself has no performance measures at all, even in the most diligent, metrics-oriented organizations. This widespread inability to differentiate between methods that work and methods that don't work means that ineffectual methods are likely to spread. Ineffectual methods may even be touted as best practices and, like a dangerous virus with a long incubation period, are passed from one company to another with no early indicators of ill effects until it is too late.

Book Reviews

"In The Failure of Risk Management: Why It's Broken and How to Fix It, Douglas Hubbard makes a refreshing stand against the widespread purely qualitative project management frame work driven risk management approach, that without doubt has so headlessly found it’s way into so many companies these days." The Risk Management Diary

"This book holds much solid advice on how we can elevate our approach to risk assessment and management beyond the high-medium-low rating scales to an empirically-based, defensible basis for decision making. Definitely a recommended read."

"The book is a must read for anyone interested in risk management. It is especially recommended for project professionals who manage risks using methods that are advocated by project management standards and methodologies." Eight to Late

"The thesis of the book is to advocate the use of scientific, quantitative risk modeling, rather than qualitative (scoring) approaches that were often touted as ‘best practices’, in risk management." Risk-Informed Life-Cycle Infrastructure Engineering

Books on Related Topics

Wisdom to Share

The biggest Failure of Risk Management is that there is almost no experimentally verifiable evidence that the used methods improve the assessment and mitigation of risks.

For a critical issue like Risk Management, we should require positive proof that it works - not just the lack of proof that it doesn't.

It is Failure of Risk Management to know nothing of its own risks.

Since many Risk Management methods rely on human judgment, we should consider the research that shows how humans misperceive and systematically underestimate risks.

There are methods that are proven to work both in controlled laboratory settings and in the real world, but are not used in most Risk Management processes.

Falling far short of what one could reasonably be expected to do is another form of failure.

The big failure of Risk Management is the lack of consolidating individual risk models and the lack of being able to audit them.

We have limited ability to recall the relevant experiences we would use to assess a risk.