God is, or He is not. But to which side shall we incline?

Sometimes we have an image we project to others, and a different image that we keep privately to ourselves. Risk, "the chance of something going wrong," the probability of a specific consequence to a specific incident, is sometimes looked at differently based on whether we're looking at it ourselves or projecting it to the public.

Organizations behave just as individuals do. The bigger the image, the more serious the consequences. NASA Marshall Space Flight Center, manager of the Space Shuttle, gives us "probabilities" that some system will fail on the Shuttle on a given launch, and some "risk" that if that system fails, we'll have another Challenger disaster. What they SAY is that the risk of a Shuttle failure is something like 1 in 10000 or even 100000 launches, depending on the day you talk to them. But what they FEEL, deep down inside, is based on history: we've had just above 100 launches, and one of them ended in disaster.

So they make a compromise between what they say and what they feel. They use small probability numbers, but they look at *all* possible scenarios, no matter how unlikely. And they expect several organizations to look at these numbers with them, so that responsibility for coming to a consensus on them (and blame if the numbers don't predict something that actually *does* go wrong) gets spread around, diffused. More people get in trouble, but each gets in less trouble.

What you do in insurance is like that: insurance makes each of us pay for our own chances of getting in trouble, though what we pay takes care of someone else's troubles in the meantime. And I think if you were insuring the Shuttle, you'd do it on the basis of one expected failure in a few hundred (maybe even a few *dozen*) launches, not one in a hundred thousand.

Sources of system risk include

• system complexity
• number of interfaces between subsystems
• necessity of human operation or intervention
• unnecessary functions
• proprietary software or closed components that can't be modified
• excessive dependence on maintenance or administration
• timing off (in the case of computer-controlled systems)
• non-recogition of other risks by members of design team

Risk Management

How do you divide the stakes in an unfinished game of chance? The answer is based in your confidence in what WOULD happen if the game were completed. This is the origin of risk analysis. Risk is defined most simply as uncertainty plus consequences. In real systems, especially those involving making (or losing) money, there are so many uncontrollable factors that you may have a difficult choice:

1. wait for good information before taking action, and risk missing an opportunity, or
2. risk making a wrong decision, and find once it's made you can't take it back.

Which risk is bigger: action or inaction? If you sound like everyone else, your message isn't compelling. If you're not moving forward, you may be sliding backward. Risk management consists of:

• maximizing our control over a situation
• minimizing the effects of those aspects we can't control
• recognizing that the connection between effect and cause may be unknown

References

Bernstein, P. Against the Gods. NYC: John Wiley & Sons, 1998. ISBN 0-471-29563-9.
The sci.engr.* FAQ on Failures
Hammonds, K. "No Risk, No Reward." Fast Company, 04.2002.
Leighton, R. and R. Feynman. What Do You Care What Other People Think?. Norton & Company, 2001. ISBN 0-393-32092-8
Usenet newsgroup comp.risks
Williams, G. "Game of Risk." Entrepreneur, 04.2002.
"Space Shuttle Data for Planetary Mission RTG Safety Analysis," NASA JSC 02.15.1985.

What's important in assessing risk:

1. having data
2. having data that falls in a normal distribution -- which may force you to account for biases, drift, or cyclical behavior
3. having enough data

   The Law of Large Numbers tells us that the larger the sample size, the greater the chance the sample's average will be within some percentage of the REAL average (which would include all the data in the universe!). It's the probability that a measurement is close to the truth when you don't know the truth.

4. having data with a significant average

   The standard deviation tells you whether the sample is large enough for its mean to be significant. Despite the tendency of regression to the mean, if the standard deviation is large, the average is not a reliable indicator of future outcomes. The fact that something hasn't happened yet is not enough to make you assume it won't happen.

5. not depending too much on regression to the mean or assuming that regression will occur within a certain time -- we can run the risk of missing a new mean by assuming inevitability in future conditions
6. understanding your extent of risk aversion
   • are you more worried about avoiding losses than missing out on gains?
   • how much of a symmetry exists between risk and reward?

7. not basing risky decisions solely on the fact that you make an effort to manage risk
8. recognizing that experiments can fail to reveal risks
   • assessments based on unmeasurable hypotheses
   • a good hypothesis can be found wrong, and if the chance that it's wrong is large enough you must assume that it is!
   • participants in experiments can hold biases, or even lie!

9. diversifying where possible; examples in engineered systems include
   • redundancy
   • cross-training
   • robust design

1. This problem, in which 600 people risk death via incurable disease, unless treated by an experimental drug, may show how much we hate to lose.

   A	guaranteed to save 200
   B	1/3 chance to save 600; 2/3 chance to save none
   C	guaranteed loss of 400
   D	1/3 chance of losing none; 2/3 chance of losing 600

   Half of class compares A and B, half C and D.

2. This problem may show the point after which we become risk-averse, depending on varying the incremental "win."

   A	start with $30; win or lose $10 on coin flip
   B	start with nothing; win $20 or $40 on coin flip