You're reading...



One of my previous Wanderings mused on the power of soundbites, and specifically the encomium, “nothing between men is 3 to 1.”  Turned into more mathematical language we get the Harry the Horse Theorem: in a two point sample space where the outcome is affected by the action of humans, managers, or anyone else who thinks they know what they are doing, the probability of either event lies in the open interval (25%, 75%).

While this may be true, it’s not great for (my) business.  People who think they know what they are doing, my valued customers among them, tend to say things like, “if I thought the probability of X going wrong was 1% I wouldn’t do it.”  Yeah, right.

My risk management career was rooted in safety.  In the 1970s the nuclear industry became increasingly uncomfortable with the horrific potential consequences of accidents in nuclear reactors.  It made sense to balance this with some idea of how unlikely such accidents were, if, indeed they were.  A great deal of detailed work was done to prove that the chance of an accident was 1 in a million or whatever, a direct contravention of the HH theorem.  The probabilistic safety approach made great bounds in the 1980s and was applied to different industries and to the risk exposure of individual workers, always with very low estimated probabilities of death and other catastrophic consequences.  This spawned the development of risk registers, risk matrices and other concepts now commonplace in the risk management world.

Much of this work is very high quality.  There is no doubt in my mind that the risk-based approach to safety is a major advance.  However when the concepts are swallowed whole in the organisational risk context some gaps appear.  These result firstly from the much greater complexity and unpredictability of the business world, though many writers are prone to see nuclear reactors as one of mankind’s most complex inventions – wrongly in my opinion.  Secondly, our organisational risk analysis is far more superficial than safety risk work.  By custom and regulation we have to create very detailed analyses of what can go wrong to demonstrate the case for safety.  In contrast, much organisational risk analysis comprises a bunch of managers sitting around in a room shooting the breeze for a couple of hours and recording the output in an ERM system. This in turn uses processes which we shall analyse at length on this site in the future.

In this context, my rule of thumb version of the HH Theorem is that people do not and cannot afford to worry about risks which have a chance of less than around 5%.  Businesses lose money or go bankrupt all the time.  The UK Government’s obsession with risk to reputation is stunningly ineffective, though maybe that’s a different point.  Projects which do not overrun or overspend are very rare.  If a construction project is bid at a P80 price, there is a 20% chance that it will overspend.  If you then analyse the chance of consequences more serious than this: loss of profit, loss of ‘overhead recovery’ (don’t get me started) and so on, you will often end up with a 5% chance that a serious financial event will occur.

Obviously this is very crude and I don’ take it terribly literally, but nothing I have seen since I first formulated this rule has convinced me it’s not useful for me or my clients.  They need constantly reminding that 5% is actually a very low probability.  Remember what Harry the Horse would think of it.

Print Friendly