Conventional risk assessments fail when you need it most

The 21st century has been characterized by extreme uncertainty. Recent examples include:

• COVID-19 Pandemic (2019-2020)

• Climate Change/Extreme Weather Events

• Boeing 737 MAX Crashes (2018-2019)

• Cybersecurity Breaches (SolarWinds, 2020)

• Supply Chain Disruptions (2020-2022)

• Ever Given Suez Canal Blockage (2021)

• Texas Power Grid Failure (2021)

• Cryptocurrency Crashes (2021-2022 FTX)

• Global Semiconductor Shortage (2021-2022)

• Silicon Valley Bank Collapse (2023)

These examples highlight several common weaknesses in conventional risk assessment, including an overreliance on historical data, an underestimation of low-probability but high-impact events, a failure to account for interconnected systems, and an insufficient attention to emerging risks such as climate change and cyber threats.

Quantitative analysis – the assumption of a knowable risk probability -- underpins actuarial and insurance models of risk. Most quantitative conventional risk assessment models are based on established historical cause-and-effect relationships using large data sets.

This has led to guidance on risk assessment for purposes of internal control and enterprise risk management from, for example, COSO, the Committee of Sponsoring Organizations of the Treadway Commission.(1)

Lesson Learned: Subjective assessments are unreliable.

We have seen the failures of quantitative assessments. It gets worse when people try to guess probability.

Unfortunately, COSO’s guidance, among others, encourages subjective probabilistic guestimates, which are inevitably biased. Such estimates are seriously flawed but are still the norm despite having been identified as biased for almost 50 years.(2)

As these and other examples clearly illustrate, conventional risk assessment and decision-making models are inadequate in the face of extreme uncertainty. We see risk and risk assessment differently from COSO.

Risk is the potential for an unwanted difference between actual and expected performance, regardless of cause.

In extreme uncertainty, probability cannot be assigned. There are no relevant precedents and no large bodies of data with established cause-and-effect relationships that can be used to establish risk experience and premia.

Chaos. The ultimate expression of uncertainty is chaos. Chaos is the absence of cause and effect, a state of utter confusion.

It is the antithesis of probability. In chaos, decision-makers need to focus on building resilience and agility into their strategies rather than trying to predict specific outcomes with finely tuned linear plans.

Resilience and agility involve designing systems and strategies that can adapt to a range of unknowable possible future developments.

Resilience is the ability of an organization to absorb shocks, recover quickly from disruptions, and maintain or even improve its essential functions.

This includes not only recovering from known risks but also being prepared for unexpected "black swan" events, especially since these seem to be occurring with increasing frequency.(3)

Lesson Learned: Luck plays a role, but don’t count on it.

Nvidia

In the 1990s, Nvidia was on the brink of collapse due to setbacks with its initial chip designs. The company's future was uncertain, and bankruptcy loomed. At this critical juncture, Nvidia's CEO, Jensen Huang, sought a $5 million lifeline to keep the company afloat.

Shoichiro Irimajiri, a prominent executive from Sega, stepped in with an act of kindness that would change the course of Nvidia's history. Irimajiri, recognizing the potential in Huang's vision, provided the much-needed funds without any obligation to do so.

This Rmely and fortunate investment not only saved Nvidia from imminent failure but also enabled the company to develop a breakthrough graphics processing unit (GPU) for Sega's Dreamcast console.

Despite initial setbacks, Irimajiri's unwavering support and belief in Nvidia's capabilities were crucial.

This investment and support paved the way for Nvidia's eventual success, including its public offering in 1999. Today, Nvidia is the leading player in the tech industry, with a market valuation of more than $2 trillion.(4)

NetFlix

In the late 1990s, Nellix co-founders Reed HasRngs and Marc Randolph conceived the idea of a mail-order DVD rental service. They sent a DVD to themselves to test the feasibility of the concept. They didn’t know it at the Rme, but they used one of the few remaining post offices that still sorted mail manually.

This manual sorting was more gentle and less likely to damage the DVD, which “proved” that DVDs could indeed be sent safely through the mail, thus validating his business concept.

Had they known it was just by chance, it would have changed everything because they incorrectly assumed that it would work in every post office.(5)

This “successful” test led to the launch of Nellix in 1997, which initially operated as a subscription-based DVD rental service. The innovaRve model allowed customers to rent DVDs without late fees, fundamentally changing the home video rental market and setting the stage for Nellix's later transition to a streaming giant.

Oaktree Capital Management

In 1969, Howard Marks, co-founder and chairman of Oaktree Capital Management, armed with degrees from Wharton and the University of Chicago’s Booth School of Business, was searching for his first job. He wanted one job more than any other. He didn't get it; it went to his roommate instead.

Thirty years later, Marks learned the reason from the recruiter who had interviewed him. The recruiter revealed that the partner in charge had come in hungover on the day of the decision and made the wrong call.

Reflecting on this twist of fate, Marks humorously noted that, had he gotten that job, he might have spent 30 years at Lehman Brothers, which infamously collapsed in 2008.(6)

FedEx

In the early 1970s, FedEx was facing severe financial difficulties. The company had run out of money, with only $5,000 left in its account, while it needed $24,000 to pay a critical fuel bill. Traditional funding options were exhausted, and the company's future was in jeopardy.

In a desperate bid to save FedEx, CEO Fred Smith took the remaining $5,000 and flew to Las Vegas.

Using his skills as a card counter, he played blackjack and turned the $5,000 into $27,000. This unexpected windfall allowed FedEx to pay the fuel bill and keep its operations running for another week.

This gamble not only provided immediate relief but also symbolized a turning point for the company. It boosted morale and demonstrated Smith's commitment to saving the company.

Following this, Smith was able to secure an additional $11 million in funding, which stabilized FedEx's finances and allowed it to continue growing. By 1976, FedEx had made its first profit, and by 1983, it had reported $1 billion in revenue.(7)

Don’t count on it

Luck or chance plays a significant yet often underestimated role in business success. But it is resilience and adaptability that create success from a chance occurrence.

If Smith hadn’t been a card counter, if Marks had sulked after chance denied him his dream job, they still wouldn’t have succeeded even if the lucky break had happened exactly as it did.

Viewed through that lens, it’s easy to imagine a counterfactual world, where they failed, and what is now considered their lucky break is thought of as bad luck.

In fact, once you think of it that way, it’s intuitive that “luck” – if not acted upon with skill – evens itself out, resulting in a sort of regression to the mean.

And, indeed, that seems to be the case. Chengwei Liu, a professor of strategy and behavioral science, researched the 50 companies featured in “In Search of Excellence,” “Good to Great,” and “Built to Last.” He found that 16 failed within five years after the books were published, and 23 became mediocre as they underperformed the S&P 500 index.(8)

Only five out of the remaining 11 firms maintained a similar level of excellence. He concludes that “what happened after becoming great is clearly not enduring greatness but strong regression to mediocrity.”

Therefore, in the words of baseball manager Branch Rickey, “Luck is a fact, but should not be a factor.”

If you and your board want to control your organization’s future, you can’t count on luck.

You – and your board – need to understand how the world and your organization’s place in it are changing, and control how you adapt to those changes.

Conclusion

Be prepared. Conventional risk assessment models, rooted in historical data and probabilistic predictions, consistently fail in the face of extreme uncertainty. This is especially true for subjective guestimates, which, unfortunately, are the dominant risk assessment methods used today.

These assessments often overlook low-probability but high-impact events. When no clear cause-and-effect relationships or reliable data exist, decision-makers must shift from relying on subjective predictions to building resilience and agility.

Preparing for an unpredictable future means fostering systems that can absorb shocks, recover swiftly, and adapt dynamically to unforeseen challenges.

Luck may occasionally play a role, but lasting success depends on adaptability and strategic resilience.

For more information, contact slussow@boardsmart.com

(1) https://www.coso.org/

(2) E.C. Poulton. QuanPtaPve subjecPve assessments are almost always biased, somePmes completely misleading.

The BriPsh Journal of Psychology. First published: November 1977. h"ps://doi.org/10.1111/j.2044--

8295.1977.tb01607.x

(3) Nassim Taleb. The Black Swan: The Impact of the Highly Improbable. 2007. Random House.

(4) The 84-Year-Old Man Who Saved Nvidia - WSJ

(5) Gina KeaPng. “Neblixed”. Penguin Books. 2012. P.9

(6) Investor Howard Marks on Luck, Risks and the Job that Got Away - Knowledge at Wharton (upenn.edu)

(7) How Blackjack Saved FedEx From Bankruptcy (thinkfreight.io)

(8) https://hbr.org/2021/06/dont-underesPmate-the-power-of-luck-when-it-comes-to-success-in-business