In the context of growing a business, but also for just running it, decision making and dealing with risk are core ingredients. In support of both dimensions more or less separate disciplines have emerged (Decision Analysis and Risk Management), each with its own focus, jargon, merits and tool set.
By far the largest of the two is Risk Management, with many more practitioners, varieties, implementations and regular conferences and meetings than the field of Decision Analysis. Some companies may even have a Chief Risk Officer, reporting to the CFO or CEO. Risk management has to do with the identification, assessment and mitigation of risks. If you think about it, ‘risk’ is inherent to any activity that a human being undertakes, from descending down the stairs to making a multi-billion investment. To keep the discussion practical, we assume that Risk Management pertains to risks associated with significant investment decisions or with maintaining business continuity.
The tool set of Risk Management comprises identification workshops, the bow tie concept (distinguishing cause – event – consequences), the risk register (a list of risks with their characteristics), the risk assessment matrix (the risks mapped against likelihood and impact), and perhaps some others. The ultimate goal is to put in place controls to mitigate or eliminate the risks. If this is not possible, the risk has to be accepted.
Risk Management in the context of investment decisions thus has the focus on risks, supporting the decision-making process: enabling the decision to be executed with confidence. Its caveats are that it is a rather qualitative process and that the final result – a list of risk descriptions – may not provide sufficient clarity to the decision-maker.
The field of Decision Analysis, coupled to the concept of Decision Quality, on the other hand has the focus on decisions, taking into account risk (or rather: uncertainty), along with a few other aspects (alternatives, trade-offs). It is a smaller discipline and has not achieved the same level of penetration in business as the field of Risk Management. But as ‘risk’ is present in all human activities, so are ‘decisions’. Again, we will limit ourselves to the domain of investment decisions, although DA is potentially helpful in any situation. We hence focus on Investment Decision Analysis.
The tool kit of Decision Analysis includes the decision framing workshop, the concept of decision hierarchy (what is the current focus decision?), the strategy tables (decisions mapped against alternative options), influence diagrams, tornados and a suite of analysis methodologies, probabilistic and other. Probabilistic (Investment) Analysis, representing a large chunk of DA, comprises quite a suite of analysis tools, such as decision trees, Monte Carlo simulation, analytical approaches, value of information and the like. The core idea of Decision Analysis is that it is the uncertainty that generally complicates decision making, although choosing between options and making trade-offs can even be a challenge in the absence of uncertainty. And if there is uncertainty, there is usually risk (the exposure to an undesirable outcome of the uncertainty).
The fields of Decision Analysis and Risk Management are thus related and overlapping, although they have a somewhat different focus. Decision analysts and risk managers have their work in the same house. Decision analysts enter through the door with a sign ‘Decisions’ on it whilst risk managers enter through the door with the sign ‘Risks’. But to a considerable part they deal with the same topics. Since both disciplines have their own established practices, it may be a bridge too far to propose a merger?
But what can be done to better align the workstreams?
First of all, by educating each other of the tools and processes that are being used.
Secondly, by aligning (and perhaps merging) the decision framing and risk identification workshops. Most of the issues being identified and brainstormed relate to uncertainties and risks. Why not team up?
Thirdly, by implementing similar practices to quantify uncertainties and risks. This pertains to ranges of variables (probability distributions), to probabilities associated with an event happening or not and to relative weights of multiple identified possible cases. The most important risks in the risk register can usually be assessed in this way. The results of such quantification exercises are then included in the workstream of the decision analyst, unless the risk manager has been able to completely eliminate the risk. The quantification of the risks will also assist the risk manager in prioritizing the mitigation efforts.
Fourthly, by properly integrating the results generated by the decision analysis work and the risk management activities into a single perspective that is conveyed to decision-makers by means of presentations and sanction documents. The decision analyst and risk manager should work together and not rely on copy-pasting both perspectives into a single document and be happy with that.
In this way the objectives of the decision analyst (transparently present the merits of the investment decision including the relevant uncertainties and risks) as well as the risk manager (optimal mitigation program) are met whilst the decision-maker is provided with a more integrated and comprensive perspective.