November 2018 Issue
Financial establishments, such as banks, routinely face different types of risks in the course of their operations. Risk stems from uncertainty of financial loss and can potentially cripple a business if not managed in time. This demands that mechanisms to manage risk be created via a risk management philosophy, with the objective of minimising negative effects risks can have on the financial health of an institution. However, risk is ultimately the outcome of a process of sensemaking; it is in the eye of the beholder.
A trend of objectification of risk
In financial institutions, risk tends to be understood as a quantifiable attribute. From this perspective, managers seek to objectively evaluate risk based on observed frequencies. This can be seen as the objective of a statistical risk view, where risk is ascribed a ‘true’ and objective value and a likelihood of manifesting.
In this respect, Value at Risk (VaR), a measure of the risk of loss for investments, has been used extensively in the financial industry. It is a preventive control mechanism, which seems to provide some benefits. However, some commentators, such as Joe Nocera in a 2009 article in The New York Times Magazine, have also pointed to severe limitations with VaR. “Given the calamity that has since occurred, there has been a great deal of talk, even in quant circles, that this widespread institutional reliance on VaR was a terrible mistake. At the very least, the risks that VaR measured did not include the biggest risk of all: the possibility of a financial meltdown.”
This is because the calculated risk exposed by VaR can be misleading, creating a blind-spot that many have associated with contributing to the onset of the 2007-08 financial crisis. VaR provides a decision maker with a sense of ‘the most I can lose’, in particular in the setting of 99 percent of confidence levels. Using a limited range of variables that underline the modelling of risk scenarios, this 99 percent of confidence can, and did, turn out to be very far from 100 percent in 2007-08. As Joe Nocera went on to point out, “Nassim Nicholas Taleb, the best-selling author of ‘The Black Swan’, has crusaded against VaR for more than a decade. He calls it, flatly, a fraud”.
We characterise the trust placed in VaR calculations to be almost a blind and slavish obedience to the methodology and output, crucially lacking any ‘mindful’ scrutiny. Overall, financial institutions are not known for fostering situated human cognition as an answer to the unknowable 1 percent. Nevertheless, in other industries, such as healthcare, mindful action is the one dimension of organisational resilience that is receiving close attention. In thinking about risk, the financial sector could learn a lot from changing attitudes in other sectors, particularly those that involve life-and-death decisions.
‘Making sense’ of risk
In light of the failure of the ‘objective’ determination of risk, it must be remembered that risk is in the eye of the beholder. It is based on options, interpretations and judgement, a product of social interaction, a continuous social construction and reconstruction. In short, our research has revealed that people continually seek to make sense of what is going on in light of their objectives and experiences, and the nuance of this process of making sense of the world is crucial to understand when managing risks.
At the beginning of a task, be it a project or any other a risky endeavour, stakeholders will probably demand certainty. In other words, the question of ‘what will risk mean?’ is central to the discussion at a point when stakeholders long for the comfort of having confidence in a predictable, controllable future. This desire tends to be manifested by a reliance of deterministic planning and diagnostic tools, such as VaR, which draw on historical data to illustrate the likelihood that something will happen in the future. The resulting analyses are disseminated and stakeholders take comfort in the rigour of the results. Stakeholders labour under the illusion that risk is understood as a ‘thing’, easily quantified and amenable to management and control. The risky endeavour can be pursued with confidence of success.
And this is the crux with demanding certainty by relying on the past: the future frequently deviates from the past. Things may go well for a protracted period, but when the illusion of certainty is shattered by counteracting outcomes, the meaning of risk changes too. In the wake of something not going as planned, risk becomes personalised and obfuscated. The question of ‘what will risk mean?’ changes to ‘what does the failure to predict risk mean to anyone else but me?’ Rectifying the failure to prevent risk in the first place tends to be associated with a blame game. Often, this ends up as a game of ‘cat-and-mouse’, as nobody wants to admit to being the root cause of an issue. In any case, the reality of most risks is that there is no single root cause; they are systemic. In other words, a risk being realised is the result of a multitude of factors with often paradoxical interdependencies. Nevertheless, a period of attribution will occur in most instances, with different parties expending energy and cost, seeking to dodge ‘the finger of blame’.
Ultimately, once a culpable entity has been identified and the problem that arose as a result of the realised risk has been addressed, the meaning of risk is transformed once more. Understanding shifts from a deterministic definition of risk and reframed as a workable concept, risk is seen as ambiguous and uncertain. Hence, the question of risk is one that looks into the future: ‘what is a workable definition of risk that allows us to recover from the failure of preventing it in the first place?’ Often, out of necessity, the costs of managing risks are shared in a more equitable fashion, and efforts at improvising enable a prompt resolution of materialised risks.
Nevertheless, tackling ongoing, materialised risks in a short-term, piecemeal fashion tends not to be sustainable over a longer period of time, and mangers start pondering about the ‘unrealness’ of the situation. That struggle of poorly applied risk management is elevated to a level of working with each other in the long-term and the meaning of risk is informed by ‘would have’ or ‘could have’. Stakeholders begin to understand that risk is not a controllable and tameable entity but, rather, it requires continual awareness of the novel and unusual.
One might expect that such looking into the future, resolving issues associated with the initial meaning of risk will be fruitful in defining new meanings of risk and, as a result, new ways of managing risk in the future. What we have found, however, is that this is often not the case. There are three reasons people forget their experiences of previous risky endeavours and enter into new, risky ventures with the same search for comfort and belief that risk measurement based on historical analysis will lead to a controllable, tameable set of risks. First, the process often involves a lot of pain, including financial, emotional and reputational. Understandably, people naturally want to forget this pain and ‘get on with their lives’. Second, people enter into new ventures with a great deal of undue, and sometimes delusional, optimism. Finally, people want to forget, in particular, meanings of risk that do not fit with their presumptions and expectations of objectified risk, and risk management processes that are reliant on being fed with objectified risks, such as VaR. Unfortunately, the ‘would haves’ and ‘could haves’ do not really trigger a rethink of risk and risk management. Instead, we are pulled in by the temptation of defining risk as an objectifiable entity, and thus deterministic, probabilistic risk management is that appealing as it overrides all previous definitions of the meaning of risk.
Managing the ‘making sense’ of risk
The job of a manager is to use and analyse the past as a predicator of the future. However, a manager’s job is also to appreciate how the meaning of risk, as understood by the parties involved, may evolve over time. The way people tend to make sense of risk will change as a result of their experiences and the changing pressures they face. For the manager, this means including repertoires of sensebreaking and sensegiving, to help shape the meaning of risk that people may adopt in any given situation. By helping to shape the meaning and sense people make of risk, the manager can counteract the tendency toward ‘predeterminism’. In other words, one of the jobs of the manager is to help people understand that the future can never be fully objectified and is not entirely predictable and controllable; that models, such as VaR, are useful but also, by default, limited. In the light of counteracting outcomes, sensegiving activities may include the definition of materialised risk as a natural, normal occurrence, and one that cannot be attributed to a single root cause.
Dr Elmar Kutsch is a senior lecturer in risk management at Cranfield School of Management. He can be contacted on +44 (0)1234 750 111 or by email: firstname.lastname@example.org. Dr Mark Hall is senior lecturer in project and operations management at University of Birmingham. He can be contacted on +44 (0)121 414 8577 or by email: email@example.com.
© Financier Worldwide
Dr Elmar Kutsch
Cranfield School of Management
Dr Mark Hall
University of Birmingham