Risk Modeling Basics
Google the word “risk” and the first result is the noun with the definition “a situation involving exposure to danger.” Seems pretty straight forward and to the point, doesn’t it?
Of course, to fully understand the purpose of risk modelling, we need to answer this question: What is risk versus uncertainty? The most clear cut way to explain it is the way Douglas Hubbard explains it on page 81 of Failure of Risk Management:
“Uncertainty. The lack of complete certainty – that is, the existence of more than
one possibility. The ‘true’ outcome/state/result/value is not known.
Risk. A state of uncertainty where some of the possibilities involve a loss, injury, catastrophe, or other undesirable outcome.”
Naturally, the next question is: why is risk such a big topic for businesses? Well, if a risk isn’t explored or evaluated properly, otherwise simple decisions can go south in a big way: a bad investment, or a major cyber incident due to mis-prioritizing threats and vulnerabilities, could lose the organization millions of dollars.
Yet, many organizations struggle when it comes to analyzing and managing the varieties of risk they face on a daily basis. This is largely in part because businesses often only use or understand one facet of risk management and modelling. As Douglas Hubbard states in The Failure of Risk Management, “almost everyone has something to learn from a completely different school of risk management than their own.”(24)
This is where risk modeling comes in. Risk modeling involves laying out the factors and their relationships. By taking the time to evaluate and understand your risk, you can make better informed decisions on how to prioritize the issues your organization faces and where to allocate your (limited) resources.
By using risk models, you have the benefit of making better informed and objective decisions. Through the models, it becomes much easier to make sense of complex risk data and to allow data to be read and understood without having to sift through hundreds of thousands of data points and attempt to make sense of it all. Risk modeling is the best way to become educated on the risks at hand and the best way to combat those risks.