What is Risk?
2021-07-12 | tags: risk

I mostly write about ML/AI on this website, though long-time readers will notice that I focus on the non-technical matters: leadership, hiring, and team structure are common topics here.

I've also mentioned risk in a few posts. I find risk to be a fascinating topic overall, and one that we don't think about nearly enough in ML/AI.

There are many ways to think about risk. One that I keep coming back to is: a possible future entry on the balance sheet, of indeterminate (and unbounded) amount. This perspective is especially relevant when you consider how future costs weigh into company valuations for investment and M&A purposes: if a company has done something dodgy with its training data, then it's probably heading for trouble down the line, and that should be reflected in any purchase price.

I plan to cover risk here more in the future, and in deeper detail, so I figured an introduction to risk was in order.

Key terms

It's cliché but necessary to lead with some terminology.

Risk is built on the idea that some Event might happen. We emphasize, "might." It's not that it definitely will happen, because then it would be a fact. Instead, a risk is a Not-Yet Event. And there's only a chance that it will become a Has Happened Event.

The core of risk, then, is the notion of maybe.

Why should we care about a maybe? Well, if The Event happens, there will be some outcome, usually in the form of consequences. That's what separates risk from other areas of future planning: it's about exploring things that don't go as intended.

That leads us to some other key terms:

Risk assessment is therefore a matter of identifying the exposure: when could this happen? and how likely is that to take shape?

Flipping this around, assessment and exposure set the parameters for exploring risk mitigation. For example: if you have a very small exposure (a very narrow window of opportunity), and your assessment determines that the impact is small, you probably won't spend too much time lining up a mitigation strategy. Why bother? On the other hand, if the window of opportunity is very large, and the impact significant, it's worth your time to think carefully about how to handle the Event if it happens.

Risk Thinking: An Example

We can use a concrete example to demonstrate:

This was a toy example but it shows a certain pattern of thought. We call this risk thinking, and it's the process of exploring a world beyond our intended outcome to identify Other Possible Scenarios and decide how -- or whether -- we would handle them.

(One thing we didn't do in this example, is leave some flexibility for some things we hadn't considered. Donald Rumsfeld took some heat for his "Unknown Unknowns" comment but, from a risk perspective, there is a lot of truth in there.)

This may sound very rigid and formal but it is something we all do; it's just that we rarely consider the thought process because it happens quickly and automatically. What took four bullet points and a couple of paragraphs in print, would take just seconds inside your brain.

Why is it so important to limit surprise?

I often tell people that I'd rather be inconvenienced than surprised: I can plan for an inconvenience that I know is coming, but a surprise requires that I adapt on the spot. (Most surprises ship with a free side of inconvenience.)

Risk thinking is all about limiting the impact of that surprise. It's a different way of looking at the future. We have our intended, preferred outcome in mind but we know that this is just one possible outcome in the absence of perfect information. The wise among us apply risk thinking to take the sting out of our predictions-gone-wrong.


(This content is an excerpt of a future project on risk.)

Towards Quantification: Finding Hard and Soft Numbers In Your Business

In search of ML/AI success? Know your hard and your soft numbers.

Where Is Your Risk Department?

Every company needs someone to be their extra eyes.