CHAPTER THREE

Risk
Analysis
Prepared by: Jeremiah D. Platino, MAED
Reference: Managerial Economics by Dominick Salvatore, Ph.D.
3-0 ABSTRACT
 The definition of risk introduced in the ISO 31000 standard of 2009
(2018) is uncertain goal achievement; thus, both negative and positive
outcomes can be considered. It also implies that risk is not limited to life
and health, but may cover all goals of a company. Risk management thus
becomes a question of achieving and optimizing multiple goals. Since
safety is but one of several considerations, safety may lose out to other
more easily measured objectives of a company, such as economics and
compliance with regulatory requirements.
 Risk analyses have a long history of quantification, a tradition that for
various reasons has waned and should be revived if safety goals are to
be treated together with other goals of a company. The extended scope
affects not only company owners and employees but also neighbors, the
local community, and the society at large. The stochastic nature of risk
and the considerable time lap between decisions and the multiattributed
consequences implies that managing risk is exposed to cognitive biases
of many sorts. Risk management should be based on a quantitative
approach to risk analysis as a protection against the many cognitive
biases likely to be present, and managers should be trained to recognize
the most common cognitive biases and decision pitfalls.
3-1 INTRODUCTION
 Accidents happen, in the past and present, and efforts to analyze how to
avoid their reoccurrence have always been the backbone for
improvements in safety. Through the study of the causes and statistics of
accidents, their frequency and consequence severity have been reduced.
Analytical algorithms and tools were developed, mainly after WW2,
supplementing the safety improvements of accident investigations. The
analytical approach has evolved considerably over the years in terms of
improvements in methodology and calculation capabilities. The
evolution has also been a response to the extensions in the scope of both
risk causes and consequences, i.e., goals.
 Some of the mathematics and statistics of risk were developed to meet
the need to decide the average remaining lifetime to estimate the cost of
life insurance policies. Practical risk reduction knowledge has
accumulated since then in high-risk industries like shipping, chemical
plants, oil and gas, nuclear power plants, aviation, and space
exploration. Risk was defined in relation to unwanted consequences, as
a function of the probability with which an event may happen and how
severe it might be.
 If the causes of risk are known and probability data exist, risk can be
calculated in quantitative risk analyses (QRAs). Making decisions based
on the results of risk analyses in a systematic way inspired the concept
of risk management, with the aim to reduce risk based on findings from
QRA. The quantitative nature of this approach made cost-benefit
analyses possible. If properly carried out, the result was a better
utilization of limited resources, be it money, experts, or other means.
The different applications of risk management in insurance, finance, and
industry were developed with little mutual exchange between them. The
risk management tradition of finance looked at risk including both gains
and losses because of investments, while in industry and engineering,
risk was associated with potential loss only. Because risk is an
expression of events that may happen in the future, risk is intrinsically
uncertain.
 The decisions that may trigger such events are often made to achieve
multiple goals, e.g., profit while maintaining safety margins related to
health and environment. The question of how to balance several goals is
not trivial. Some might be in conflict; others might support each other.
There can be different stakeholders affected by the decision, with
different priorities and power of influence, and they might be involved
directly or indirectly. The stakeholders can be owners, employees,
neighbors, politicians, NGOs, or competitors. Some goals might be
certain and others uncertain.
 Some of the effects of decisions can happen in some distant future,
raising the issue of discounting. Since humans’ discount is differently
than “econs,” the rational utility maximizing economic man, the stage
was set for differences in opinions and priorities. Decision-making in
risk management is therefore a practical application of judgment under
uncertainty, leading to the study of cognitive biases and becoming the
foundation for behavioral economics.
The definition of risk has undergone major changes, from the product of
the severity and probability of unwanted events to uncertain
achievement of multiple goals, as reflected in the ISO 31000 “Risk
Management,” a guideline developed for risk management systems.
When the scope is lifted to include the whole company and all its
objectives, the concept of enterprise risk management (ERM) is used.
In parallel with the “engineering” approach, the auditing and accounting
professions have developed an approach to ERM under the COSO label
with emphasis on fraud prevention and audit of accounting.
Comprehensive systems on how to reduce risk to an acceptable level on
a continuous basis are commonly described as Safety Management
Systems (SMS), reflecting a broad approach including risk analyses,
safety assurance, incident investigations, safety inspections, and audits.
In aviation, SMS includes the evaluation of incidents with respect to
quality the remaining barriers as well as safety issues that may require a
more detailed risk analysis.
 Concurrent with the development of SMS, vetting systems have
emerged as background checks of both people and systems. Vetting is a
case-based inspection used by a diversity of institutions, from public
agencies in border control to oil majors in relation to suppliers. When an
oil tanker is nominated to a charterer and considered for lifting cargo at
a terminal which requires the consent of an oil major, the oil major will
“vet” the vessel, i.e., inspect and approve the vessel for visits to that
terminal. This is usually regarded as a more critical inspection than the
internal audits performed by the shipowner because the consequence of
a failed vetting is a loss of business. SMS and vetting systems
complement each other as the former is a continuous and systems-based
approach, while the latter is more detailed and adapted to a practical
case.
 The different definitions of risk and approaches to mitigate risk may
have both a positive effect and a negative effect. On the positive side,
competition can lead to improvements in achieving results at a lesser
cost. Negative effects can be unnecessary activities and conflicts
between the various safety assurance actors, with more bureaucracy and
higher costs than necessary.
 3-2 RISK AND UNCERTAINTY IN
MANAGERIAL DECISION MAKING
 Until now we have examined managerial decision making under
conditions of certainty. In such cases, the manager knows exactly the
outcome of each possible course of action. Many managerial decisions
are, indeed, made under conditions of certainty, especially in the short
run.
In many managerial decisions, however, the manager often does not
know the exact outcome of each possible course of action. For example
the return on a long-run investment depends on economic conditions in
the future, the degree of future competition, consumer tastes,
technological advances, the political climate, and many other such
factors about which the firm has only imperfect knowledge.
 In such cases, we say that the firm faces “risk” or “uncertainty”. Most
strategic decisions of the firm are of this type.

Managerial decisions are made under conditions of certainty, risk. or

uncertainty. Certainty refers to the situation where there is only one
possible outcome to a decision and this outcome is known precisely. For
example, investing in Treasury bills leads to only one outcome and this
is known with certainty. The reason is that there is virtually no chance
that the federal government will fail to redeem these securities at
maturity or that it will default on interest payments.
 On the other hand, when there is more than one possible outcome to a
decision, risk or uncertainty is present.
Risk refers to a situation where there is more than one possible outcome
to a decision and the probability of each specific outcome is known or
can be estimated. Thus, risk requires that the decision maker know all
the possible outcomes of the decision and have some idea of the
probability of each outcome’s occurrence. For example, in tossing a
coin, we can get either a head or a tail, an each has an equal chance of
occurring. Similarly, investing in a stock or introducing a new product
can lead to one of a set of possible outcomes, and the probability of each
possible outcome can be estimated from past experience or from market
studies.
In general, the greater the variability of possible outcomes, the greater is
risk associated with the decision or action.
Uncertainty is the case when there is more than one possible outcome
to a decision and where the probability of each specific outcome
occurring is not known or even meaningful. This may be due to
insufficient past information or instability in the structure of the
variables. In extreme forms of uncertainty not even the outcomes
themselves are known. For example, drilling for oil in an unproven field
carries with it uncertainty if the investor does not know either the
possible oil outputs or their probability of occurrence.
 In the analysis of managerial decision making involving risk, we will
utilize such concepts as strategy, states of nature, and payoff matrix. A
strategy refers to one of several alternative courses of action that a
decision maker can take to achieve a goal. For example, a manager may
have to decide on the strategy of building a large or a small plant in
order to maximize profits or the value of the firm. States of nature refer
to conditions in the future that will have significant effect on the degree
of success or failure of any strategy, but over which the decision maker
has little or no control.
For example, the economy may be booming, normal, or in a recession in
the future. The decision maker has no control over the states of nature
will certainly affect the outcome of any strategy that he may adopt. The
particular decision made will depend, therefore, on the decision maker’s
knowledge or estimation of how a particular future state of nature will
affect the outcome or result of each particular strategy. Finally, a Payoff
matrix is a table that shows the possible outcomes or results of each
strategy under each state of nature.
 3-3 MEASURING RISK WITH
PROBABILITY DISTRIBUTIONS
In this lesson, we examine the meaning and characteristic of probability
distributions, and then we use these concepts to develop precise measure
of risk.
 The probability of an event is the chance or odds that the event will
occur. For example, if we say that the probability of booming conditions
in the economy next year is 0.25 or 25 percent, this means that there is 1
chance in 4 for this condition to occur. By listing all the possible
outcomes of an event and the probability attached to each, we get a
probability distribution. For example, if only three states of the economy
are possible (boom, normal, recession) and the probability of each
occurring is specified, we have a probability distribution such as shown
below.
 An Absolute Measure of Risk: The Standard Deviation

We can measure the tightness or the degree of dispersion of a probability

distribution by the standard deviation, which is indicated by the symbol
σ. Thus, the standard deviation (σ) measures the dispersion of possible
outcomes from the expected value. The smaller the value of σ, the
tighter or less dispersed is the distribution, and the lower the risk.