About the Author xiPreface xiiiAcknowledgments xviiPart One An Introduction To The Crisis 1Chapter 1 Healthy Skepticism for Risk Management 3A "Common Mode Failure" 5Key Definitions: Risk Management and Some Related Terms 8What Failure Means 14Scope and Objectives of This Book 17Chapter 2 A Summary of the Current State of Risk Management 21A Short and Entirely-Too-Superficial History of Risk 21Current State of Risk Management in the Organization 25Current Risks and How They are Assessed 26Chapter 3 How Do We Know What Works? 35Anecdote: The Risk of Outsourcing Drug Manufacturing 36Why It's Hard to Know What Works 40An Assessment of Self-Assessments 44Potential Objective Evaluations of Risk Management 48What We May Find 57Chapter 4 Getting Started: A Simple Straw Man Quantitative Model 61A Simple One-for-One Substitution 63The Expert as the Instrument 64A Quick Overview of "Uncertainty Math" 67Establishing Risk Tolerance 72Supporting the Decision: A Return on Mitigation 73Making the Straw Man Better 75Part Two Why It's Broken 79Chapter 5 The "Four Horsemen" of Risk Management: Some (Mostly) Sincere Attempts to Prevent an Apocalypse 81Actuaries 83War Quants: How World War II Changed Risk Analysis Forever 86Economists 90Management Consulting: How a Power Tie and a Good Pitch Changed Risk Management 96Comparing the Horsemen 103Major Risk Management Problems to Be Addressed 105Chapter 6 An Ivory Tower of Babel: Fixing the Confusion about Risk 109The Frank Knight Definition 111Knight's Influence in Finance and Project Management 114A Construction Engineering Definition 118Risk as Expected Loss 119Defining Risk Tolerance 121Defining Probability 128Enriching the Lexicon 131Chapter 7 The Limits of Expert Knowledge: Why We Don't Know What We Think We Know about Uncertainty 135The Right Stuff: How a Group of Psychologists Might Save Risk Analysis 137Mental Math: Why We Shouldn't Trust the Numbers in Our Heads 139"Catastrophic" Overconfidence 142The Mind of "Aces": Possible Causes and Consequences of Overconfidence 150Inconsistencies and Artifacts: What Shouldn't Matter Does 155Answers to Calibration Tests 160Chapter 8 Worse Than Useless: The Most Popular Risk Assessment Method and Why It Doesn't Work 163A Few Examples of Scores and Matrices 164Does That Come in "Medium"?: Why Ambiguity Does Not Offset Uncertainty 170Unintended Effects of Scales: What You Don't Know Can Hurt You 173Different but Similar-Sounding Methods and Similar but Different-Sounding Methods 183Chapter 9 Bears, Swans and Other Obstacles to Improved Risk Management 193Algorithm Aversion and a Key Fallacy 194Algorithms versus Experts: Generalizing the Findings 198A Note about Black Swans 203Major Mathematical Misconceptions 209We're Special: The Belief That Risk Analysis Might Work, but Not Here 217Chapter 10 Where Even the Quants Go Wrong: Common and Fundamental Errors in Quantitative Models 223A Survey of Analysts Using Monte Carlos 224The Risk Paradox 228Financial Models and the Shape of Disaster: Why Normal Isn't So Normal 236Following Your Inner Cow: The Problem with Correlations 243The Measurement Inversion 248Is Monte Carlo Too Complicated? 250Part Three How to Fix It 255Chapter 11 Starting with What Works 257Speak the Language 259Getting Your Probabilities Calibrated 266Using Data for Initial Benchmarks 272Checking the Substitution 280Simple Risk Management 285Chapter 12 Improving the Model 293Empirical Inputs 294Adding Detail to the Model 305Advanced Methods for Improving Expert's Subjective Estimates 312Other Monte Carlo Tools 315Self-Examinations for Modelers 317Chapter 13 The Risk Community: Intra- and Extra-organizational Issues of Risk Management 323Getting Organized 324Managing the Model 327Incentives for a Calibrated Culture 331Extraorganizational Issues: Solutions beyond Your Office Building 337Practical Observations from Trustmark 339Final Thoughts on Quantitative Models and Better Decisions 341Additional Calibration Tests and Answers 345Index 357

DOUGLAS W. HUBBARD is the inventor of Applied Information Economics (AIE). His methodology has earned him critical praise from Gartner and Forrester Research. He is also the author of How to Measure Anything: Finding the Value of Intangibles in Business and How to Measure Anything in Cybersecurity Risk. His articles appear in Nature, The American Statistician, The IBM Journal of R&D, InformationWeek and many more. He has over 30 years of experience in management consulting focusing on the application of quantitative methods in decision making