ð§ Dojo Compass
Finance, Risk & Long-Term Resilience
â Risk Management
How businesses identify, assess, and adapt to uncertainty.
ð§ Dojo Signal
How can businesses manage risks that they cannot fully see?
Over two thousand years ago, Plato posed a question that continues to challenge modern decision-makers.
In Meno, Socrates argues that a person cannot search for what they already know, nor can they search for what they do not know because they would not know what to look for.
This creates a practical challenge for every business leader.
If the future cannot be known with certainty, is risk management ultimately futile?
Fortunately, the answer is no.
The objective of risk management is not to eliminate uncertainty. It is to reduce uncertainty to a level that allows better decisions to be made.
After all:
Not all uncertainty is equally uncertain.
ð§ Core Principle
Effective risk management does not attempt to predict every future event.
Instead, it systematically transforms a vast universe of unknown possibilities into a manageable set of identifiable risks.
This process requires businesses to:
- Identify relevant risks.
- Estimate their likelihood.
- Assess their potential impact.
- Prioritize their importance.
- Continuously update their assumptions.
Risk management is therefore not an exercise in forecasting the future with precision.
It is an exercise in improving the quality of decisions under imperfect information.
The goal is not to know the future, but to become better prepared for multiple possible futures.
âïļ Applied Reality
Step 1: Define the Target Risk Set
Every business faces thousands of possible risks.
The first challenge is to transform abstract uncertainty into a practical set of risks that can be managed.
In simple terms:
Risk â Risk 1 â Risk 2 â Risk 3
There is no universal template.
Different companies face different risks because they operate under different business models, market conditions, and internal realities.
What harms one business may benefit another.
Step 2: Categorize Risks by Probability
Once risks have been identified, they should be classified according to their likelihood.
Using a taxi company as an example:
High probability risks
- vehicles running out of fuel
- traffic accidents
Moderate probability risks
- disruptions to transportation networks
- localized political events
Low probability or unknown risks
- disruptive technologies
- structural shifts that make taxis obsolete
This exercise does not eliminate uncertainty, but it reduces ambiguity.
Step 3: Estimate Frequency
The next step is to estimate how often risks may occur.
Some risks are supported by historical patterns.
For example, a taxi company may know:
- where accidents tend to occur
- what times of day they occur most frequently
- how often vehicles require maintenance
Other risks are harder to estimate.
Technological disruption or geopolitical events cannot be predicted with high precision.
However, by monitoring trends, companies can improve the quality of their assumptions over time.
Step 4: Weight the Risks
Not all risks deserve equal attention.
Businesses should estimate the economic impact if a risk materializes.
For example:
If a taxi is unavailable because it runs out of fuel, the cost can be estimated by calculating the fares that would have been earned during the downtime.
A practical risk grid may include:
- the risk itself
- expected frequency
- estimated financial impact
- confidence level
This grid should be updated continuously.
As conditions change, businesses must:
- add new risks
- remove obsolete risks
- adjust probabilities
- revise economic impacts
Risk management is a living process, not a static document.
Three Ways to Manage Risk
Once risks have been identified and prioritized, businesses generally have three options.
1. Accept the Risk
Many risks are simply accepted.
When we walk to work each morning, we accept numerous risks:
- slipping and falling
- being struck by a vehicle
- being injured by unforeseen events
Reasonable precautions are taken, but complete elimination is impossible.
Businesses operate in much the same way.
2. Actively Manage the Risk
Companies may implement measures to reduce the likelihood or impact of a risk.
The specific approach depends on:
- available resources
- organizational capabilities
- expected value creation
Importantly, many risks can be mitigated without substantial financial investment once they have been identified.
3. Transfer the Risk
Some risks can be shifted to another party.
The most common example is insurance.
However, risk transfer can take many forms, including:
- contractual guarantees
- investment agreements
- outsourcing arrangements
In these situations, another party accepts some portion of the uncertainty in exchange for compensation.
Risk Management and Value Creation
Risk management should never become an end in itself.
Every action should be evaluated through the lens of value creation.
For example:
Spending $1,000 to eliminate a risk that would only create a $500 loss if it materialized does not create value.
Effective risk management is therefore a balancing exercise.
Too little risk management leaves the company vulnerable.
Too much risk management creates unnecessary costs.
The objective is to find the point where resilience and value creation reinforce one another.
ðŠķ Dojo Takeaways
- The future cannot be predicted with certainty, but uncertainty can be reduced.
- Not all uncertainty is equally uncertain.
- Risk management begins by transforming abstract uncertainty into identifiable risks.
- Risks should be categorized according to probability, frequency, and potential impact.
- Businesses generally have three options: accept, manage, or transfer risk.
- Risk management should always be evaluated through the lens of value creation.
- Effective risk management is a continuous process rather than an annual exercise.
Leave a Reply