How should governments decide in the face of radical uncertainties, such as those concerning climate change, energy policy, genetically modified organisms and nanotechnologies? How should managers and investors plan in the face of the considerable economic, geopolitical and environmental uncertainties that impact the success of their projects?
The decision sciences have made great improvements over the past decades in our understanding of how people make decisions involving uncertainty. By contrast, little progress has been made on the normative question: how should people choose in the face of uncertainty? And yet, the established paradigm around this question – developed by philosophers, economists and statisticians in the middle of the last century, and often called Bayesianism – seems incapable of coping with the toughest uncertainties facing us today. An on-going project, led by Brian Hill at the HEC Paris-CNRS Decision Sciences laboratory and partly funded by the French Agence Nationale de Recherche (projet DUSUCA), deals precisely with this normative question. To do so, it has been involved in developing, defending and promoting a new model for decision making in the face of uncertainty, based on a notion that has been largely neglected to date: confidence.
The role of confidence in decision-making
Uncertainty denotes a lack of knowledge or sufficiently strong belief. Any incorporation of uncertainty into a decision involves a consideration of what the decision maker can justifiably believe. Beyond the fact of holding a certain belief, one can be more or less confident in it. People seem to be more confident in certain beliefs than others; compare, for example, investors’ confidence in their beliefs about the performance of a certain stock in a familiar market with how sure they are about their opinions concerning a market with which they have no experience. The level of confidence in beliefs seems to play a significant role in decisions. Ideally, one would like environmental policy decisions to be based on judgements about which we are fairly confident (in view of the evidence accumulated by decades of research, for instance), rather than on mere hunches (for instance, the uncorroborated hunch that the issue of climate change is Chinese conspiracy). In a series of papers, Brian Hill develops a model of decision making that incorporates the degree of confidence in beliefs. It does so according to the maxim that the more important a decision is, the more confidence is required of a belief for it to be used in making that decision. In other words, hunches can be used for unimportant decisions, but when the stakes are high, one should only rely on beliefs in which one has considerable confidence.
I see the climate change example as a strong case study for the model that we have developed
Confidence, and how you should decide in the face of uncertainty
Economists and philosophers have evoked various considerations to evaluate the normative credentials of decision-making procedures. Many are based on abstract mathematical results that reveal whether a prima facie reasonable procedure leads decision makers to make embarrassing decisions in certain situations. Several published and some more recent papers, developing intra alia results of this sort, make the case that Brian Hill’s theory of decision making and confidence provides a reasonable account of how one should go about deciding. These investigations suggest that his proposed decision-making model and its incorporation of confidence in beliefs has significant advantages, as a normative account, over other existing proposals in the literature.
Climate uncertainties and climate decisions
Recent and current work has focused on connecting Brian Hill’s theory of decision making with real-life decisions in the face of severe uncertainty. Perhaps one of the most striking examples is climate policy. The Intergovernmental Panel on Climate Change (IPCC) periodically summarizes the present state of scientific knowledge about climate change and its impacts. The main goal of this exercise is to inform environmental policy making. However, the IPCC uses a specific technical language for conveying uncertainty, which people do not seem to know how to connect to existing decision-making processes. Certainly, it is unclear that policy makers are making full and proper use of the information provided to them in the IPCC’s reports.
According to Brian Hill, however, his decision-making model is particularly well-suited to harnessing the information supplied in these reports. “I see the climate change example as a strong case study for the model that we have developed,” he explains. “Our model can use all of the information provided in the IPCC’s reports without needing any more. This is not the case for other existing models: either they cannot process parts of the information the IPCC provides, and so have to ignore them, or they require something that the IPCC does not supply. To be more specific, some approaches reserve no role for confidence in beliefs, and so are too simple to take into account the confidence information provided by the IPCC. On the other hand, models that are rich enough to represent a confidence dimension assume that it takes precise numerical values, without which the models cannot be applied. However, the IPCC provides no such numerical values, instead using a qualitative 5-point evaluation of confidence levels, ranging from very low to very high. Indeed, the philosophy behind our model is in line with the IPCC’s thinking on this issue: there seems to be no non-arbitrary way to characterise with a precise number the confidence level that the current state of scientific research warrants in a given finding when it comes to climate change – especially when this research involves a range of scientific studies, in different disciplines, with different data, different methodologies, and perhaps even different conclusions.” Joint work with colleagues at the LSE suggests that Brian Hill’s model is the first developed that can deal with the kinds of important decision-making inputs provided by the IPCC reports. In this way, it also vindicates the IPCC’s technical uncertainty language as normatively justifiable, by showing that it fits well into a reasonable decision-making procedure.
Brian Hill concludes that the model’s appropriateness in regards to climate change suggests that it could be applied to other decisions that must be made in the face of uncertainty. “The IPCC represents one of humanity’s biggest efforts to document the level of knowledge and uncertainty on an issue, and our model provides decision makers with an ideal way of harnessing the incredibly complex and rich information they supply. This suggests that the approach can make valuable contributions to other decisions under severe uncertainty, across a wide range of situations and sectors.”
It’s a mistake to assume that taking action is the biggest risk. In many cases, the riskiest action is in fact inaction. The pace of change in today’s world means that standing still leads to falling behind current and emerging competitors. The way in which many companies make investment decisions blinds them to this reality. Most executives know that the present value of an investment comes from projecting its cash flows and discounting those numbers into today’s dollars. The general rule is projects with positive net present values should get funded, and those with negative ones shouldn’t. That assumes, however, that the base case is zero. If doing nothing leads to decline, projects with marginal projections actually are better alternatives than inaction.
It’s a mistake to believe that good entrepreneurs seek out risk. They don’t. Good entrepreneurs recognize the inherent risk of creating new businesses. After all, it’s well known that most new businesses fail, and that most of the ones that succeed do so in modest enough ways that the entrepreneur gets at best a modest financial return on his or her effort. As Noam Wasserman noted in The Founder’s Dilemmas, “On average, entrepreneurs earn no more by founding startups than they would have earned by investing in public equity – less, in fact, from a risk-return perspective.” What good entrepreneurs excel at isn’t taking risk, it is managing it. Working with partners, raising money from a syndicate of investors, building a team, scrappy ways to earn revenue are all examples of smart risk management.
It’s a mistake to celebrate failure to encourage risk taking. Dictionary.com offers a reasonable definition of risk as “exposure to the chance of injury or loss; a hazard or dangerous chance.” There can be no innovation without risk, as innovation necessarily has uncertain outcomes, some of which can be bad. Encouraging risk taking, therefore, can help to boost innovation. However, that doesn’t suggest a blanket endorsement of failure. In many cases, failure is bad. Sometimes people fail because they didn’t do their homework. Sometimes they fail because they lacked skills or hadn’t practiced enough. These categories of failure should never be celebrated. Rather, executives should recognize that the path to innovation success is never a straight line, so fumbles, false starts, and, yes, sometimes failure are part of the game.
It’s a mistake to think that rewarding success will boost risk-taking. Innovation-hungry executives at large companies often gnash their teeth about the challenges of compensation, lamenting that their system simply won’t allow them to offer the unbridled upside that awaits entrepreneurs at unicorns (which, in reality, are an incredibly rare breed). True. But that’s not really what holds innovation back in most companies. It isn’t the lack of rewards; it is the presence of punishment. Execution-oriented companies are used to rewarding people who hit their numbers and punishing those who don’t. But the uncertainty that accompanies innovation means that sometimes people will do everything right and still have a commercial failure. And if that result carries stiff punishment, don’t expect anyone to ever take any risk. While it is well known that quick wins build confidence in change efforts, companies seeking to build their innovation capabilities should have a quick loss, where a project gets shut down and everyone celebrates rather than looking for a scapegoat. It helps to signal that the company is ready to think and act differently.
VUCA, volatile, uncertain, complex, and ambiguous, describes perfectly what is happening in the global business world today. Business is not running as usual. Leaders must deal with growing uncertainty, complexity, and ambiguity in their decision-making environments. CEOs have little idea what to expect in terms of health care policy, financial transactions, national security, and global trade—all of vital importance to themselves, their employees, and their stakeholders.
Managerial training in the classic techniques of control systems, financial forecasting, strategic planning, and statistical decision making have not prepared them for this amount of flux in the environment.
In short, these rapid-fire changes are putting extreme pressure on business leaders to lead in ways not heretofore seen.
Now is the time for authentic business leaders to step forward and lead in ways that business schools don’t teach. Let’s examine these different ways of leading comprising VUCA 2.0:
Vision – Today’s business leaders need the ability to see through the chaos to have a clear vision for their organizations. They must define the True North of their organization: its mission, values, and strategy. They should create clarity around this True North and refuse to let external events pull them off course or cause them to neglect or abandon their mission, which must be their guiding light. CEO Paul Polman has done this especially well by focusing Unilever’s True North on sustainability.
Understanding – With their vision in hand, leaders need in-depth understanding of their organization’s capabilities and strategies to take advantage of rapidly changing circumstances by playing to their strengths while minimizing their weaknesses. Listening only to information sources and opinions that reinforce their own views carries great risk of missing alternate points of view. Instead, leaders need to tap into myriad sources covering the full spectrum of viewpoints by engaging directly with their customers and employees to ensure they are attuned to changes in their markets. Spending time in the marketplace, retail stores, factories, innovation centers, and research labs, or just wandering around offices talking to people is essential.
Courage – Now more than ever, leaders need the courage to step up to these challenges and make audacious decisions that embody risks and often go against the grain. They cannot afford to keep their heads down, using traditional management techniques while avoiding criticism and risk-taking. In fact, their greatest risk lies in not having the courage to make bold moves. This era belongs to the bold, not the meek and timid.
Adaptability – If ever there were a need for leaders to be flexible in adapting to this rapidly changing environment, this is it. Long-range plans are often obsolete by the time they are approved. Instead, flexible tactics are required for rapid adaptation to changing external circumstances, without altering strategic course. This is not a time for continuing the financial engineering so prevalent in the past decade. Rather, leaders need multiple contingency plans while preserving strong balance sheets to cope with unforeseen events.
With external volatility the prevalent characteristic these days, business leaders who stay focused on their mission and values and have the courage to deploy bold strategies building on their strengths will be the winners. Those who abandon core values or lock themselves into fixed positions and fail to adapt will wind up the losers.
Assessing a company’s vulnerability to risk makes otherwise theoretical discussions of strategy more real. In the decade since the global financial crisis, financial companies have honed their ability to measure risk in a way that nonfinancial companies have not. Granted, nonfinancial executives hadn’t faced the same existential crisis. And they’ve seldom come under the same kinds of investor and regulatory pressure. But the result is that they haven’t absorbed many of the lessons on risk management learned by the financial sector.
We believe that nonfinancial companies, too, would benefit from a more aggressive look at the risks they face. Among the most important steps they could take, for example, would be to quantify risks in the context of broader scenarios, and not just as discrete sensitivities. They should calculate the effect of more extreme one-off events, such as a cybersecurity attack, in addition to continuous risks, like GDP. They should model risk-mitigation strategies as well as the risks themselves. And they should sustain a conversation about risk that is explicitly tied to strategic planning, capital allocation, and other business decisions.
We recently tested our thinking qualitatively in interviews with the CFOs, company secretaries, and controllers of 11 leading nonfinancial companies in the United Kingdom. Having just completed their first full reporting year under a new policy requiring companies to assess their longer-term viability,1 these nonfinancial company executives offered insight into the value a structured risk-measurement exercise can bring to a company’s decision making. As one UK executive reflected, seeing what certain risks could really mean for the value of their operations gives the whole intellectual exercise more currency.
Companies often maintain a list of the main risks that managers believe they face, which they report as their “risk register” in annual reports. These include discrete operational events, such as major industrial accidents, cyberattacks, or employee malfeasance. If they take the next step to quantify those risks, many simply turn to that list and model them, often for the first time, onto their financial outlook. That’s a good start, as it gives managers some insight into how sensitive the company’s financial health is to changes around individual risks, which many companies don’t do. But measuring individual risks discretely does little to illuminate a more complex landscape of interrelated risks that often move together in the real world. That requires the further step of coherently clustering risks together into scenarios.
Scenarios are more appropriate because they help managers consider the effects of a variety of severe but plausible scenarios without being farfetched. They can also accommodate interaction effects among sensitivities. One manufacturer in our group reported modeling 18 different scenarios, after eliminating many more that they felt did not meet the plausibility criteria. The comprehensiveness of the exercise equipped the board with a clear perspective on the company’s resilience and a number of management actions in time for the Brexit referendum months later. And finally, integrated scenarios also ensure that companies do not miss or underestimate the correlations between their different business activities and individual risk types, thereby underestimating group-level vulnerability.
We frequently encounter companies willing to model broader, everyday market variables, such as GDP or inflation, or more specific variables, such as the rate of formation of new companies. But we seldom find companies willing to model more extreme variables or one-off events, such as a cyberattack or a natural disaster. The data to measure the effects of the former are fairly easy to come by, some argue, while reliable data on the latter are not. Others believe that their employees would sufficiently rally together to counter such events. As one UK executive told us, “We did not try to model events of nature and operational issues. All hands would be to the pump in the organization anyway, to deal with that particular situation, given its gravity. The complete random nature of seeking to put in a number—we think that is too difficult.”
One-off events can also be more correlated with market downturns than companies expect. For example, the pressure on income after a recession can translate into aggressive business practices that lead to one-off risk events—by undermining product or employee safety or leading to ethics violations. Governments may add to the pressure with a more aggressive tax and regulatory stance. Many companies will model the economic downturn, but they often don’t model one-off events like changes in tax policy.
Some companies do find ways around the challenge of quantifying one-off events—often turning to the lessons of history to drive the analysis. One IT company, for example, used the experience of other companies that suffered a cyberattack to quantify the potential impact on its business. Press and financial reports often provide the kinds of relevant details needed, such as an increase in customer churn rates or declines in revenues.
A materials company used a proportionate measure of the impact of the 2007–08 financial crisis on its business to stress test its current financial outlook. Managers then used the data to inform a strategy discussion with the board. In so doing, these companies gained a deeper appreciation for the magnitude these catastrophic shocks could have on their business and could allocate resources to prepare for them more effectively.
Even nonfinancial companies that undertake a regular measurement of risks often neglect also to measure the effects of their plans to mitigate the fallout of a downside scenario. Steps like reducing dividend payouts, cutting capex, or selling assets come with their own risks over the long term—and we believe risk-savvy managers should model both.
However, among our UK interviewees, several worried that modeling mitigations on top of the initial scenario or sensitivity amounted to piling assumptions on top of assumptions. Indeed, there was also some debate as to the right perspective from which to comment on risk. Viability is one, but metrics such as the risk of a dividend being cut might be another—or, for companies that have promised a progressive dividend, the risk that the rate of growth might slow.
Whichever metric is used, companies and their boards would benefit from understanding which mitigations exist, when they should be triggered, and what rough magnitude of impact they could deliver. One approach to understanding mitigation steps that we’ve observed elsewhere immerses executives in a war-game-like exercise. Teams representing different interests, such as competitors, suppliers, and regulators, debate a risk scenario and then run their respective reactions through the risk model to measure the effects. This has the benefit of ensuring that mitigation efforts are plausible and how they might affect viability or dividends, for example. It also gives management confidence in their approach when an actual crisis comes to pass.
The usefulness of risk-measurement exercises can be limited if they aren’t dynamically linked to strategic planning, capital allocation, and other business decisions. That means such exercises need to include more than just a CFO or a board audit committee, or they amount—as one UK interviewee put it—to little more than a “tick-box exercise” that fails to change behaviors in the business.
Yet in cases where internal engagement is more comprehensive, we’ve seen risk-measurement exercises provoke a systematic review of a company’s risk profile, risk-management approach, and strategic posture—even if it can take some time before the consequences become evident. One UK retailer we met with described holding workshops with the company’s executive team to reconsider its risk register and define plausible downside scenarios. Its board audit committee also spends significant time discussing the appropriate modeling methodology to arrive at robust and meaningful results. As with many of the companies we spoke with, it’s too early to see concrete impact—we didn’t hear of anyone who had made a major change in the business as a result. But several told us that a better understanding of risk was valuable input and wanted to deepen the process.
Indeed, several of our UK interviewees acknowledged that they’d previously had a limited understanding of their risk exposure. As a consequence, for example, they had no systematic understanding of how much capital they actually needed to absorb risk in current operations. Again, none reported after undergoing the risk-measurement exercise that they felt the need to raise or conserve more capital for such risks, though a few did report finding they were much more resilient to downside risks than they had expected. We also found broad recognition of the value of a more structured, analysis-enriched conversation with key decision makers about risks, and many companies were keen to improve on their approach going forward. As the lessons from the viability-statement exercise are embedded and companies’ approaches evolve, the intent is summed up by one interviewee as, “you start with the risk process and it develops and becomes richer in time.”
For nonfinancial companies, a more structured approach to risk measurement can lead to a more nuanced and insightful appreciation of true risk levels, and eventually a better-informed strategic posture.