diff --git a/hubbard_2020_failure.md b/hubbard_2020_failure.md index 88ba94d..05b0f34 100644 --- a/hubbard_2020_failure.md +++ b/hubbard_2020_failure.md @@ -122,12 +122,273 @@ For commentary see the companion #### The Mind Of "Aces": Possible Causes And Consequences Of Overconfidence +Unless managers take steps to offset overconfidence +in assessments of probabilities, +they will consistently underestimate various risks +(i.e., they will be more confident than they should be +that some disaster won't occur). +This may have had some bearing on very-high-profile disasters, +such as those of the Space Shuttle Orbiters *Challenger* and *Columbia*. + +The Nobel Prize-winning physicist, Richard Feynman, +was asked to participate in the investigation of the first Space Shuttle accident +(involving *Challenger*). + +What he found were some risk assessments that seemed at first glance to be obviously optimistic. +He noted the following in the *Rogers Commission Report on the Space Shuttle* Challenger *Accident*: + +> It appears that there are enormous differences of opinion +> as to the probability of a failure with loss of vehicle and of human life. +> The estimates range from roughly 1 in 100 to 1 in 100,000. +> The higher figures \[1 in 100\] come from the working engineers +> and the very low figures \[1 in 100,000\] from management. +> What are the causes and consequences of this lack of agreement? +> Since 1 part in 100,000 would imply +> that one could put a Shuttle up each day for 300 years +> expecting to lose only one, +> we could properly ask +> "What is the cause of management's fantastic faith in the machinery?"[^7-10] + +Feynman believed that if management decisions to launch +were based on such an extraordinary confidence in the Shuttle, +then these decisions were flawed. +As was Feynman's frequent practice, +he applied simple tests and reality checks +that would cast doubt on these claims. + +Perhaps an obvious explanation is the conflict of interest. +Are managers really incentivized to be honest with themselves and others +about these risks? +No doubt, that is a factor, +just as it was probably a factor in the assessments of risks +taken by bank managers in 2008, +whether or not it was consciously considered. +However, individuals showed overconfidence +even in situations when they had no stake in the outcome (trivia tests, etc.). + +JDM research has shown that both the incentives and the amount of effort put into identifying possible surprises will make a difference in overconfidence.[^7-11] +Some of the sources of overconfidence would affect +not only managers who depend on subjective estimates +but also those who believe they are using sound analysis of historical data. +Managers will fail to consider ways in which human errors affect systems and will fail to consider common mode and cascade system failures.[^7-12] + +There may also a tendency to relax our concerns +for infrequent but catastrophic events +when some time passes without experiencing the event. +Robin Dillon-Merrill, +a decision and risk analysis professor at Georgetown University, +noticed this tendency when she was studying +the risk perceptions of NASA engineers +prior to the Space Shuttle *Columbia* accident. +*The* Columbia *Accident Investigation Report* noted the following: + +> The shedding of External Tank foam--- +> the physical cause of the Columbia accident---had a long history. +> Damage caused by debris has occurred on every Space Shuttle flight, +> and most missions have had insulating foam shed during ascent. +> This raises an obvious question: +> Why did NASA continue flying the Shuttle +> with a known problem that violated design requirements?[^7-13] + +Dillon-Merrill considers each time +that foam fell off the external tank of the Shuttle, +but where the Shuttle still had a successful mission, +to be a "near miss." +Her proposal was that near misses are an opportunity to learn +that is rarely exploited. +She interviewed NASA staff and contractors +about how they judged near misses +and found two very interesting phenomena +that in my opinion have important implications +for risk management in general. + +Perhaps not surprisingly, she found that near misses and successes +were both judged much more favorably than failures. +But were these near-miss events being rated more like a failure +than a mission success? +Did engineers take each near miss as a red flag warning +about an impending problem? +Incredibly, just the opposite occurred. +The study included an experiment +where NASA staff and students +were asked to choose among various options +for hypothetical unmanned space missions. +The options included decisions like whether to skip a test +due to schedule constraints. +Some subjects were given near miss data and some were not. +The study found that people with the near-miss information were *more* likely to choose the riskier alternative.[^7-14] + +> *The near miss interpretation paradox*: +> People with near-miss information +> were *more* likely to make the riskier choice +> than people who did not have information about near misses. + +It is possible that managers were looking at each near miss +and thinking that because nothing had happened yet, +perhaps the system was more robust than they thought. +Or it might be more subtle than that. +Dillon-Merrill found that when people have a known exposure +to some relatively unlikely risk, +their tolerance for that risk seems to increase +even though they may not be changing their estimate +of the probability of the risk. + +Imagine that you are in an area exposed to hurricane risks. +Authorities confirm that there is a 3 percent chance of injury or death +each time you do not evacuate when ordered to for a hurricane warning. +If you happen to make it through two or three hurricanes without harm, +you will become more tolerant of that risk. + +Note that you are not actually changing your estimate +of the probability of the harm +(that was provided by authorities); +you are simply becoming more numb to the risk as it is. + +Now imagine the implications of this for Wall Street. +If they have a few good years, +everybody will start to become more "risk tolerant" +even if they are not changing their underlying forecasts +about the probabilities of a financial crisis. +Now that the mortgage uncertainty has settled for a decade or so, +will all managers, again, start to become more tolerant of risks? + +There are other effects to consider +when examining the psyche of upper-level decision-makers. +Part of overestimating past performance +is due to the tendency to underestimate how much we learned +in the last big surprise. +This is what Slovic and Fischhoff called the *I-knew-it-all-along* phenomenon. +People will exaggerate how "inevitable" the event would have appeared +before the event occurred. +(News pundits talking about the mortgage crisis +certainly make it sound as if it were inevitable, +but where were they before the crisis occurred?) + +They even remember their previous predictions in such a way that they, +as Slovic put it, "exaggerate in hindsight what they knew in foresight." +I hear the I-saw-that-coming claim so often that, if the claims were true, +there would be virtually no surprises anywhere in the world. +Two lines of dialog in the movie *Wall Street* +revealed Oliver Stone's grasp of this phenomenon. +After "Bud" (Charlie Sheen's character) had his initial big successes as a broker, +his boss said, "The minute I laid eyes on you, I knew you had what it took." +Later, when Bud was being arrested in the office +for the crimes he committed to get those early successes, +the same boss said, "The minute I laid eyes on you, I knew you were no good." +Kahneman sums it up: + +> When they have made a decision, +> people don't even keep track of having made the decision or forecast. +> I mean, the thing that is absolutely the most striking +> is how seldom people change their minds. +> First, we're not aware of changing our minds +> even when we do change our minds. +> And most people, after they change their minds, +> reconstruct their past opinion--- +> they believe they *always* thought that.[^7-15] + +There is one other item about overconfidence +that might be more unique to upper management +or particularly successful traders. +Some managers can point to an impressive track record of successes +as evidence that a high level of confidence on virtually all matters +is entirely justified on their part. +Surely, if a portfolio manager can claim +she had above-average market returns for five years, +she must have some particularly useful insight into the market. +An IT security manager who has presided over a virus-free, +hacker-free environment much longer than his peers in other companies +must have great skill, right? + +Actually, luck can have more to do with success +than we might be inclined to think. +For example, a statistical analysis of World War I aces +showed that Baron von Richthofen (aka The Red Baron) +might have been lucky but not necessarily skilled.[^7-16] +Two electrical engineering professors, +Mikhail Simkin and Vwani Roychowdhury +of the University of California at Los Angeles, +examined the victories and losses +for the 2,894 fighter pilots who flew for Germany. +Together, they tallied 6,759 victories and 810 defeats. +This is perhaps a suspiciously high win ratio +but these numbers include shooting down unarmed scout and delivery planes. +The Germans also had a technological advantage in the air during WWI. +Furthermore, not all kills could be confirmed +and the inflation of these numbers is certainly possible--- +but there is no reason to assume +that the Baron was less prone to exaggeration than others. +Simkin and Roychowdhury showed that, +given the number of pilots and the win ratio, +there was about a 30 percent chance that, by luck alone, +one pilot would have gotten eighty kills, +the number Manfred von Richthofen is credited for. + +This might describe a large number of "successful" executives +who write popular books on the special insight they brought to the table, +but who then sometimes find they are unable to repeat their success. +Given the large number of candidates +who spend their careers competing +for a small number of upper-management positions, +it is likely that some will have a string of successes just by chance alone. +No doubt, some of these will be more likely +to hold upper-management positions. +In the same manner, +some will also have a string of successes in a coin-flipping tournament +in which there are a large number of initial players. +But we know that the winners of this kind of contest +are not just better coin-flippers. +Sure, there is probably some skill in reaching upper management. +But how much of it was more like winning a coin-flipping contest? + #### Inconsistencies And Artifacts: What Shouldn't Matter Does #### Answers To Calibration Tests #### Notes +[^7-1]: D. Kahneman and G. Klein "Conditions for Intuitive Expertise: A Failure to Disagree," *American Psychologist* 64, no. 6 (2009): 515--26. + +[^7-2]: A. H Murphy and R. L Winker, "Can Weather Forecasters Formulate Reliable Probability Forecasts of Precipitation and Temperature?," *National Weather Digest* 2 (1977): 2--9. + +[^7-3]: D. Kahneman and A. Tversky, "Subjective Probability: A Judgment of Representativeness," *Cognitive Psychology* 3 (1972): 430--54. + +[^7-4]: G. S Tune, "Response Preferences: A Review of Some Relevant Literature," *Psychological Bulletin* 61 (1964): 286--302. + +[^7-5]: W. Feller, *An Introduction to Probability Theory and Its Applications* (New York: Wiley, 1968), 160. + +[^7-6]: E. Johnson, "Framing, Probability Distortions and Insurance Decisions," *Journal of Risk and Uncertainty* 7 (1993): 35. + +[^7-7]: D. Kahneman and A. Tversky, "Subjective Probability: A Judgment of Representativeness," *Cognitive Psychology* 4 (1972): 430--54. + +[^7-8]: D. Kahneman and A. Tversky, "On the Psychology of Prediction," *Psychological Review* 80 (1973): 237--51. + +[^7-9]: A. Tversky and D. Kahneman, "The Belief in the 'Law of Small Numbers,'" *Psychological Bulletin* 76 (1971): 105--10. + +[^7-10]: R. Feynman, "Personal Observations on the Reliability of the Shuttle," Appendix IIF. In William Rogers et al., *Space Shuttle Accident Report* (Washington, DC: US GPO, 1986). + +[^7-11]: A. Koriat, S. Lichtenstein, and B. Fischhoff, "Reasons for Confidence," *Journal of Experimental Psychology: Human Learning and Memory* 6 (1980): 107--18. + +[^7-12]: P. Slovic, B. Fischhoff, S. Lichtenstein, *Societal Risk Assessment: How Safe Is Safe Enough?* (New York: Plenum Press, 1980). + +[^7-13]: *The* Columbia *Accident Investigation Board Report*, Vol. I (Washington, DC: US GPO, 2003), 121. + +[^7-14]: R. Dillon and C. Tinsley, "How Near-Misses Influence Decision Making under Risk: A Missed Opportunity for Learning," *Management Science* 54, vol. 8 (January 2008): 1425--40. + +[^7-15]: M. Schrage, "Daniel Kahneman: The Leader Interview," *strategy + business*, . + +[^7-16]: M. Simkin and V. Roychowdhury, "Theory of Aces: Fame by Chance or Merit?," *Journal of Mathematical Sociology* 30, no. 1 (2006): 33--42. + +[^7-17]: E. Brunswik, "Representative Design and Probabilistic Theory in a Functional Psychology," *Psychological Review* 62 (1955): 193--217. + +[^7-18]: C. M Kuhnen and B. Knutson, "The Neural Basis of Financial Risk Taking," *Neuron*, 47 (2005): 763--70. + +[^7-19]: P. Aldhous, "Cheery Traders May Encourage Risk Taking," *New Scientist* (April 7, 2009). + +[^7-20]: Paolo Sapienza, Luigi Zingales, and Dario Maestripieri, "Gender Differences in Financial Risk Aversion and Career Choices Are Affected by Testosterone," *Proceedings of the National Academy of Sciences of the United States of America* 106, no. 36 (2009). + +[^7-21]: J. S Lerner and D. Keltner, "Fear, Anger, and Risk," *Journal of Personality & Social Psychology* 81, no. 1 (2001): 146--59. + ### Chapter 8: Worse Than Useless: The Most Popular Risk Assessment Method And Why It Doesn't Work #### A Few Examples Of Scores And Matrices @@ -295,7 +556,8 @@ In addition to Kahneman, it is worth pointing out others whose work Taleb cites to make a point but who, if you actually looked at what they are doing, would contradict Taleb. For example, Taleb says he admires the mathematician Edward Thorp, -who developed a mathematically sound basis for card counting in blackjack in the 1960s. +who developed a mathematically sound basis +for card counting in blackjack in the 1960s. Now, if the objective of card counting was to predict every hand, even the most extraordinarily rare combinations as Taleb would seem to require, then Ed Thorp's method certainly fails. @@ -330,12 +592,15 @@ and does so in many trials not just single anecdotes. Finally, Taleb makes the error of presuming what methods were actually being used when he blames them for an event. He argues, for example, -that the downfall of long-term capital management (LTCM) disproves options theory. -Recall that options theory won the Nobel Prize for Robert Merton and Myron Scholes, +that the downfall of long-term capital management (LTCM) +disproves options theory. +Recall that options theory won the Nobel Prize +for Robert Merton and Myron Scholes, both of whom were on the board of directors for LTCM. The theory was presumably the basis of the trading strategy of the firm. But an analysis of the failure of LTCM shows that a big reason for its downfall -was the excessive use of leverage in trades---an issue that isn't even part of options theory. +was the excessive use of leverage in trades--- +an issue that isn't even part of options theory. That appeared to be based on intuition. Taleb also states that the crash of 1987 disproved modern portfolio theory (MPT), @@ -348,7 +613,8 @@ but 'real-world' decisions have to be based on practical experience, too." In fact, I found no fund managers who didn't rely partly, if not mostly, on intuition. Finally, if we are looking for explanations of the mortgage crisis, neither MPT nor options theory had anything to do with the practice -of giving out mortgages to large numbers of people lacking the ability to pay them. +of giving out mortgages to large numbers of people +lacking the ability to pay them. That was more of a function of a system that incentivized banks to give risky loans without actually accepting the risk. @@ -358,9 +624,11 @@ he ends up undermining the point he makes. For example, explaining the outcomes in terms of the narrative fallacy committed by others is sometimes itself a narrative fallacy. -Arguing that "experts" don't know so much is not supported by quoting other experts. +Arguing that "experts" don't know so much +is not supported by quoting other experts. He argues that rare events defy quantitative models, -but then gives specific examples of computing rare events with quantitative models +but then gives specific examples +of computing rare events with quantitative models (he shows the odds of getting the same result in a coin flip many times in a row and argues the benefits of Mandelbrot's mathematical models in the analysis of market fluctuations). @@ -387,7 +655,8 @@ we find how often naive historical analysis can be wrong. Taleb's own "experience," as extensive as it might be (at least in finance), is also just a historical analysis---just a very informal type -with lots of errors in both recall and analysis, as shown in [chapter 7]. +with lots of errors in both recall and analysis, +as shown in [[#Chapter 7 The Limits Of Expert Knowledge Why We Don't Know What We Think We Know About Uncertainty|chapter 7]]. No thinking person can ever honestly claim to have formed any idea totally independent of previous observations. It just doesn't happen. @@ -400,7 +669,8 @@ Of course, Taleb is right when he says we shouldn't _assume_ that we have defined any problem perfectly. That certainly would be an error, and if that were Taleb's point, that would be valid. But, again, whether a particular model is perfect is not the right question. -The most relevant question is whether a probabilistic model---even a simple one--- +The most relevant question is whether a probabilistic model--- +even a simple one--- outperforms the alternative model, such as intuition. #### Major Mathematical Misconceptions @@ -538,6 +808,225 @@ and if we are adding detail where it informs decisions most. #### Simple Risk Management +We've talked about introducing the very basics of quantitative risk analysis. +Now we need to turn that basic risk analysis +into a basic risk management framework. +When you've completed your initial list of risks, +you will want to compare your LEC to the risk tolerance curve. +This tells you whether your current risk is acceptable, +but it is not the whole story. + +You also need to determine which risk mitigations to employ +to reduce risk further. +If a mitigation reduces a particular risk by about 50 percent +but costs \$200,000, is it worth it? +As mentioned in [[#Chapter 4 Getting Started A Simple Straw Man Quantitative Model|chapter 4]], +this requires knowing our return on mitigation (RoM). +RoM is similar to a return on investment but for risk mitigations. +To compute this we need to work out a monetized risk +so that we can monetize the reduction of risk. +Then we could use RoM together with the LEC and the risk tolerance curve +as shown in [Exhibit 11.2]. + +To *mitigate* a risk is to moderate or alleviate a risk---to lessen it in some way. +Higher risks may be deliberately accepted for bigger opportunities +but even in those cases +decision-makers will not want to accept more risk than is necessary. +It is common in risk management circles +to think of a choice among four basic alternatives +for managing a given risk: + +* **Avoid:** + We can choose not to take an action + that would create an exposure of some kind. + We can avoid the merger, the new technology investment, + the subprime mortgage market, and so on. + This effectively makes that particular risk zero + but might increase risks in other areas + (e.g., the lack of taking risks in R&D investments + might make a firm less competitive). + +* **Reduce:** + The manager goes ahead with the investment + or other endeavors that have some risks + but takes steps to lessen them. + The manager can decide to invest in the new chemical plant + but implement better fire-safety systems + to address a major safety risk. + +* **Transfer:** + The manager can give the risk to someone else. + Insurance is the best example of this. + The manager can buy insurance + without necessarily taking other steps to lessen the risk of the event + (e.g., buying fire insurance instead of investing + in advanced fire-prevention systems). + Risk can also be transferred to customers + or other stakeholders by contract + (e.g., a contract that states, + "The customer agrees that the company is not responsible for..."). + +* **Retain:** + This is the default choice for any risk management. + You simply accept the risk as it is. + +I, and some risk managers I know, +find the boundaries between these a little murky. +A transfer of risk is a reduction or avoidance of risk +to the person transferring it away. +A reduction in risk is really the avoidance of particular risks +that are components of a larger risk. +The ultimate objective of risk management should be, after all, +the reduction of the total risk to the firm for a given expected return, +whether through the transfer or avoidance of risks +or the reduction of specific risks. +If total risk is merely retained, +then it may be no different from not managing risks at all. + +##### Risk Mitigation + +Y. S. Kong was the treasurer and chief strategic planner +at the HAVI Group in Illinois, +a consortium of major distribution service companies +operating in forty countries. +Y. S. prefers to categorize risk management activities +by specific risk mitigation actions he calls *risk filters*. +"We have four sequential 'risk filters': +transference, operational, insurance, and retention," explains Y. S. +The first preference is to transfer risks to customers or suppliers +through their contracts. +The second filter---operational--- +is to address risks through better systems, procedures, roles, and so on. +The third filter is to insure the risk (technically, this is also transferring risks). +Finally, the retention of risk is not so much a filter, +but where the other risks land if they don't get filtered out earlier. +Even so, Y. S. as the treasurer +is tasked with ensuring they have an adequate asset position +to absorb any risk that ends up in this final bucket. + +In the following list, I added a couple of items to Y. S.'s list +and expanded on each of them to make it as general as possible. +Unlike HAVI's risk filters, the order of this list does not imply a prescribed priority. +Note that this is a long, but still partial, list of risk mitigation alternatives: + +* **Selection processes for major exposures:** + This is the analysis of decisions that create new sources of potential losses + to ensure that the risk being taken is justified by the expected reward. + For example: + + * Risk/return analysis of major investments technology, + new products, and so on + + * Selection of loan risks for banks; + accounts receivable risks for other types of firms + +* **Insurance:** + This comes in dozens of specialized categories, + but here are a few of the many general groups: + + * Insurance against loss of specific property and other assets, + including fire, flood, and so on + + * Various liabilities, including product liability + + * Insurance for particular trades or transportation of goods, + such as marine insurance or the launch of a communications satellite + + * Life insurance for key officers + + * Reinsurance, generally purchased by insurance companies, + to help risks that may be concentrated in certain areas + (e.g., hurricane insurance in Florida, + earthquake insurance in California, etc.) + +* **Contractual risk transfer:** + Business contracts include various clauses + such as "*X* agrees the company is not responsible for *Y*," + including contracts with suppliers, customers, employees, partners, + or other stakeholders. + +* **Operational risk reduction:** + This includes everything a firm might do internally + through management initiatives to reduce risks, including the following: + + * Safety procedures + * Training + * Security procedures and systems + * Emergency/contingency planning + * Investments in redundant and/or high-reliability processes, + such as multiple IT operations sites, new security systems, and so on + + * Organizational structures or roles + defining clear responsibilities for and authority over + certain types of risks + (a shift safety officer, a chief information security officer, etc.) + +* **Liquid asset position:** + This is the approach to addressing the retention of risk + but still attempting to absorb some consequences + by using liquid reserves (i.e., cash, some inventory, etc.) + to ensure losses would not be ruinous to the firm. + +* **Compliance remediation:** + This is not so much its own category of risk mitigation + because it can involve any combination of the previously mentioned items. + But it is worth mentioning + simply because it is a key driver for so much of current risk mitigation. + This is, in part, a matter of "crossing the *t*'s and dotting the *i*'s" + in the growing volume of regulatory requirements. + +* **Legal structure:** + This is the classic example of limiting liability of owners + by creating a corporation. + But risk mitigation can take this further even for existing firms + by compartmentalizing various risks + into separate corporate entities as subsidiaries, + or for even more effective insulation from legal liability, + as completely independent spin-offs. + +* **Activism:** + This is probably the rarest form of risk mitigation + because it is practical for relatively few firms, but it is important. + Successful efforts to limit liabilities for companies in certain industries + have been won by advocating new legislation. + Examples are the Private Securities Litigation Reform Act of 1995, + which limits damage claims against securities firms; + Michigan's 1996 FDA Defense law, + which limits product liability for drugs that were approved by the FDA; + and the Digital Millennium Copyright Act of 1998, + which limits the liability of firms that provide a conduit + for the transmission of data from damages + that may be caused by the sources of the data. + +As always, an informed risk mitigation starts with an identification +and then some kind of assessment of risks. +Once a risk manager knows what the risks are, +steps can be taken to address them in some way. +It might seem that some extremely obvious risks +can be managed without much of an assessment effort +(e.g., implementing full backup and recovery +at a data center that doesn't have it, +installing security systems at a major jewelry store, etc.). +But in most environments, there are numerous risks, +each with one or more potential risk mitigation strategies +and a limited number of resources. +We have to assess not only the initial risks +but also how much the risk would change +if various precautions were taken. +Then those risk mitigation efforts, once chosen, +have to be monitored in the same fashion +and the risk management cycle can begin again (see [exhibit 11.3]). +Notice that the assessment of risks appears prior to +and as part of the selection of risk mitigation methods. + +Now, getting this far should be an improvement over unaided gut feel +and a big improvement over methods such as the risk matrix +or qualitative scoring methods. +Of course, this approach still makes many and big, simplifying assumptions. +In [[#Chapter 12 Improving The Model|chapter 12]], +we will review some issues worth considering +when you are ready to add more realism to the model. + #### Notes ### Chapter 12: Improving The Model diff --git a/the-failure-of-risk-management.md b/the-failure-of-risk-management.md index 3fe7bb0..83a46e0 100644 --- a/the-failure-of-risk-management.md +++ b/the-failure-of-risk-management.md @@ -111,11 +111,11 @@ This the unstated other half of the **law of large numbers** #### Red Baron Effect -> [!cite] Chapter 7 p.154 (pp.) -> Hubbard describes a study which concluded that, -> given the number of German pilots and their overall victory/defeat figures, -> there was a ~30% chance an individual would achieve The Red Baron's record -> _by luck alone_. +> [!quote] [[hubbard_2020_failure#Chapter 7 The Limits Of Expert Knowledge Why We Don't Know What We Think We Know About Uncertainty]] +> ...given the number of pilots and the win ratio, +> there was about a 30 percent chance that, by luck alone, +> one pilot would have gotten eighty kills, +> the number Manfred von Richthofen is credited for. That is, there is a 30% chance The Red Baron was a [[lucky-fools|lucky fool]] diff --git a/timestamped/2026-05-29_17-19-37.md b/timestamped/2026-05-29_17-19-37.md new file mode 100644 index 0000000..8f4eba0 --- /dev/null +++ b/timestamped/2026-05-29_17-19-37.md @@ -0,0 +1,33 @@ +--- +id: 2026-05-29T17:19:37-0400 +title: 2026-05-29 17:19:37 +tags: [] +daily: "[[2026-05-29]]" +--- +# 2026-05-29 17:19:37 + +I suspect that in general of [[conest]], +our assemblies are not intended to have fluff built in, +or that our preferred methods +are intended to include more material than necessary. +We prefer to tolerate the uncertainty, to retain the risk, +weighing it less than that of committing additional resources +to mitigation (estimating). + +[[hubbard_2020_failure#Simple Risk Management]] +is perhaps the single most important section of Hubbard's +for breaking free of the confines of [[orthodox-construction-estimating]]. + +> It might seem that some extremely obvious risks +> can be managed without much of an assessment effort +> (e.g., implementing full backup and recovery +> at a data center that doesn't have it, +> installing security systems at a major jewelry store, etc.). +> But in most environments, there are numerous risks, +> each with one or more potential risk mitigation strategies +> and a limited number of resources. +> We have to assess not only the initial risks +> ==but also how much the risk would change== +> ==if various precautions were taken.== + +Detailed takeoff is poor risk mitigation.