I like what Bob Litterman said in the foreward of “A practical guide to risk management” by Thomas Coleman, Research foundation of CFA Institute:
Having been the head of the risk management department at Goldman Sachs
for four years and having collaborated on a book titled The Practice of Risk
Management, I suppose it is not a surprise that I have a point of view about the
topic of this book.
Thomas Coleman, who was, likewise, a risk manager and trader for
several derivatives desks as well as a risk manager for a large hedge fund, also
brings a point of view to the topic of risk management, and it turns out that,
for better or for worse, we agree. A central theme of this book is that “in
reality, risk management is as much the art of managing people, processes,
and institutions as it is the science of measuring and quantifying risk.” I think
he is absolutely correct.
The title of this book also highlights an important distinction that is
sometimes missed in large organizations. Risk measurement, per se, which is a
task usually assigned to the “risk management” department, is in reality only
one input to the risk management function. As Coleman elaborates, “Risk
measurement tools … help one to understand current and past exposures, which
is a valuable and necessary undertaking but clearly not sufficient for actually
managing risk.” However, “the art of risk management,” which he notes is
squarely the responsibility of senior management, “is not just in responding to
anticipated events but in building a culture and organization that can respond
to risk and withstand unanticipated events. In other words, risk management
is about building flexible and robust processes and organizations.”
The recognition that risk management is fundamentally about communicating
risk up and managing risk from the top leads to the next level of insight.
In most financial firms, different risks are managed by desks requiring very
different metrics. Nonetheless, there must be a comprehensive and transparent
aggregation of risks and an ability to disaggregate and drill down. And as
Coleman points out, consistency and transparency in this process are key
requirements. It is absolutely essential that all risk takers and risk managers
speak the same language in describing and understanding their risks.
Finally, Coleman emphasizes throughout that the management of risk is not
a function designed to minimize risk. Although risk usually refers to the downside
of random outcomes, as Coleman puts it, risk management is about taking
advantage of opportunities: “controlling the downside and exploiting the upside.”
In discussing the measurement of risk, the key concept is, of course, the
distribution of outcomes. But Coleman rightly emphasizes that this distribution
is unknown and cannot be summarized by a single number, such as a measure
of dispersion. Behavioral finance has provided many illustrations of the fact
that, as Coleman notes, “human intuition is not very good at working with
randomness and probabilities.” To be successful at managing risk, he suggests,
“We must give up any illusion that there is certainty in this world and embrace
the future as fluid, changeable, and contingent.”
One of my favorite aspects of the book is its clever instruction on working
with and developing intuition about probabilities. Consider, for example, a
classic problem—that of interpreting medical test results. Coleman considers
the case of testing for breast cancer, a disease that afflicts fewer than 1 woman
in 200 at any point in time. The standard mammogram tests actually report false
positives about 5 percent of the time. In other words, a woman without cancer
will get a negative result 95 percent of the time and a positive result 5 percent of
the time. Conditional on receiving a positive test result, a natural reaction is to
assume the probability of having cancer is very high, close to 95 percent. In fact,
that assumption is not true. Consider that out of 1,000 women, approximately
5 will have cancer but approximately 55 will receive positive results. Thus,
conditional on receiving a positive test result, the probability of having cancer is
only about 9 percent, not 95 percent. Using this example as an introduction, the
author then develops the ideas of Bayesian updating of probabilities.
Although this book appropriately spends considerable effort describing
quantitative risk measurement techniques, that task is not its true focus. It takes
seriously its mission as a practical guide. For example, in turning to the problem
of managing risk, Coleman insightfully chooses managing people as his first
topic, and the first issue addressed is the principal–agent problem. According to
Coleman, “Designing compensation and incentive schemes has to be one of the
most difficult and underappreciated, but also one of the most important, aspects
of risk management.” Although he does not come to a definitive conclusion
about how to structure employment contracts, he concludes that “careful thinking
about preferences, incentives, compensation, and principal–agent problems
enlightens many of the most difficult issues in risk management—issues that I
think we as a profession have only begun to address in a substantive manner.”
Coleman brings to bear some of the recent insights from behavioral finance
and, in particular, focuses on the problem of overconfidence, which is, in his
words, “the most fundamental and difficult [issue] in all of risk management
because confidence is necessary for success but overconfidence can lead to
disaster.” Later, he elaborates: “Risk management … is also about managing
ourselves—managing our ego, our arrogance, our stubbornness, our mistakes.
It is not about fancy quantitative techniques but about making good decisions
in the face of uncertainty, scanty information, and competing demands.” In this
context, he highlights four characteristics of situations that can lead to risk
management mistakes: familiarity, commitment, the herding instinct, and
belief inertia.
When focusing on the understanding and communication of risk, Coleman
delves deeply into a set of portfolio analysis tools that I helped to develop and
used while managing risk at Goldman Sachs. These tools—for example, the
marginal contribution to risk, risk triangles, best hedges, and the best replicating
portfolio—were all designed to satisfy the practical needs of simplifying and
highlighting the most important aspects of inherently complex combinations
of exposures. As we used to repeat often, risk management is about communicating
the right information to the right people at the right time.
After covering the theory, the tools, and the practical application, Coleman
finally faces the unsatisfying reality that the future is never like the past, and
this realization is particularly true with respect to extreme events. His solution
is to recognize this limitation. “Overconfidence in numbers and quantitative
techniques and in our ability to represent extreme events should be subject to
severe criticism because it lulls us into a false sense of security.” In the end, the
firm relies not so much on risk measurement tools as on the good judgment
and wisdom of the experienced risk manager.
Robert Litterman