Thinking About Risk

On the question of when to cry wolf

By: Robert Wagner

March 1, 2017

The Boy Who Cried Wolf is one of those basic stories that most kids around the world learn about early on.  The story is attributed to Aesop, as part of Aesopica, his famous collection of fables, coming down to us from Ancient Greek times. While Aesop lived roughly 2,600 years ago, it looks like people back then struggled with some of the same questions we deal with today.

Various sources including the Cambridge Dictionary explain the meaning of crying wolf as; raising a false alarm; or to ask for assistance when you don't need it, or even to exaggerate or lie.  Another explanation is to cry or complain about something when nothing is really wrong.  As we all know, the problem with crying wolf is that when eventually the wolf comes no one believes in it anymore, and no one is coming for help.  The risk was there all along, it was exaggerated and poorly communicated, and eventually at the worst time when it mattered, no one was prepared.

In the context of thinking about risk, I refer to the crying wolf scenario as the awareness that by trying to point out every possible thing that can go wrong we may inadvertently end up conditioning the audience to become indifferent and not recognize the need for action when it matters.  Of course by not calling out and managing all material risks the wolf may be missed.  How one manages to find the right balance has much to do with experience and it is one of the reasons risk management will always be a mixture of art and science.

The "wolf" I refer to could be a rogue trader, a dishonest employee with a fraudulent scheme of some kind, someone who is honest in their beliefs but nevertheless potentially disastrously wrong about key assumptions, or any number of other threats to an organization.  Wolf can also mean a large exposure to market, credit, operational, or liquidity risks that could pose a substantial threat.

On the question of when to cry wolf, I would propose the following guidelines: if it looks like, smells like, and sounds like a wolf, it probably is a wolf, and it should be called out.  This is the easy part, although surprisingly often times obvious wolfs are missed, perhaps due to holding out hope they may not be real, due to complacency, or having been conditioned to its lurking around without attacking us.

In the majority of times, however, the signals are not so clear.  Following on my wolf analogy, we may see footprints, hear something howl, or pick up other signals that indicate its presence.  There should be a reasonable level of diligence done before crying wolf, and it becomes a judgment call... one should be careful, but also not afraid to call out the risk if it feels like the right thing to do.  The best way to deal with these ambiguities is to clearly outline the hypothesis, explore and learn as much as possible about it, point out critical questions that have yet to be answered, and begin to educate key decision makers about it.

As my note on Uncertainty pointed out, it would be a mistake to wait for absolute certainty... if one could describe significant risks with absolute certainty, it would likely already be too late to do anything about it.  But we need a reasonable level of certainty to work with.  This is the area where being right, and building credibility over time is critical.  Business leaders, investors, and traders who are wrong most of the time tend to lose respect and credibility.  The same is true for risk managers... the best ones develop an edge, and tend to be right much more often than not in their assessments.  It does not mean of course that they will always be right.  Experience, which in essence largely boils down to recognizing certain patterns and knowing how to respond to them is a huge part of this edge, as with most any other professions.  The more you look for the wolf, the better you get at finding it and the less often you mistake it for a mere fox.

The culture and the environment of an organization also has much to do with the success or failure of risk management.  Are messengers shot, or are they listened to?  Are people encouraged to look for problems and try to solve them before they spin out of control?

As I thought about this issue, it opens up many paths to explore in future notes.  How does one develop effective ways to monitor for and warn of impending problems?  How do risks get identified in a way as to avoid classification systems which eventually end up blurring the view to material risks?  What is the right mix between science and art when it comes to managing risks.  How does one build effective relationships inside and outside of an organization to improve learning and increase the odds of success?

Maybe there is an important difference between the business world and looking for wolves in Ancient Greece... while the boy who cried wolf came to a tragic end, when no one listens in a business to the messenger of bad news, they can all end up being served for lunch.