Sigma Risk

Op Eds

Op Eds on Risk

Using Behavioral Economics to Quantify Risk Appetite

As with most behaviors, risk aversion has its roots in human cognition; it’s part of our DNA. Accordingly, this opinion piece will examine the behavioral economics of risk aversion, extracting what we as risk managers can learn and then apply to the important enterprise risk management (ERM) areas of risk tolerance and risk appetite. It gets a bit technical, but not too much math. Let’s start with the fundamental economic concept of utility. 

The Utility of Wealth

People like to go to the movies and eat popcorn. Most would agree that the second bag of popcorn is seldom as “good” as the first. When we say “good”, we don’t mean volume, weight, quality, cost or butter content. We mean we just didn’t enjoy it as much. Economists call that utility. There just wasn’t as much utility in that second bag, despite its value, cost, amount and other tangible qualities being the same.

Economists have a phrase to describe this fundamental cognitive bias when it comes to money: decreasing marginal utility of wealth. Somehow the second million dollars doesn’t feel as good as the first.

A considerable body of knowledge around this bias has emerged: utility theory. Economists use utility functions to model this behavior, not just for individuals, but for corporations, consumers, investors and governments.

What’s utility got to do with risk aversion?

Risk Aversion

First you take the almost universal human behavior of diminishing marginal utility of wealth (i.e. the second million you make has less utility that the first). Then you say, let’s go the other way. Rather than increasing wealth, let’s decrease it, as in losses. Expressed in those loss terms, the observed behavior: the increasing marginal disutility of loss.

For instance, a $10 million loss is more than twice as painful as a $5 million loss, i.e. the second $5 million of loss hurts worse than the first $5 million. That’s risk aversion. In 1732, Daniel Bernoulli showed everyone is ultimately risk averse through his St. Petersburg Paradox.

What about people who gamble? They’re not risk averse, they’re risk lovers, taking bets where the long term payoff is, notwithstanding the stories of my friends who play casino poker, negative. Good question, no simple answer. Milton Friedman won his Nobel Prize in Economics for his Friedman-Savage utility function that allows that some will not necessarily be risk averse within a certain wealth range. But even Friedman found that, at some level of loss, everyone is ultimately risk averse. Daniel Kahneman (another Nobel Laureate) calls this loss aversion.

I was first introduced to the concept of risk aversion during my MBA at Cal Berkeley. One of my professors - the now famous (but then just a prof) Nil Hakansson - presented alternative equations that had been observed to work as descriptive utility functions for financial decision-making.

My knowledge of how quantified risk aversion can be used practically in decision-making and risk management took a major leap when I took a week-long course from John Cozzolino, a professor at the Wharton School of Business. It is generally accepted in economics that a firm’s time value of money can be modelled by using discounted cash flow and a single parameter: the discount rate. Dr. Cozzolino believed that one can also usefully model an organization’s risk aversion and risk appetite using an exponential utility function. Why an exponential function? Because it works as well as other equations (quadratic, quasi-linear, etc.) and because it has only one parameter: the risk tolerance

Risk Tolerance

The math is fairly simple. Risk tolerance (τ) is the one and only known parameter in a firm’s exponential utility function, i.e. 

u(x)=1- e^(-τx)

x=$ of wealth
u(x)=utility of $x of wealth
τ=risk tolerance

So if we can calculate an organization’s risk tolerance, we have an exponential utility function that will give the organization a very good idea on how it should rationally and consistently weight the dollar impact of various risk events and determine whether they’re within the firm’s corporate risk appetite.

Risk tolerance varies with an organization’s size, market risk correlators, growth strategies, liquidity, legal and other requirements, conservatism of the Board and the entity’s financial structure, just to name a few. There are no prescriptive equations I know of for determining risk tolerance because it’s cultural and individualistic. Nevertheless, one can derive the risk tolerance of a company directly from its decision-makers through a series of simulated decisions. Once risk tolerance is derived, we then have the quantified corporate risk appetite as well.

Risk Appetite

So many, so very many times, I have read corporate appetite statements that are vague, conceptual and of no real use. I wonder if any of these corporations have actual risk appetite metrics that they can use to make actual decisions. They certainly get no guidance from most of the qualitative risk appetite statements I’ve read.

One answer to giving risk appetite some useful dimensions is the COSO Risk Appetite Curve (ISO 31000 doesn’t have one). The COSO curve looks like this:


The careful observer will note the requisite risk aversion in the COSO risk appetite curve, i.e. the increasing marginal disutility of loss.

Can one derive a COSO-style risk appetite curve? Yes, directly from the quantified risk tolerance and its corporate utility function. Here’s an example of what such a risk appetite curve might look like in real life (note the log scale on the impact axis).

Use the Risk Appetite Curve Instead of Heat Map

Most heat maps have red, orange and green squares of arbitrary, undocumented dimensions. (They’re sort of a combination of Mickey Mouse and Hokey Wolf).

Well… rather than using a rather lacklustre heat map, why not plot the event likelihoods and consequences right on the Risk Appetite Curve. (If you’re not sure of the exact dimensions of a loss event, use a balloon to show the parameters uncertainty). You’ll see clearly which adverse events are threatening the corporate risk appetite. For instance:

Our Approach

Sigma Risk ERM projects first derive the corporate risk tolerance (τ) from simulated decisions in a facilitated workshop with top level management, if not the Board. We then derive and plot the risk appetite curve and use it instead of a heat map.

This approach is more disciplined, defensible and determinate than heat maps. At least, that’s my opinion. Thanks for reading.

Jack Gordon

Jack Gordon