In a profession dedicated to identifying and managing uncertainty, there exists a puzzling contradiction: many managers actively avoid quantifying the very risks they’re tasked with. You probably know risk managers like that, we all do. While quantitative risk analysis forms the foundation of effective decision-making under uncertainty (see any textbook on decision science), it remains significantly underutilized in corporate risk management. This resistance isn’t merely a preference – it’s creating a dangerous competency gap that undermines the entire purpose of risk management.
When I speak with risk managers across industries, the discomfort becomes palpable the moment quantification enters the conversation. Eyes dart away, shoulders tense, and the discussion quickly pivots to more comfortable topics like risk frameworks or governance structures or, my favourite, the definition of risk. But why this aversion to what should be a fundamental component?
The resistance to quantification isn’t random – it stems from these reasons:
A. The competency deficit
Most risk managers come to the profession from diverse backgrounds – legal, compliance, audit, or operations – where probabilistic thinking wasn’t a core requirement. They’ve built careers crafting policies, facilitating workshops, and maintaining risk registers without ever needing to model uncertainty mathematically.
Ask RAW@AI about this post or just talk about risk management
“I wasn’t hired to be a statistician,” a senior risk manager at a multinational corporation once told me. “My job is to ensure we have the right controls in place and that everyone understands how risks need to be mitigated.”
This sentiment reveals a fundamental misunderstanding of what effective risk management is. Without quantification, how can anyone determine if the “right” controls are in place or if the process is actually managing risk effectively?
B. The fear factor
Behind the avoidance often lies fear—fear of appearing incompetent, fear of challenging established practices, and fear of the unknown. Learning quantitative methods mid-career can be intimidating, especially when one’s identity is tied to being the “risk expert” in the organization.
A risk manager at a manufacturing company confided: “If I start talking about Monte Carlo simulations or probability distributions, executives will expect me to defend the models. I’m not sure I can do that convincingly.”
This vulnerability is understandable but ultimately self-defeating. By avoiding quantification, risk managers are limiting their ability to provide meaningful insights precisely when decisions matter most.
C. The illusion of qualitative
Perhaps the most pervasive justification for avoiding quantification is the belief that qualitative assessments – heat maps, risk registers, and subjective ratings – are adequate substitutes.
“Our industry is too complex for numbers,” or “You can’t quantify everything” are common refrains. While these statements contain kernels of truth, they’re often deployed as shields against learning quantitative methods rather than legitimate methodological concerns.
The reality is that even imperfect quantification typically provides more decision value than purely qualitative assessments. When a risk manager presents a 4×4 heat map with a risk placed in the “high” quadrant, what actionable information does this actually provide? How much is “high”? How confident are we in this assessment? What are the expected and unexpected
One useful mental model to introduce is: “if you can imagine different outcomes, you can simulate them.” For instance, even in cases where data is sparse—such as geopolitical risks or early-stage project uncertainties—subject matter experts can estimate plausible ranges. Monte Carlo simulation doesn’t require perfect precision; it requires structured thinking under uncertainty. Quantification isn’t about being exact—it’s about being approximately right, instead of precisely wrong.
Most damaging is how non-quantitative risk management disconnects from actual business decisions. Consider this scenario: A company is evaluating a $50 million investment with uncertain returns and multiple volatile assumptions. The risk manager presents a heat map showing several “red” risks. The decision-makers nod politely but proceed with their decision based on the deterministic financial analysis prepared by the business unit—which likely contains its own implicit and possibly incorrect risk assumptions. The risk manager’s input becomes ceremonial rather than instrumental to the decision because it lacks the quantitative dimension necessary to integrate with financial decision-making.
So, what should I do?
Moving past this resistance requires acknowledging a fundamental truth: quantification isn’t optional in risk management—it’s essential. Without it, risk management becomes merely a compliance exercise disconnected from the actual decisions that determine an organization’s fate. For risk managers looking to bridge this gap, several approaches can help:
- Start small and practical, obvious, I know – Begin with simple quantitative techniques that address immediate business needs. For example, instead of rating a project risk as “high,” estimate a range of potential cost overruns or delays with confidence intervals. This provides actionable insights without requiring advanced statistical knowledge. Calculating high level contingency for a decision or project or department budget is usually an easy place to start.
- Focus on decision support – Position quantification as a way to support better decisions, not as an academic exercise or a goal in itself. Only quantify when it matters, like calculating expected losses on an insurance policy to determine if the price is fair and renegotiate. When stakeholders see how quantitative risk insights improve resource allocation or contingency planning, resistance typically diminishes. Considering the current AI-driven landscape, organizations are more and more embracing probabilistic thinking at the portfolio level—optimizing capital allocation under uncertainty. QRA plays a central role in this shift. It enables not just the assessment of individual risks, but the aggregation of uncertainty across projects, markets, and time. This systems-level view is critical for companies.
- Don’t do it alone – Connect with other professionals who are successfully implementing quantitative methods. Industry associations, online communities, and specialized courses can provide both technical knowledge and moral support during the learning process. Join us at the Quantitative Risk Virtual Summit on 12 June 2025, free limited time registration https://events.teams.
microsoft.com/event/a0267764- 1ac2-46c8-956b-8d123e56ec11@ 7a78bd33-d8ac-4a49-bec7- 97e770034789
The risk management profession stands at a crossroads. As artificial intelligence and advanced analytics transform business decision-making, risk managers who continue to avoid quantification risk becoming irrelevant. The core value proposition of risk management—improving decisions under uncertainty—demands quantitative competency. Organizations are increasingly asking: Why maintain a risk function that can’t quantitatively assess the risks that matter most to our decisions and do it before we make the choice?
The good news is that the barriers to learning quantitative methods have never been lower. Online courses, accessible software tools, AI, and a wealth of practical resources make the transition achievable for motivated professionals.
Let’s do it
Considering the current AI-driven landscape, organizations are more and more embracing probabilistic thinking at the portfolio level—optimizing capital allocation under uncertainty. QRA plays a central role in this shift. It enables not just the assessment of individual risks, but the aggregation of uncertainty across projects, markets, and time. This systems-level view is critical for companies.
The shift toward quantitative risk management doesn’t require abandoning qualitative insights—it means enhancing them with risk when decisions demand it. The most effective risk managers integrate both approaches, knowing when each is most appropriate.
For risk managers hesitant to embrace quantification, consider this: Would you trust a financial advisor who refused to discuss numbers? Would you accept medical treatment from a doctor who avoided diagnostic measurements? Risk management without quantification creates a similar credibility gap.
The path forward is clear. By acknowledging quantification as a core competency rather than an optional add-on, risk managers can transform their role from process facilitators to valued decision partners. The question isn’t whether risk managers should quantify risks, but how quickly they can develop the skills to do so effectively.
Having trained hundreds of professionals transitioning into QRA, one can say: the hardest step is beginning. With the right tools, mindset and attitude, any risk manager can evolve into a quantitative thinker—not by becoming a statistician, but by becoming a better advisor.
Check out other risk management books
RISK-ACADEMY offers online courses
+ Add to Cart
Informed Risk Taking
Learn 15 practical steps on integrating risk management into decision making, business processes, organizational culture and other activities!
$149,99$29,99
+ Add to Cart
ISO31000 Integrating Risk Management
Alex Sidorenko, known for his risk management blog http://www.riskacademy.blog, has created a 25-step program to integrate risk management into decision making, core business processes and the overall culture of the organization.
$199,99$29,99
+ Add to Cart
Advanced Risk Governance
This course gives guidance, motivation, critical information, and practical case studies to move beyond traditional risk governance, helping ensure risk management is not a stand-alone process but a change driver for business.
$795