Part 4 of this paper explained how to construct a project selection decision model that estimates the impact of a project on the organization's objectives and, based on those impacts, estimates the value of the project. The project selection decision model is flexible with regard to the number of objectives that can be accommodated. For many companies and many projects, only one objective is considered; namely profit. In this case the project selection decision model is simply a calculation of net present value (NPV). Other organizations, particularly those with nonfinancial objectives, will want the project selection decision model to account for impacts on the organization's nonfinancial objectives. Figure 45: The project selection decision model computes the value of projects. 

This Part 4 of the paper explained the various ways that organizations identify and characterize project risks. Identifying risks helps the project team come up with ways to eliminate and reduce those risks, but some residual risks will likely remain. Because of these risks, at the time the project portfolio is being selected the value to be derived from conducting a risky project is uncertain. What I've not yet explained is how the value of a project can be adjusted based on risk. That question is the topic of this subsection. Traditional MethodsBefore describing the formal method for adjusting project value based on risk, let's review the traditional methods still being used by most organizations. For convenience, I've summarized them in the table below. Use the links to go to other locations on this website that explain the methods in more detail.
With the exception of riskadjusted discount rates, all of the above methods rely on managerial judgment to determine exactly how the results of applying the method should be used to adjust the value or priority of a project. In the case of risk adjusted discount rates, also called hurdle rates, the method does produce a riskadjusted value, but the logic is not defensible and the results are biased depending on the timing of project costs and benefits. In contrast, what is described below is a formal, logicbased method for determining the impact of risk on value. The method takes into account uncertainty over the project outcomes and the decision maker's willingness to take on risk. If You Don't Mind Risk, Maximize Expected ValueIf decision makers did not care about risk, they would want to "go with the odds;" that is, they would want to make decisions so as to maximize expected value. The expected value is defined as the probabilityweighted sum of the possible uncertain outcomes. Decision makers unconcerned about risk would want to maximize expected value because the expected value is the amount that they would obtain on average each time the uncertainty is faced. As an example, the expected value of a coin flip that pays $1 on "heads" and zero on "tails" is 50 cents. If you played this gamble over and over again, you'd earn approximately 50 cents times the number of coin flips, and, the more times you played the closer your earnings would be to the expected value estimate. The Certain EquivalentFor substantial risks, most organizations (and individuals) are risk averse, meaning that they value uncertainties at less than their expected values. The certain equivalent is defined as the amount of money for which a decision maker would be indifferent between receiving that amount for certain and receiving the uncertain outcomes of the gamble. For example, a riskaverse decision maker might assign a certain equivalent of $500,000 to a risky project with equal chances of yielding $0 and $2,000,000, even though the expected value of the project is $1,000,000. Note that this same logic means that a gamble with negative expected value (large downside risk) has a certain equivalent that is even more negative than its expected value (which is why individuals and organizations are willing to pay more for insurance premiums than the expected loss that they are eliminating). The goal of a risk averse decision maker is to maximize the certain equivalent. For risks with complex payoff distributions, it is generally difficult for an individual to estimate the certain equivalent directly. However, the certain equivalent can be estimated for a simple gamble and the results used to infer the certain equivalents of more complicated risks. The approach involves constructing a utility function that represents the degree of aversion to taking risks. Utility FunctionAn exponential form is most often chosen for the utility function:
U(x) = 1  e^{x/R}
where x is value, R is a positive parameter called risk tolerance, and e ≈ 2.7182 is Euler's constant, the base of the natural logarithm. Project riskadjusted value = project expected value  project variance / Risk tolerance × 2 Or, in terms of the risk premium: RP(x+~z ) ? ½ r(x)E[~z 2] = ½ r(x)Var[~z ] (1)Thus, your premium for risks is proportional to the variance of the payoff, where the constant of proportionality is your local risk aversion measure (times onehalf). This means that ½ r(x) is the "price per unit of variance" that you are willing to pay to get rid of small risks in the vicinity of an otherwiseconstant wealth level x. By the way, while the exponential utility function jibes smoothly with normal probability distributions, the logarithmic and power utility functions jibe smoothly with lognormal probability distributions, which are often used to model movements in stock prices. Figure 46 shows a plot of the utility function for several different risk tolerances. The horizontal xaxis shows possible values or certain equivalents expressed in monetary units. The vertical yaxis shows the corresponding "utility," where utility is a numerical rating assigned to every possible x value. With this form of the exponential utility function, utilities are scaled from 0 to 1 when the x values are positive. The utility numbers on the vertical scale do not have specific meanings, except that larger numbers are more preferred. Figure 46: The exponential utility function is often used to model risk aversion. The shape of the utility function determines the degree of aversion to taking risks. The more the plot curves or bends over, the more risk aversion is represented. With the exponential utility function, the degree of curvature is determined by R. Thus, risk tolerance is an indicator of a decision maker's or organization's willingness to accept risk. Risk tolerance, as defined here, is not the maximum amount that the decision maker can afford to lose, although decision makers and organizations with greater wealth generally have larger risk tolerances. Computing the Certain EquivalentTo calculate the certain equivalent for a risky project you must first convert the equivalent dollar values associated with each possible project outcome to utilities, using the utility function. Then, you calculate the expected value of these utilities using the same procedure that you'd use to calculate any other expected value.
The result for the example is approximately $560,000. In other words, a 50/50 gamble for $2 million (which has an expected value of $1 million), is worth only $560,000 to a decision maker with a risk tolerance of $1 million. As we saw in the previous subsection, the output of a Monte Carlo or decision tree analysis of project risk is a probability distribution or frequency plot identifying many possible outcome values for the project. In that case, each of the possible outcome values is converted to a utility. Computing the expected utility and then translating the result back into dollar units gives the certain equivalent for the risky project. With a decision tree, you can replace the monetary values in the tree with their utilities. Rolling back the tree in the usual fashion then provides the certain equivalent and optimal decision policy for the risk averse decision maker. To understand why applying the utility function produces a certain equivalent less than an expected value, note that the utility function grows less rapidly as the value measure increases, while it drops off rapidly as the value measure becomes goes negative. Intuitively, this is saying that what we lose from each unit of decrease of value becomes increasingly great as the level become more negative. Therefore, if we take an expected value of the utilities of the value measure, projects that have a significant probability of yielding bad outcomes will be penalized more heavily in the calculation procedure than if expected value were used to evaluate the alternatives. Hence, an alternative with a significant chance of yielding bad outcomes will be down rated more using a utility function than from using expected value to evaluate projects. San Bruno Pipeline Explosion Risk Tolerance and Project Deferral RiskOccasionally, hazardous facilities, such as gas pipelines, chemical processing plants, oil pumping stations, and electric generating plants experience accidents, sometimes quite serious. To reduce risk, operators of hazardous facilities conduct inspection and maintenance activities and install protections. However, maintenance and inspection aren't perfect and can sometimes be expensive. How much should the organization spend in an attempt to minimize lowprobability, highconsequence accidents? As an example, the 2010 San Bruno explosion of a PG&E gas pipeline leveled 35 homes and killed 8 people. The cause of the accident was eventually determined to be faulty welding. PG&E had been using an inspection method in pipe segments in the vicinity of the segment of pipe that exploded. That method was capable of detecting corrosion problems, but not welding problems. A more expensive test that could have identified the welding problem that caused the explosion would have been to pump the pipe segment full with highpressurized water. Suppose a risk assessment conducted for a company operating some hazardous facility concludes that there is onechancein10,000 of an accident that, all told, could cost the company $500 million in losses. The expected value (probabilityweighted) cost of this risk is 0.00001 times $500 million, or $50,000. If the company is risk neutral, logic would say that no more than $50,000 should be spent to eliminate this risk. I suspect most organizations would be willing to spend more than this to avoid a risk that could cost the company a half billion dollars. Let's see what an analysis based on risk tolerance says. Suppose the company has a risk tolerance of $50 million. Applying the risk transform to the $500 million loss gives a utility of:
U(500) = 1  e^{(500/50)} = 22,025.
The expected utility is then 22,025/10,000 = .22025. The certain equivalent is:
CE = 50 * ln(1 .22025) = 12.43.
Accounting for risk tolerance, the company should reasonably spend up to $12.43 million to eliminate the risk! Risk tolerance provides a logical way to determine how much to spend to manage risks, including lowprobability, highconsequence risks. Adopting the risk tolerance approach can ensure that risk management decisions are made consistently throughout the organization. If each such decision is made based on judgment, the organization is certain to spend more in some cases to reduce risk and less in others. Determining Risk ToleranceThere are several ways to determine the risk tolerance for an organization. One is to ask senior decision makers (ideally, the CEO) to answer the following hypothetical question. Suppose you have an opportunity to make a risky, but potentially profitable investment. The required investment is an amount R that, for the moment, is unspecified. The investment has a 5050 chance of success. If it succeeds, it will generate the full amount invested, including the cost of capital, plus that amount again. In other words, the return will be R if the investment is successful. If the investment fails, half the investment will be lost, so the return is minus R/2. Figure 47 illustrates the opportunity. Note that the expected value of the investment is R/4. Figure 47: What is the maximum amount R you would accept in this gamble? If R were very low, most CEOs would want to make the investment. If R were very large, for example, close to the market value of the enterprise, most CEOs would not take the investment. The risk tolerance is the amount R for which decision makers would just be indifferent between making and not making the investment. In other words, the risk tolerance is the value of R for which the certain equivalent of the investment is zero. Empirical studies have been conducted to measure organizational risk tolerances. The results show that risk tolerances obtained from different executives within the same organization vary tremendously. Generally, those lower in the organization have lower risk tolerances. Howard [9] reports that assessments from CEO's in the oil and chemicals industry concluded that risk tolerance is roughly six per cent of sales, one to one and a half times net income, or onesixth of equity. McNamee and Celona [10] add to this list a ratio of market value to risk tolerance of onefifth. They also comment that the ratio of risk tolerance to equity or market value [usually translates best between companies in different industries. Once risk tolerance has been established, the certain equivalent for any risky project or project portfolio can be obtained via the utility function. The effect, as illustrated in Figure 44, is to subtract a risk adjustment factor from the expected value (if projects allow you to avoid risks, the effect is to add, rather than subtract, adjustment factors). The risk adjustment depends on the risk tolerance and the amount of risk. If the projects are independent (i.e., their risks are uncorrelated), then the certain equivalent of the project portfolio will be the sum of the certain equivalents of the individual projects. If project risks are correlated, the certain equivalent for the portfolio can be obtained once the distribution of payoffs for the portfolio are computed (accounting for correlations as described above). Figure 48: Adjusting project value for risk An advantage of this approach is that a single risk tolerance can be established for the organization. Use of the common risk tolerance ensures that risks are treated consistently, thus avoiding the common bias in which greater levels of risk aversion tend to be applied by lowerlevel managers. Note that the method presented in this paper do not guarantee that the outcome of a particular risky decision will be optimal or "good," but only that the decision will be rational in the face of uncertainty and that repeated application of these methods will maximize the decision maker's welfare over the long run. For a demonstration of the importance in the context of project prioritization of addressing risk and risk tolerance, see the Risk Demo. References for Part 5
