Risk Aversion 521large size and ability to pool different risks, insurance companies generally
behave as though they are risk neutral. To illustrate, suppose the company
insures 300,000 houses in a state against fire. Although it is impossible to pre-
dict which houses will be struck by fire, the law of large numbers indicates that
very close to 1,000 homes in total will have fire losses. Thus, the total premiums
($150 million) will closely match the company’s actual payout. Because of
administrative costs in writing the policies, insurance companies typically
charge premiums that exceed their expected losses. (Of course, competition
among insurance companies limits the premiums any one company can
charge.) But higher premiums do not eliminate (although they may reduce)
the demand for insurance. Even if the fire insurance premium were $1,000 per
year, the risk-averse couple might leap at the chance to buy coverage rather
than go unprotected.^5(^5) The general rule is that a risk-averse individual always will insure fully against a risk if offered actu-
arially fair insurance. At higher premiums, a range of outcomes is possible: full insurance, partial
insurance, or no insurance. A popular type of partial insurance involves provision for deductibles.
With a deductible, the company pays only for the portion of losses above a specified monetary
threshold. Thus, the policyholder buys insurance (at a reduced premium) for large losses but self-
insures for small ones.
(^6) This quotation and the synopsis in the text are drawn from E. Teach, “Microsoft’s Universe of
Risk,” CFO Magazine(March 1997), pp. 69–72.
Risk
Management
at Microsoft
“Microsoft sees risk everywhere, in a dozen broad categories: financial, repu-
tational, technological, competitive, customer, people (employees and con-
tractors), operations, distributions, business partners, regulatory and legislative,
political and strategic.”^6 This might seem an unusual statement. After all, what
could be more secure than the company’s near-monopoly position in PC oper-
ating systems?
Yet, Microsoft’s risk managers see things quite differently. Their job is to
identify, quantify, and manage literally hundreds of risks, of which 20 to 30 may
be most important at a given time. Of particular importance are regulatory
risks (government antitrust actions) and uncertainties surrounding intellec-
tual property rights. In the longer term, the emergence of new software mar-
kets and Microsoft’s ability to influence or control the accompanying standards
and platforms are crucial. Once managers have identified key risks, they can
address the best way to manage them: via insurance, or via a shared-risk joint
venture, by diversification, or (in the extreme case) by ceasing the risky activ-
ity all together.
Risk management is becoming a pervasive part of big business. When faced
with enormous uncertainties, management’s stance is decidedly not risk neu-
tral. Invariably, it is risk averse. Beyond the expected monetary returns associ-
ated with the separate risks on its radar screen, management must be
concerned about its combined risk exposures. As noted earlier, it is wise to
diversify by pursuing multiple risky R&D initiatives, instead of putting all eggs
c12DecisionMakingunderUncertainty.qxd 9/29/11 1:34 PM Page 521