Here is a test that is fun and will challenge your intuition for risk. I am dusting it off in the midst of a major upgrade to my family of websites. Back in 1996, when I first launched the sites, blogs had not been invented. People were unsure exactly what to put on websites, although there was much experimentation. One feature I incorporated into mine was a short test for people to assess their intuition for risk. It was campy but fun, and it raised important issues. I removed the test from the websites during an upgrade in the early 2000s. People often lamented its passing. Below, I share it once again.

The test consists of a series of questions and my suggested answers. With the passage of almost fifteen years, I would probably answer the questions a little differently today. I am not going to do that. Instead, I am presenting the questions and answers in their original form, exactly as they appeared in 1996:

Question 1: Volatility

Values are illustrated over time for three hypothetical assets. Which asset has the most market risk?


There is no one correct answer to this question. The riskiness of each asset depends upon an investor’s time horizon. Over short horizons, the first asset is the most risky, and the third is the most stable. Over long horizons, the third asset is the most risky and the first is the most stable.

Question 2: Gambling

Ellen and Mark are gambling at a casino. Ellen is about to throw a 6-sided die. If it comes up 6, she will win $100. Otherwise, she will win nothing.

Mark is playing a slightly different game. He is about to throw a 10-sided die. If it comes up 10, he will win $100. Otherwise, he will win nothing.

Who faces more risk, Ellen or Mark? (Note that the amount each paid to play their respective game is irrelevant.)


Ellen faces more risk. This can be determined by comparing the standard deviation of her possible returns to those of Mark. It is also intuitively clear that she faces more uncertainty—Mark is more certain that he will receive nothing than is Ellen.

Question 3: Compensation

A trader’s compensation consists of the following: a base salary of $250,000 plus 5% of his trading gains. What is wrong with this compensation package?


The package promotes needless speculation. The trader is motivated to maximize possible profits, but has no reason to limit possible losses.

To see how this promotes irresponsible behavior, let’s suppose that the trader has only marginal trading skills. In a typical year he gains or looses about $10 million, translating into an annual bonus of between $0 and $500,000.

The trader decides to increase the riskiness of his trading so that in a typical year he will gain or lose $100 million. With this arbitrary act, he increases his bonus range to be between $0 and $5 million!

Another way to look at the trader’s situation involves option pricing theory. Effectively, the trader holds a call option on 5% of his trading gains. The present value of an option depends upon the volatility of the option’s underlier—but in this situation, the trader controls the volatility of the underlier! The more volatile he makes his trading returns, the more valuable that option is to him.

Question 4: Diversification

Two US-based investors enter into an agreement to help diversify their portfolios. Each month, if the unemployment rate in Holland rises, the first investor will pay the second $5 million. If, on the other hand, Dutch unemployment declines, he will receive $5 million from the other investor.

Because Dutch unemployment tends to rise as often as it declines, the investors perceive that the arrangement will not affect the average returns on their portfolios. Furthermore, the Dutch unemployment rate has low correlation with their other investments. By adding this diversifying risk to their portfolios, the investors expect to reduce their overall risk.

Is this a wise transaction? Why or why not?


The transaction is foolish. However, beyond the fact that it is unconventional, identifying the flaw in the investors’ reasoning is not easy.

The investors are correct that their agreement represents a diversifying risk and that it will not affect the expected returns on their portfolios. Their mistake is in misunderstanding how diversification can reduce risk. Investors can reduce their overall risk by dividing their exposures among multiple diversifying risks. Compounding diversifying risks on top of existing risks will not result in risk reductions.

This issue arrises frequently with diversification; although it is not always recognized.

Question 5: Time Decay

Is theta—the rate at which a derivative position loses value due to the passage of time—a risk?


Theta does not represent a risk because there is no uncertainty in the passage of time. Theta can be likened to the accrual of interest on a fixed rate loan—it is inevitable and entirely predictable. Note, however, that a large theta may be indicative of gamma or vega risk.

Question 6: RAROC

RAROC (Risk Adjusted Return On Capital) is an approach for allocating capital within a company. Sophisticated computer models are constructed which assign to each line of business within the company:

  • An expected return on capital, and
  • The risk associated with that line of business

From these, a risk adjusted return on capital (RAROC) is determined for each line. Effectively:

RAROC = Expected Return / Risk

The company then allocates capital to its various lines of business in such a manner as to maximize the entire company’s RAROC—allocating capital to business lines which have high RAROC’s and not allocating capital to business lines which have low RAROC’s.

What is wrong with this concept?


Mathematically, RAROC is a useful model for capital allocation within a company. However, when the concept migrates from theory to practice—and companies actually attempt to calculate RAROC’s and allocate capital according to them—RAROC becomes the antithesis of sound enterprise risk management.

The practical implementation of RAROC does not promote personal responsibility. It suggests that management can place a company on auto-pilot and let a computer make decisions. It denies that risk management is about people and suggests that it is about mathematical formulas. For example, RAROC does not acknowledge that:

  • Individuals make a difference in the profitability of a line of business.
  • Individuals make a difference in the riskiness of a line of business.

If a CEO is concerned about trading risk, he should visit with his traders, ask questions and look them in the eye. A bank which is concerned about credit risk should hire loan officers who take their job seriously and who ask probing questions before making a loan. A corporation which is concerned about the riskiness of a new product line should hire managers who are smart, experienced and will sweat the details.

Such simple steps as these are about people. They can not be incorporated into a computer model, but they will profoundly impact both the riskiness and the profitability of a line of business.

Question 7: Know Your Client

During an internal audit, a bank discovers it has incomplete background information on a corporate client to whom it has made a long-term floating-rate loan. It is an old loan which was made before the bank implemented improved lending policies. Accordingly, the bank decides to have two of its officers visit the client and perform an updated background check.

Two weeks later, the officers return from their visit with grim news. The client is troubled and will probably default on the loan within the next six months. The recovery rate on the loan is likely to be less than 60%.

With this background check, has the bank changed its credit risk? Has it increased it or decreased it?


Risk consists of two components:

  • Uncertainty
  • Exposure to that uncertainty

In this instance, the bank’s exposure is not changed because the terms of the loan remain unchanged. Its uncertainty, however, has changed.

Uncertainty is a complex notion. Sometimes, if we research a topic, we will uncover information which will actually increase our uncertainty. In this example, however, it is fairly clear that the bank has decreased its uncertainty. It has gone from knowing little about the client’s situation to having a fairly good idea of what to expect in the future. Accordingly, the bank has decreased its credit risk.

When an organization sets out to manage risk, it is important to start off with a clear understanding of what constitutes risk and what practical benefits will be derived from risk management. In this example, the bank has not saved itself any money. It has, however, reduced its risk.


The notion of risk has long been taken for granted on Wall Street—a problem which has only started to change in the latter part of this century. A significant accomplishment has been the development of quantitative models such as Modern Portfolio Theory and the Capital Asset Pricing Model. For the first time, such theories explicitly incorporated risk into the investment decision making process.

The very success of those models has presented a new problem. They have come to dominate our thinking on financial risk. We have become accustomed to quantifying all risks—as if operations risk or legal risk were objective notions that could be summarized like the historical volatility of Libor. Some have gone so far as to propose that the future of enterprise risk management lies in risk aggregation—that all the disparate risks of an organization can be aggregated into a single number and presented to senior management at the end of each day.

A review of some significant losses in recent years seems to reveal a different picture:

  • Barings Bank succumbed to the meticulous fraud of a single individual.
  • Robert Citron drove Orange county into bankruptcy. All the time, the voters and the board of supervisors knew what he was doing.
  • The Common Fund lost $128MM because of a rogue trader at an outside investment management firm.
  • Daiwa Bank was devastated, not so much by Toshihide Iguchi losing $1.1 billion, as by the misguided efforts of management to disguise the loss from US regulators.

Enterprise risk management is about people. It is about how they think and interact. It is about what they know and what they don’t know. It is about their strengths and weaknesses. It is about the complex combination of factors which shape the decisions we make.

Through the preceding seven questions we have explored some of the subtle and intriguing aspects of the complex notion risk. If there is a unifying theme to the questions, it is that risk is exposure to uncertainty—and uncertainty is a lack of knowledge. When we attempt to measure risk, effectively we are trying to gain knowledge about our lack of knowledge! It can be done, but it isn’t easy.

I have faulted some of the ways that technology has been applied to risk management, but this does not mean that I oppose technology. Technology is one of the most valuable tools available for managing risk. Much of my consulting work is highly technical. Just explore this site. You will find it chock full of technical information on such topics as the mathematics of value at risk; credit exposure measurement and risk visualization technology. I count among my clients two software companies who have hired me specifically for my expertise in risk modeling.

Risk is a fascinating and complex notion. The key to successful enterprise risk management is not to simplify risk, but to embrace its complexity.

Risk has always been a focus of my career, and this comes through in the test. The exhibit that appears in Question 1 was taken from a paper I published in 1992.[1] Some of the ideas—especially from my answer to Question 7 (Know Your Client)—made their way into a foundational paper I published in 2004.[2] That paper included a new question that would have been perfect for the test: “If a man jumps out of an airplane without a parachute, is he taking risk?” Consider it the “missing Question 8”.

Of all the answers, the one I would change most today would be that for Question 2 (Gambling). If you like, take another look at that answer and think how you might change it. Of course, you should not accept any of my answers without first challenging them in your mind and exploring alternatives. That is how your risk intuition will grow.


  • [1] Holton, Glyn A. (1992). Time: the second dimension of risk, Financial Analysts Journal, 48 (6), 38-45.
  • [2] Holton, Glyn A. (2004). Defining risk, Financial Analysts Journal, 60 (6), 19–25.



Enter your address for insights that will transform your risk management.

Click the link in the email I just sent you to confirm your address and start your subscription.

Defining Risk

Enter your email address to receive your copy and subscribe to Glyn's Risk Management Newsletter.

Click the link in the email I just sent you to download your paper and start your subscription.

Send this to a friend