If you want a perfect example of the entitlement mentality, look no further than the Las Vegas casinos, where counting cards while playing blackjack gets you ejected from the game.

The casinos consider themselves so entitled to a statistically guaranteed profit that skillful play breaks the rules.

Card counting is risk management, a discipline that divides responses to random, unfortunate events into four categories:

  • Prevention (also known as avoidance), reducing the likelihood that a risk will actually happen.
  • Mitigation, limiting the damage it would do if it does.
  • Insurance, spending now so that if it happens, you’ll recoup your financial loss.
  • Acceptance, hoping the risk doesn’t become real, and taking your lumps if it does.

Card counting supports both prevention and mitigation — prevention because card counters can better predict whether accepting another card will bust their hand and whether the dealer’s play will bust the house’s hand; mitigation because when the cards remaining in the deck tilt the odds toward the house, they bet less, reducing their losses.

The prevent/mitigate/insure/accept framework is just the ticket for risks you’re able to spot. Sadly, though, we human beings just aren’t all that good at spotting them, especially for plans we deeply want to succeed. One of the most important reasons, described in In Daniel Kahneman’s must-read book, Thinking, Fast and Slow (seriously … you must read it), is “overconfident optimism” — the tendency most people have to tell themselves and each other persuasive-sounding stories rather than basing decisions on objective evidence.

And so, over and over again, plans fail.

As you’ll recall from last week’s column, Success = aI + bE + cL, where a, b, and c are weighting factors, and I, E, and L stand for idea, execution, and luck. Success comes from some combination of a workable idea, strong execution, and good luck.

But what does “good luck” really mean? It has two components. One is that risks you failed to anticipate didn’t turn into reality — bad things that might have happened didn’t happen, like, for example, everyone on the project team coming down with the flu.

The other is that factors beyond your control that affect your success turned out well … for example, here in Minnesota we had an unseasonably warm and dry winter, which means the state spent far less for both snow removal and heating government offices than it had budgeted. This good luck contributed to a surplus — financial success due entirely to L.

Risk management is the discipline of reducing “c” and increasing “b” — of moving as much of the impact of random chance as possible out of the realm of Luck and into the realm of Execution.

Say, for example, company leadership decides it’s time to take you seriously about building information technology into the company’s products … integrating the technology-supported service dimension of the business into what it sells, supporting higher prices and margins.

You work with one of the company’s product managers, putting specifics behind the concept, building it all out, and promoting the daylights out of the result (if I published KJR on YouTube we’d cut to montage of meetings, people sketching on whiteboards, engineers sitting in front of CAD screens, and marketeers sketching on storyboards).

The result is a fiasco. Why? Because while nobody realized it until after the product launch, the whole concept depended on good luck on several fronts, and it didn’t turn up.

How could the company have recognized these risks instead of ignoring them? One alternative: a technique Kahneman relates, invented by his colleague, Gary Klein, called the premortem session. How it works: A group of individuals knowledgeable about the decision … not all of them have to be stakeholders … answer this simple question: “Imagine that we are a year into the future. We implemented the plan as it now exists. The outcome was a disaster. Please take 5 to 10 minutes to write a brief history of that disaster.”

Compare the premortem to the usual, dry risk-planning session, where everyone brainstorms a dreary list of possible risks, after which the project manager drafts contingency plans, all of which are rubber-stamped, except for the ones that involve spending, which are rejected out of hand.

It replaces it with imaginative story-telling … a far better way for people to figure out and explain what really might go wrong. Sometimes, a premortem might kill a superficially plausible but actually unworkable idea. That’s a good thing, and something risk management never does.

More often, rather than killing a bad idea it will improve execution for a good one.

It transforms risk management from afterthought to an integral part of the planning effort.

An executive friend’s complaint: “Why can’t IT get its act together and stop being the Wild West?”

“First it was structured programming,” he continued. “Then it was objects. Now it’s services, and The Cloud. We used to have feasibility, requirements, external design, internal design, construction, testing and roll-out. Now we have Agile, and I can’t keep track of all the kinds of Agile that are all supposed to be the Next Big Thing.” (You could hear the capital letters.)”

“Isn’t it time for IT to figure it out, and be like Accounting where everyone knows how things are supposed to get done?”

What’s a self-important pundit to do? So, socially awkward or not, I answered. “I sure hope not,” is what I said.