Failure 05 — Risk modeled as binary, not probabilistic

The annual S&OP risk review at MIC. The risk register row reads "Taiwan supplier disruption: $14M what-if impact." Somebody asks if it's worth qualifying an alternate supplier; the qualification cost is roughly $1.1M plus $0.3M annual. The conversation circles for twenty minutes, somebody says "we'll look at it next quarter," and the meeting moves on. The number is wrong because the question is wrong. A risk is not binary. It has a probability over a horizon, a magnitude distribution, and a scope.

The real question is: as the disruption probability moves from 20% to 30% to 40% over the next ninety days, what happens to revenue, margin, and cash across the realistic distribution of futures? And given that probability curve, how much premium is justified to mitigate? With probabilistic risk modeling the conversation becomes concrete. The Taiwan supplier risk: probability 30% over 90 days, magnitude distribution centered on 18 days with a tail to 45, scope of 40% of bearing revenue. Expected EVA impact across the distribution: $4.2M. Mitigation cost: $1.4M total. Break-even probability: 8 percentage points. The mitigation is justified at less than half the registered probability.

Six months later, when the supplier does have a 14-day hold, the cost is $0.4M not $2M — because the alternative supplier had been qualified, capacity was reserved, and the cutover was a phone call not a fire drill. The difference between knowing a risk exists and knowing what it costs is the difference between a register row and a decision.