It may not take a rocket scientist to solve most problems, but that isn't necessarily the case when it comes to risk quantification. Just ask Beaumont Vance, senior risk manager at Sun Microsystems Inc. Vance has been trying to put a dollar value on operational risks, and he has found a pretty novel solution–courtesy of the National Aeronautics and Space Administration (NASA)–called expert elicitation. At NASA, the process is used to measure Space Shuttle risks; at Sun, Vance is focusing on operational risk, "trying to quantify what in the past has been unquantifiable."

A couple of PhD statisticians from Sun's engineering side introduced NASA's probabilistic calculation to the risk manager. He presents a simple analogy of how expert elicitation works: "If you ask 100 people at a county fair to guesstimate the number of jelly beans in a jar, then take their answers and average them out, the answer converges on reality," says Vance, who is based in the Denver office of the $11.5 billion IT service, software and hardware company. "It's pretty amazing."

Vance has applied expert elicitation to Sun's operational risks in the past year–measuring, for example, the risks of expanding into a foreign location or the possibility of a massive California earthquake. "We bring in a group of people who are experts in the area of the risk we're assessing, and then sit them down with our risk management department," he says. "The experts flesh out the drivers [of the risk] and calculate them numerically in terms of probability and severity. We then multiply the monetary numbers for probability and severity, and subtract out planned mitigation strategies. The metric we end up with at the end is compared to similarly produced metrics on other risks, giving us a way to rank operational risks for capital allocation purposes."