top of page
  • Rory Roberts

What is the definition of a Risk?

What is the definition of the word risk? Even amongst risk professionals you will get many different answers if you ask this question. A quant might tell your that a delta on an equity option is a risk, and indeed it is a measure of risk, for the purposes of risk identification it is essential that we have one agreed upon definition of risk across all stakeholders. If this is not clear, then we will get apples from some stakeholders and oranges from others and we will be comparing apples and oranges.

From ISO31000:

For the purposes of Risk Identification, a risk is: “the effect of uncertainty on objectives”

An effect is a deviation from the expected. It can be positive, negative or both, and can address,

create or result in “opportunities” and “threats”.

A risk should have the following four components to be considered a valid risk:

1. The risk source should be stated.

2. The related potential trigger event should be stated.

3. The consequences of the risk should be stated.

4. The likelihood should be stated.

This definition may be irksome for some of the more quantitative of you, but if you consider even in the quantitative definition the Variance is the measure of the deviation from the expectation and is often thought of as the degree of risk in an investment.

We note carefully that a risk may be either a harmful or beneficial event. If a very beneficial event occurs from which we profit, and we were unaware of the possibility or probability of this event occurring then it may be equally likely that a harmful event could occur round the same event. This can be important in thinking of possible risks, we should ask our stakeholders to think of the likely unexpected factors, it is of course the unexpected harmful risks we are seeking to mitigate.

While it is important to define what we mean by risk, it is also important to be clear about where we are looking for a particular risk. If we do not narrow the scope of the search for our stakeholders, we are likely to have many overlapping and out of context risks gathered.

When we ask a subject matter expert or business expert about their perceived risks, we are asking them about their perceived risks in their specific business area. This way if we select a comprehensive sample of business representatives across our organisation, we should get a comprehensive and more independent and mutually exclusive registry of risks coming from our risk identification process.

Using the above information, a set of questions can be formulated to our stakeholders as follows:

1. “In your business area, what do you see as being the biggest threat to the achievement of your strategic objectives?”

2. “What is the source of this perceived risk?”

3. “What event do you think could trigger the perceived risk?”

4. “What would the impact of the perceived risk be in the worst-case scenario?”

5. “What is your estimation of the likelihood of this risk occurring?

1 view0 comments

Recent Posts

See All

How to Measure the Impact of a Risk

Loss View A simple worst case loss view can be taken per risk in cash amount, usually defined as the worst case loss from the Risk Manifesting at its highest severity. Severity is generally viewed as

How to measure the probability of a Risk

There are several probability measures that an organization might use in a risk identification process, including: I. Qualitative probability: Qualitative probability involves using subject

Embedding Risk Identification into your Company

To embed a risk identification process into a company: I. Run the risk identification process periodically, updating the risk register and taking action on the material risks, it is importa


bottom of page