What is Risk?

Risk is the possibility of experiencing harm or loss.

People take risks for a good reason: To profit, to change their life, to try another approach that is more promising. They take risks in the hope of a favorable outcome.

The four stages of the risk process are:

1. Risk Identification

2. Risk Analysis

3. Risk Planning (selection and implementation of countermeasures, when the risks are above our risk appetite)

4. Implementation of countermeasures, monitoring, reporting and reviewing Risk Management actions against objectives.

Sometimes risks have to do with exposure to changes.

A change is always a risk. This is the reason we always authorize, test and document changes.

According to the Stanford Encyclopedia of Philosophy, in non-technical contexts, the word risk refers, often rather vaguely, to situations in which it is possible but not certain that some undesirable event will occur.

In technical contexts, the word has several more specialized uses and meanings.

Five of these are particularly important since they are widely used across disciplines:

1. Risk is an unwanted event which may or may not occur.

An example of this usage is: "Lung cancer is one of the major risks that affect smokers."

2. Risk is the cause of an unwanted event which may or may not occur.

An example of this usage is: "Smoking is by far the most important health risk in industrialized countries." (The unwanted event implicitly referred to here is a disease caused by smoking.)

Both (1) and (2) are qualitative senses of risk.

The word also has quantitative senses, of which the following is the oldest one:

3. Risk is the probability of an unwanted event which may or may not occur.

This usage is exemplified by the following statement: "The risk that a smoker's life is shortened by a smoking-related disease is about 50%."

4. Risk is the statistical expectation value of an unwanted event which may or may not occur.

The expectation value of a possible negative event is the product of its probability and some measure of its severity.

It is common to use the number of killed persons as a measure of the severity of an accident.

With this measure of severity, the "risk" (in sense 4) associated with a potential accident is equal to the statistically expected number of deaths.

Other measures of severity give rise to other measures of risk.

Although expectation values have been calculated since the 17th century, the use of the term "risk" in this sense is relatively new.

Today it is the standard technical meaning of the term "risk" in many disciplines.

It is regarded by some risk analysts as the only correct usage of the term.

5. Risk is the fact that a decision is made under conditions of known probabilities ("decision under risk" as opposed to "decision under uncertainty").

In a corporate or in a military environment, risk is a measure of future uncertainties in achieving performance goals and objectives within defined cost, schedule and performance constraints.

Risk can be associated with all aspects of a program (e.g., threat, technology maturity, supplier capability, design maturation, performance against plan).

Risk addresses the potential variation in the planned approach and its expected outcome.

Such variation could include positive as well as negative effects.

There are many different types of risks.

All investments, for example, involve some degree of risk. In finance, risk refers to the degree of uncertainty and/or potential financial loss inherent in an investment decision.

In general, as investment risks rise, investors seek higher returns to compensate themselves for taking such risks.

With a stock, you are purchasing a piece of ownership in a company.

With a bond, you are loaning money to a company.

Returns from both of these investments require that that the company stays in business.

If a company goes bankrupt and its assets are liquidated, common stockholders are the last in line to share in the proceeds.

If there are assets, the company's bondholders will be paid first, then holders of preferred stock.

If you are a common stockholder, you get whatever is left, which may be nothing.

Volatility Risk - Even when companies aren't in danger of failing, their stock price may fluctuate up or down.

Large company stocks as a group, for example, have lost money on average about one out of every three years.

Market fluctuations can be unnerving to some investors.

A stock's price can be affected by factors inside the company, such as a faulty product, or by events the company has no control over, such as political or market events.

Inflation Risk - Inflation is a general upward movement of prices. Inflation reduces purchasing power, which is a risk for investors receiving a fixed rate of interest.

The principal concern for individuals investing in cash equivalents is that inflation will erode returns.

Interest Rate Risk - Interest rate changes can affect a bond's value.

If bonds are held to maturity the investor will receive the face value, plus interest.

If sold before maturity, the bond may be worth more or less than the face value.

Rising interest rates will make newly issued bonds more appealing to investors because the newer bonds will have a higher rate of interest than older ones.

To sell an older bond with a lower interest rate, you might have to sell it at a discount.

Liquidity Risk - This refers to the risk that investors won't find a market for their securities, potentially preventing them from buying or selling when they want.

This can be the case with the more complicated investment products.

It may also be the case with products that charge a penalty for early withdrawal or liquidation such as a certificate of deposit (CD).

Accumulation Risk - Not investing may result in insufficient funds to accomplish life's goals.

For most people, the only way to attain financial security is to save and invest over a long period of time.

Credit risk - arises from an inability or unwillingness by borrowers to meet their obligations to an institution, such as repaying a loan.

Market risk - arises from changes in market rates or prices (i.e. interest rates, foreign exchange rates, equity, commodity and property prices) or from inaccuracies in accounting for these risks.

Insurance risk - arises when actual insurance claims exceed the estimates on which the insurance premiums have been based. The value of insurance liabilities is inherently uncertain due to their dependence on contingent events, such as death, accident, law suits or property damage.

Operational risk - arises from breakdowns or deficiencies in internal processes, technology failures, human errors, fraud and natural disasters.
Legal and regulatory risk — arises from an institution's failure to comply with laws, regulations or prescribed practices.

Strategic risk - arises from an institution's inability to implement appropriate business plans and strategies, or adapt to changes in its business environment.

Related-party risk - relates to the risk that an institution will suffer, directly or indirectly, from losses incurred or actions taken by its associated entities.

Every Monday

Top 10 risk and compliance management related news stories and world events

Do you want to receive every Monday the Top 10 risk and compliance management related news stories and world events that (for better or for worse) shaped the week's agenda, and what is next?

You may submit the form that follows. We meet strict national and international privacy standards. You can unsubscribe at any time.

Join the International Association of Risk and Compliance Professionals (IARCP). Membership

Reading Room

Certified Risk and Compliance Management Professional (CRCMP)

Certified Information Systems Risk and Compliance Professional (CISRCP)

Privacy and Compliance with the Federal Trade Commission Fair, the California Online Privacy Protection Act, the Children Online Privacy Protection Act, the Privacy Alliance, the Controlling the Assault of Non-Solicited Pornography and Marketing Act