Definitions of risk
The Oxford English Dictionary definition of risk is as follows: 'a chance or possibility of danger, loss, injury or other adverse consequences' and the definition of at risk is 'exposed to danger'. In this context, risk is used to signify negative consequences. However, taking a risk can also result in a positive outcome. A third possibility is that risk is related to uncertainty of outcome.
Types of risks
Risk may have positive or negative outcomes or may simply result in uncertainty. Therefore, risks may be considered to be related to an opportunity or a loss or the presence of uncertainty for an organization. Every risk has its own characteristics that require particular management or analysis. In this book, as in the Guide 73 definition, risks are divided into three categories:
• hazard (or pure) risks;
• control (or uncertainty) risks;
• opportunity (or speculative) risks.
Risk description
In order to fully understand a risk, a detailed description is necessary so that a common understanding of the risk can be identified and ownership/responsibilities may be clearly understood. Table 1.2 provides information on the range of information that must be recorded to fully understand a risk. The list of information set out in Table 1.2 is most applicable to hazard risks and the list will need to be modified to provide a full description of control or opportunity risks.
Inherent level of risk
It is important to understand the uncontrolled level of all risks that have been identified. This is the level of the risk before any actions have been taken to change the likelihood or magnitude of the risk. Although there are advantages in identifying the inherent level of risk, there are practical difficulties in identifying this with certain types of risks.
Risk classification systems
Risks can be classified according to the nature of the attributes of the risk, such as timescale for impact, and the nature of the impact and/or likely magnitude of the risk. They can also be classified according to the timescale of impact after the event occurs. The source of the risk can also be used as the basis of classification. In this case, a risk may be classified according to its origin, such as counterparty or credit risk.
Risk likelihood and magnitude
Risk likelihood and magnitude are best demonstrated using a risk map, sometimes referred to as a risk matrix. Risk maps can be produced in many formats. Whatever format is used for a risk map, it is a very valuable tool for the risk management practitioner. The basic style of risk map plots the likelihood of an event against the magnitude or impact should the event materialize.