The more time I spend reading about risk and talking to people about risk, it is obvious that most organizations and people don’t speak the same risk language. This poses a number of (fairly obvious) problems in risk management. But more on that another time, for now let’s start at the beginning:
To date there is no agreed definition of the concept of risk (Aven, 2012). The etymology of ‘risk’ opens a myriad of interpretations and points to significant issues for organizations attempting to create risk reports or set out risk mitigation strategies. According to Althaus (2005) the origin of the word ‘risk’ is disputed in both literature and in the detailed analysis provided by the Oxford English Dictionary, which described thirteen definitions of the word across cultural origins. For example, the French risqué: danger or inconvenience, predictable or otherwise; the Spanish riesgo: conflict or disagreement and the Arabic rizq: boon, lot, chance or fortune. Never mind standard definitions, there are also different philosophical associations to the term- Thompson (1986) describes 5 of these associations: subjective; objective; real; observed and perceived. According to Slovic (2000) “human beings have invented the concept of ‘risk’ to help them understand and cope with the dangers and uncertainties of life”. One can argue that the natural human need to survive includes certain risk avoidance measures, the innate part of our everyday response to staying alive is not an invention in itself. And let’s not forget the opportunities risk-taking has and will continue to provide us. This is certainly essential both in personal and business advancement.
Because of the dynamic use of the term, companies have attempted to standardize the term ‘risk’ over recent years. The most recognized is that of the International Organization for Standardization (ISO) which outlines risk as “the negative effect of uncertainty on objectives” (ISO, 2009b). Although they provide a basic guideline, you need to go a step further and ensure that the definitions of ‘uncertainty’ and ‘objectives’ is sufficiently understood in your organization as well. A description I particularly like, is provided by Douglas Hubbard who defines risk as a “state of uncertainty where some the possibilities involve a loss, injury, catastrophe or other undesirable outcome.” Hubbard continues to explain that ‘uncertainty’ is the one true outcome which is not known and that there is existence of more than one possibility. This use of ‘uncertainty’ seems to work well as a foundation of what a risk is as a concept; ‘uncertainty’ is less complicated- most people know what is certain and what is not. Even when we know risks to be a certainty, we won’t know their timing or impact for a fact until they occur, and therein lies the uncertainty. If risks are known, good decisions require logic and statistical thinking whereas if some risks are unknown or there is uncertainty, good decisions also require intuition (Gigerenzer, 2014).
Aven (2012) hypothesizes that there has been a gradual change from narrow risk perspectives to broader non-probability based definitions between risk as a concept and how it is measured. ‘Risk’ is then either the uncertainty that the activity has some undesirable consequence or the activity itself. Researchers continue to attempt to lock down the best definition of risk or at least explain the concept best, but till this day concepts and the term ‘risk’ are a source of considerable confusion, even among experts in the field (Hubbard, 2009).
So ‘risk’ is highly subjective and often an emotive, fear driven construct. It can be considered either positive or negative, a noun or a verb (Aven, 2012). The question then to organizations is how do they ensure that what they are saying and meaning is being interpreted the same way by their staff and stakeholders? Can you see the issue of embarking on risk management without defining your risk language first?
Recent Comments