is the chance of something happening that will impact on the achievement
is more than a four-letter word. It is a powerful concept that describes
uncertain events or uncertain outcomes. Everyone encounters and deals
with risk every day. It is present in virtually every human situation.
Although there is much discussion as to the best definition of risk, most
people would agree that "uncertainty about future events" is
central to the definition of risk.
we believe that all effective management processes start with the organization's
stated objectives. Thus, we see risk as the potential variance of outcomes
from objectives. Our definition of risk includes the possibility that
the risk could be a negative variance or threat to the achievement of
objectives, or alternatively a positive variance or opportunity for
achieving objectives. This definition can be illustrated by the following
drawing, where the blue line represents an uncertain outcome that varies
from a defined objective:
a group whose objectives include public safety could identify risks
that threaten the achievement of that objective such as uncertainties
caused by pathogens or flood or fire or criminal activity. Conversely,
public prevention programs and communications may mitigate the likelihood
or impact of these threats.
firm there may be risks that are both opportunities and threats to the
achievement of a resource optimization objective. Uncertain costs and
uncertain levels of customer adoption might be identified as risks to
the resource optimization objectives of on-line procurement or information
kiosks. These uncertainties could result in a positive or a negative variance
from stated objectives. To learn more about risk,
contact us or watch this website for our published articles.
Most categories of risk fall within a hierarchy that distinguishes internal
from external risks and risk pertaining to direction (strategic risk)
from risks pertaining to implementation such as hazard, operational and
financial risks. Information risk is common to them all. The attached
Glossary defines these terms.
Uncertainty driven by changes outside the organization such as economic,
demographic, technological and government policy changes.
Risks (inside the organization)
Direction as a source of Risk:
Risk: Uncertainties driven by government policy, budget constraints,
changes in customers' needs.
Risk: In government organizations, changes in priorities and policies.
Risk: Events or outcomes that could impact the public perception
of a firm's products, or services.
and Safety: Physical hazards and opportunities for improved security
Risks to the environment including air, water, earth, and natural
Risk pertaining to how we manage operations and deliver services including
human resources, processes, systems and security.
e.g. financial market rates, credit, liquidity.
Common to all of the above risks; errors or improvements in forecasting,
and risks related to relevance, reliability, and timeliness of information.