Risk is the chance of something happening that will impact on the achievement of objectives.

Risk is more than a four-letter word. It is a powerful concept that describes uncertain events or uncertain outcomes. Everyone encounters and deals with risk every day. It is present in virtually every human situation. Although there is much discussion as to the best definition of risk, most people would agree that "uncertainty about future events" is central to the definition of risk.

At LESRISK we believe that all effective management processes start with the organization's stated objectives. Thus, we see risk as the potential variance of outcomes from objectives. Our definition of risk includes the possibility that the risk could be a negative variance or threat to the achievement of objectives, or alternatively a positive variance or opportunity for achieving objectives. This definition can be illustrated by the following drawing, where the blue line represents an uncertain outcome that varies from a defined objective:

For example, a group whose objectives include public safety could identify risks that threaten the achievement of that objective such as uncertainties caused by pathogens or flood or fire or criminal activity. Conversely, public prevention programs and communications may mitigate the likelihood or impact of these threats.

For another firm there may be risks that are both opportunities and threats to the achievement of a resource optimization objective. Uncertain costs and uncertain levels of customer adoption might be identified as risks to the resource optimization objectives of on-line procurement or information kiosks. These uncertainties could result in a positive or a negative variance from stated objectives. To learn more about risk, contact us or watch this website for our published articles.

Risk Categories

Most categories of risk fall within a hierarchy that distinguishes internal from external risks and risk pertaining to direction (strategic risk) from risks pertaining to implementation such as hazard, operational and financial risks. Information risk is common to them all. The attached Glossary defines these terms.
External Risk (outside the organization)
Uncertainty driven by changes outside the organization such as economic, demographic, technological and government policy changes.

Internal Risks (inside the organization)

  Direction as a source of Risk:

  • Strategic Risk: Uncertainties driven by government policy, budget constraints, changes  in customers' needs.
  • Political Risk: In government organizations, changes in priorities and policies.
  • Reputational Risk: Events or outcomes that could impact the public perception of a firm's products, or services.


  • Hazard:
    • Health and Safety: Physical hazards and opportunities for improved security and well-being.
    • Ecological: Risks to the environment including air, water, earth, and natural resources.
  • Operational: Risk pertaining to how we manage operations and deliver services including human resources, processes, systems and security.
  • Financial: e.g. financial market rates, credit, liquidity.
  • Informational: Common to all of the above risks; errors or improvements in forecasting, and risks related to relevance, reliability, and timeliness of information.