What is risk? There's a lot of research into all types of risk, but in my experience, I have found that most people and organisations don't completely grasp the concept. In this article, I will try and cut through the fancy words and “businesslese” (the formal and technical language of business governance documents) and answer the question: What is risk?
In my experience, risk is a very wide term that can encompass a range of situations, actions, activities, life experiences or anything else that results in uncertainty or the unknown. And every person and organisation’s tolerance for risk or willingness to accept risk is based on their unique perspective and experience.
Take me as an example. I regularly conduct ISO management system training, implement Enterprise Risk Management and other management systems at globally leading organisations, and then on weekends, I skydive. I willingly throw myself out of a moving aircraft at 11,000ft (about 3. 3km) above ground level. And the only 2 things that will save my life fit in a tiny pack on my back. Most people would say this makes me a risk-taker, but it’s just another weekend for me.
Entomology of Risk
Without applying too much thinking to the process, and without going into the intricacies of risk measurement I have pulled together risk definitions from these sources:
- Google Oxford
- Online Entomology Dictionary
- COSO Enterprise Risk Management – Integrated Framework
- ISO 31000 Risk Management
What is Risk according to Google and Oxford?
A quick search on Google, through their partnership with Oxford, gives us this on "risk":
- a situation involving exposure to danger.
- "flouting the law was too much of a risk"
- expose (someone or something valued) to danger, harm, or loss.
- "he risked his life to save his dog"
Okay, that gives us a basic concept of “What is Risk”. I think we can expand a bit more on this basic interpretation, so let’s see what the Online Entomology Dictionary has for us.
What is Risk according to the Online Entomology Dictionary?
If we ask, “what is risk” in the Online Entomology Dictionary, we can start looking at the roots of risk and start to understand what environments and conditions necessitated the usage of the word “risk”.
I would not describe myself as an entomologist, but by reading over the definitions a picture forms of pirates and bounty on the open seas, sailing off into the unknown.
- risk (n.)
- 1660s, risque, “hazard, danger, peril, exposure to mischance or harm,” from French risque (16c.), from Italian risco, riscio (modern rischio), from riscare “run into danger,” a word of uncertain origin.
- The Englished spelling is recorded by 1728. Spanish riesgo and German Risiko are Italian loan-words. The commercial sense of “hazard of the loss of a ship, goods, or other properties” is by 1719; hence the extension to “chance taken in an economic enterprise.”
- Paired with run (v.) from 1660s. Risk aversion is recorded from 1942; risk factor from 1906; risk management from 1963; risk-taker from 1892.
- Risk (v.)
- 1680s, “expose to chance of injury or loss,” from risk (n.), or from French risquer, from Italian riscare, rischaire, from the noun. By 1705 as “venture upon, take the chances of.” Related: Risked; risks; risking.
What is Risk in Business?
I’ve been looking at the origins of the word and asking, what is risk? We’ve gained some clear insight into the meaning, but how does that apply to a business or organisation these days?
To answer this question, I looked at the leading Enterprise Risk Management Standards/Frameworks implemented by organisations and businesses worldwide. The primary frameworks are:
- COSO Enterprise Risk Management – Integrated Framework
- ISO 31000:2018 Risk Management Guidelines
We have come a long way from sailing off into the unknown and possibly losing the whole cargo to either pirates or mother nature. When we look at COSO and ISO 31000 we can see that these definitions have a clear focus on objectives.
What is Risk according to COSO?
Risk is defined by COSO as “the possibility that events will occur and affect the achievement of strategy and business objectives.” Risks considered in this definition include those relating to all business objectives, including compliance.
What is Risk according to ISO 31000?
effect of uncertainty (3.1.3) on objectives (3.1.2)
Note 1 to entry: An effect is a deviation from the expected. It can be positive, negative or both, and can address, create or result in opportunities (3.3.23) and threats (3.3.13).
Note 2 to entry: Objectives can have different aspects and categories and can be applied at different levels.
Note 3 to entry: Risk is usually expressed in terms of risk sources (3.3.10), potential events (3.3.11), their consequences (3.3.18) and their likelihood (3.3.16).
We’ve looked at the dictionary definitions of “what is risk” and we’ve looked at risk from a business and organisational management point. And the thing that stands out to me in the business definition of risk is “objectives” and uncertainty around those objectives. So, in other words, if you don’t have objectives, you don’t have risk.
Once we have our objectives, we can start looking at our risks. And this is where the Risk Management process comes in. ISO 31073:2022 Risk management — Vocabulary describes the risk management process as:
“coordinated activities to direct and control an organization (3.3.7) with regard to risk (3.1.1)”
I will discuss Risk Management in my next article, so be sure to Sign Up for our newsletter.
Risk is something that we live with every day, and we all have different risk appetites. In business, our risks directly correlate to our objectives, so without clearly defined objectives, it is impossible to measure our risk accurately.
I hope you enjoyed this article.
Please Sign Up for our newsletter and be on the lookout for our next article: What is Risk Management?
 Committee of Sponsoring Organizations of the Treadway Commission