What is Risk?

What is risk? There's a lot of research into all types of risk, but in my experience, I have found that most people and organisations don't completely grasp the concept. In this article, I will try and cut through the fancy words and “businesslese” (the formal and technical language of business governance documents) and answer the question: What is risk?

In my experience, risk is a very wide term that can encompass a range of situations, actions, activities, life experiences or anything else that results in uncertainty or the unknown. And every person and organisation’s tolerance for risk or willingness to accept risk is based on their unique perspective and experience.

Take me as an example. I regularly conduct ISO management system training, implement Enterprise Risk Management and other management systems at globally leading organisations, and then on weekends, I skydive. I willingly throw myself out of a moving aircraft at 11,000ft (about 3. 3km) above ground level. And the only 2 things that will save my life fit in a tiny pack on my back. Most people would say this makes me a risk-taker, but it’s just another weekend for me.

Entomology of Risk

Without applying too much thinking to the process, and without going into the intricacies of risk measurement I have pulled together risk definitions from these sources:

  • Google Oxford
  • Online Entomology Dictionary
  • COSO Enterprise Risk Management – Integrated Framework
  • ISO 31000 Risk Management

What is Risk according to Google and Oxford?

A quick search on Google, through their partnership with Oxford, gives us this on "risk":

  • noun
    • a situation involving exposure to danger.
    • "flouting the law was too much of a risk"
  • verb
    • expose (someone or something valued) to danger, harm, or loss.
    • "he risked his life to save his dog"

Okay, that gives us a basic concept of “What is Risk”. I think we can expand a bit more on this basic interpretation, so let’s see what the Online Entomology Dictionary has for us.

What is Risk according to the Online Entomology Dictionary?

If we ask, “what is risk” in the Online Entomology Dictionary, we can start looking at the roots of risk and start to understand what environments and conditions necessitated the usage of the word “risk”.

I would not describe myself as an entomologist, but by reading over the definitions a picture forms of pirates and bounty on the open seas, sailing off into the unknown.

  • risk (n.)
    • 1660s, risque, “hazard, danger, peril, exposure to mischance or harm,” from French risque (16c.), from Italian risco, riscio (modern rischio), from riscare “run into danger,” a word of uncertain origin.
    • The Englished spelling is recorded by 1728. Spanish riesgo and German Risiko are Italian loan-words. The commercial sense of “hazard of the loss of a ship, goods, or other properties” is by 1719; hence the extension to “chance taken in an economic enterprise.”
    • Paired with run (v.) from 1660s. Risk aversion is recorded from 1942; risk factor from 1906; risk management from 1963; risk-taker from 1892.
  • Risk (v.)
    • 1680s, “expose to chance of injury or loss,” from risk (n.), or from French risquer, from Italian riscare, rischaire, from the noun. By 1705 as “venture upon, take the chances of.” Related: Risked; risks; risking.

What is Risk in Business?

I’ve been looking at the origins of the word and asking, what is risk? We’ve gained some clear insight into the meaning, but how does that apply to a business or organisation these days?

To answer this question, I looked at the leading Enterprise Risk Management Standards/Frameworks implemented by organisations and businesses worldwide. The primary frameworks are:

  • COSO Enterprise Risk Management – Integrated Framework
  • ISO 31000:2018 Risk Management Guidelines

We have come a long way from sailing off into the unknown and possibly losing the whole cargo to either pirates or mother nature. When we look at COSO and ISO 31000 we can see that these definitions have a clear focus on objectives.

What is Risk according to COSO?[1]

Risk is defined by COSO as “the possibility that events will occur and affect the achievement of strategy and business objectives.” Risks considered in this definition include those relating to all business objectives, including compliance.

What is Risk according to ISO 31000?

effect of uncertainty (3.1.3) on objectives (3.1.2)

Note 1 to entry: An effect is a deviation from the expected. It can be positive, negative or both, and can address, create or result in opportunities (3.3.23) and threats (3.3.13).

Note 2 to entry: Objectives can have different aspects and categories and can be applied at different levels.

Note 3 to entry: Risk is usually expressed in terms of risk sources (3.3.10), potential events (3.3.11), their consequences (3.3.18) and their likelihood (3.3.16).

Risk Management

We’ve looked at the dictionary definitions of “what is risk” and we’ve looked at risk from a business and organisational management point. And the thing that stands out to me in the business definition of risk is “objectives” and uncertainty around those objectives. So, in other words, if you don’t have objectives, you don’t have risk.

Once we have our objectives, we can start looking at our risks. And this is where the Risk Management process comes in. ISO 31073:2022 Risk management — Vocabulary describes the risk management process as:

“coordinated activities to direct and control an organization (3.3.7) with regard to risk (3.1.1)

I will discuss Risk Management in my next article, so be sure to Sign Up for our newsletter.

In Closing

Risk is something that we live with every day, and we all have different risk appetites. In business, our risks directly correlate to our objectives, so without clearly defined objectives, it is impossible to measure our risk accurately.

I hope you enjoyed this article.

Please Sign Up for our newsletter and be on the lookout for our next article: What is Risk Management?

[1] Committee of Sponsoring Organizations of the Treadway Commission

Enquire Now

Want to know more? Contact us today for any questions.

We will use this information to contact you about this enquiry only and not for marketing purposes.


Leave a Reply

Table of Contents

Enquire Now

Interested in this course? Let's help you get started.
We will use this information to contact you about this enquiry only and not for marketing purposes.
Click here to download this article.

More Quality Articles

There are 7 Critical Steps to Pass Audits. Carina takes your through these steps.
Introduction Enterprise Risk Management (ERM) is describing a Risk Matrix (ERM Risk Matrix) as a tool for ranking and displaying risks by defining ranges for consequ…
What is a Compliance Management System (CMS)? For organizations seeking growth and long-term success, adhering to compliance obligations is not an option, is a must…
What is ISO 18788? ISO 18788 specifies the requirements and provides guidance for organizations that conduct or contract security operations.Moreover, it provide…
Information Security Management Network segregation is the tool used for dividing a network into smaller parts which are called subnetworks or network segments. Yo…
Information Security Management The popularity of the terms “data controller” and “data processor” has sharply increased in recent years. In part because of the sig…
The ability to predict what the future holds and choosing effectively among varying alternatives lies at the centre of contemporary societies and organizations. Ri…
“Food Safety” refers to the prevention, elimination and control of foodborne diseases at the stage of consumption. In a globalized world, the impact of food safety ha…
Six Sigma Benefits Reducing Waste Improving Time Management Increase Customer Loyalty Boost Employee Motivation Higher Revenues and Lower Costs Six Sigma has prov…
As the threat of energy-resource depletion has emerged, the global demand for energy is increasing constantly. Provided that billions of people still have no access…
Is your Business protected against a breach of data and software? Are you Internationally Certified to be able to prevent hackers from stealing your organization’s v…
The education industry has gone through tremendous changes over the last decades in terms of educational opportunities, teaching methods, availability of reading…
The Three P(’s)illars of Sustainability The concept of the “triple bottom line” was firstly introduced in 1994 by John Elkington, with the idea of organizations pre…
A politically inclined attack or just a ‘simple’ lack of security awareness? Whatever the case, the cyber-attack that hit Marriott was huge. This was the joint second…