WHAT IS RISK?
From locking our front door to planning for retirement, risk management is an intimate part of our everyday life. We continually identify, mitigate or even acquire risks, often without thinking about it as risk management practice. Yet it is. For all of us, risk means what can go wrong in our lives, and managing risk is how we protect ourselves.
For academics, risk is the uncertainty of an outcome for which you know the distribution of probability (like the throw of a dice), while uncertainty refers to unknown probabilities of occurrence. In this book we will use the ISO definition of risk: the effect of uncertainty on objectives. This definition is particularly suitable for organizations as it highlights the importance of aligning risk management with strategy and business objectives.
Risk doesn't exist in isolation: it needs to be defined and mapped in relation to objectives. A key risk is one that might negatively impact a key objective. Risks or uncertainties that cannot affect a firm's objectives are irrelevant. Mapping risks to objectives is an effective way to encourage risk management discussions in the boardroom and at every level of a company's operations. We understand risks here as uncertainties that have the potential to impact negatively the achievement of objectives. While we will recognize, throughout the book and in particular in Part 2, the benefits and even the returns of taking operational risks, we focus on the downside of risks ...