4.1 ON RISK TAXONOMIES
It seems challenging to reach a consensus on the taxonomy of risks. This is probably due to the fact that different taxonomies are generated from different perspectives. The taxonomy may be based on the adverse event, on the nature of the resource exposed, on the nature of the consequences, and so on. The taxonomy may also be based on the supposed cause of the event, or even on the insurability of the loss.
In this section, we will analyse existing taxonomies to try to get a reasonable definition and scope of operational risks.
4.1.1 Strategic versus Operational Risk
It is probably best to start with a definition of risk. We will use the ISO definition of risk, as the “effect of uncertainty on objectives.”
This definition has the advantage of being extremely concise, and at the same time to contain several important components: “objectives”, “effect”, and “uncertainty”.
The first interesting point to notice is that the definition does not explicitly specify whether the supposed effect of uncertainty is considered when setting the objectives or when achieving or trying to achieve the objectives. Although the ISO standard mentions in a further note “an effect is a deviation from the expected”, therefore putting focus on the execution rather than on the definition, we believe that both effects should be considered. On one hand, the perceived uncertainty may influence the definition of objectives, and on ...