Definitions of risk

This document presents various definitions of risk found in litterature.
It is intended as a tool for students.

The word risks has its origins in the Middle-Ages Italian word risco,meaning jagged rock, used by early insurance companies to indicate the danger at sea.

Beucher(2004)


From the Latin resecum.

Beucher(2004)


Risk is discontinuity

Léger(2006)


Risk is dysfonction

Léger(2006)


Risk is disaster

Léger(2006)


Risk is the difference between what was expected and happened

Léger(2006)


Risk is the Probability of a negative event while considering its consequences.

Léger(2006)


Risk as an undesirable event.

Aubert(2001)


In some situations, risk is equated to a possible negative event.

Aubert(2001)


Levin and Schneider (1997; p. 38) defines risks as “… events that, if they occur, represent a material threat to an entity’s fortune”. Using this definition, risks are the multiple undesirable events that may occur. Applied in a management context, the “entity” would be the organization. Given that perspective, risks can be managed using insurance, therefore compensating the entity if the event occurs; they can also be managed using contingency planning, thus providing a path to follow if an undesirable event occurs. This definition of risk is analogous to the concept of risk as a possible reduction of utility discussed by Arrow (1983).

Aubert(2001)


Risk as a probability function. Some fields, instead of focusing on negative events, are primarily concerned with the probabilities of an event. For example, medicine often focuses solely on the probability of disease (e.g. heart attack), since the negative consequence is death in many cases. It would be useless to focus on the consequence itself since it is irreversible. Odds of occurrence are the key element. Data is used to determine what can influence those probabilities (heredity, smoking habits, cholesterol level, etc.). In its definition of sentinel events (occurrence involving death or serious injury), the Joint Commission on the Accreditation of Healthcare Organizations uses “risk” as the chance of serious adverse outcome (Kobs, 1998). Life insurance adopts this approach and uses mortality tables to evaluate these probabilities. In this context, a “good risk” will be a person with a low probability of dying within a given period (and hence, for the insurance company, a low probability of having to pay a compensation) and a “bad risk” would be a person with a high probability of dying within the period.

Aubert(2001)


Risk as variance. Finance adopts a different perspective of risk, where risk is equated to the variance of the distribution of outcomes. The extent of the variability in results (whether positive of negative) is the measure of risk.

Aubert(2001)


Risk is defined as the volatility of a portfolio’s value (Levine, 2000). Risk management means arbitrating between risk and returns. For a given rate of return, managers will prefer lower volatility but would be likely to tolerate higher volatility if the expected return was thought to be superior. Portfolio managers therefore aim to build a portfolio that is on the efficient frontier, meaning it has “the highest expected return for a given level of risk, and the lowest level of risk for a given expected return” (Schirripa and Tecotzky, 2000; p. 30).

Aubert(2001)


Risk as expected loss. Other fields, such as casualty insurance, adopt a perspective of risk as expected loss. They define risk as the product of two functions: a loss function and a probability function. Car insurance is a good example. In the eventuality of an accident, there is a loss function that represents the extent of the damages to the car, which can range from very little damage to the total loss of the car. There is also a probability function that represents the odds that an incident will occur. The expected loss (risk) is the product of these two functions (Bowers et al. 1986).

While in certain circumstances, the probability of occurrence of an undesirable outcome can be estimated on the basis of past performance characteristics of the object under study (Linerooth- Bayer and Wahlstrom, 1991), in several areas, probabilities are often difficult, if not impossible to assess on the basis of past performance (Barki, Rivard, and Talbot, 1993). Consequently, several risk assessment methods adopt the approach of approximating the probability of undesirable outcomes by identifying and assessing factors that influence their occurrence (Anderson and Narasimhan,1979; Boehm, 1991; Barki et al., 1993).

In a software development context, for instance, Barki et al. [5] have identified such factors, which belong to five broad categories: technological newness, application size, software development team’s lack of expertise, application complexity, and organizational environment. The degree to which each factor is present in a software project will contribute to increase the probability of occurrence of an undesirable outcome (here, project failure). Once this list is drawn, risk management methods try simultaneously to reduce the loss related to the undesirable event itself (such as penalties compensating for delays in the system delivery) or by reducing the probability of occurrence of such an event, by reducing the level of the risk factors (for example, by carefully selecting team members). While the definition of risk is not explicit about probability distribution, these probabilities (taking the form of factors) are taken into account when the risk evaluation is performed.

Aubert(2001)


First it is necessary to define risk – “the combination of the probability of an event and its consequences.”2 There can be more than oneconsequence from an event and the consequences can be positive or negative. For safety and environmental risks, most of theconsequences of interest are negative in value and impact human health in terms of mortality and morbidity risks.

Shortreed(2003)


In business terms, a risk is the possibility of an event which would reduce the value of the business were it to occur. Such an event is called an « adverse event. » Every risk has a cost, and that cost can be (more or less precisely) quantified. The cost of a particular risk during a particular period of time is the probability of an adverse event occurring during the time period multiplied by the downside consequence of the adverse event. The probability of an event occurring is a number between zero and one, with zero representing an event which will definitely not occur and one representing an event which definitely will occur. The consequence of an event is the dollar amount of the reduction in business value which the event will cause if it occurs [Har]

Blakley(2002)


Risk arises because users are consciously aware the information is ofuncertain quality and that relying on poor information , knowledge, or the documents they produce.

Chopra(2003)


In our interviews, several respondents openly acknowledged that they could never achieve 100% security on their own because their risks are often created by the behaviors of others who also lack the incentive to heighten security.

Bennett(2004)


Another way to estimate the intensity of the competition consists of making the link between the principal players’ market shares and the “generic medicines” risk, in other words the percentage of patent medicines’ sales for which the patent will be up during a given period.

GUILHON(1999)


March and Shapira (1987) observe that according to classical decision theory, risk is generally understood to be the distribution of possible outcomes, their likelihood, and their subjective values. In project management, this definition can be applied to time, cost, performance, and many other influential factors in any project that impact these three concerns. However, project managers, firms, and stakeholders rarely share the very same view or opinion of what the possible outcomes are for a project, much less their likelihood. Kahneman