Table of Contents:
The term Risk is used in many ways and is given different definitions depending on the field and context. Common to most definitions of risk is uncertainty and undesirable outcomes. stakeholdermap.comDefinitions of risk range from narrow definitions - risks to people or machinery resulting from hazards - to wide definitions that see risk as any uncertainty of outcome. The table below lists ten (10) definitions of risk from different industries and standards.
The Definitions |
Source |
|---|---|
Business"[Risk is] A probability or threat of damage, injury, loss, or any other negative occurrence that is caused by external or internal vulnerabilities, and that may be avoided through preemptive action." |
Business Dictionary |
Engineering[Risk is] The likelihood of variation in the occurrence of an event, which may have either positive or negative consequences. |
Risk Analysis and Management of Projects (RAMP) |
General English Usage"[Risk is] a situation involving exposure to danger: 'flouting the law was too much of a risk' |
Oxford Dictionaries
|
Information Security"[Risk is the] combination of the risk of exposure and the impact = combination of (likelihood of the the threat being able to expose an element(s) of the system) and impact" |
BSi - Information Security Risk Management ISO/IEC 27001 |
IT Service Management[Risk is] A possible event that could cause harm or loss, or affect the ability to achieve objectives. A risk is measured by the probability of a threat, the vulnerability of the asset to that threat, and the impact it would have if it occurred. Risk can also be defined as uncertainty of outcome, and can be used in the context of measuring the probability of positive outcomes as well as negative outcomes. |
ITIL |
| Definition | Source |
|---|---|
Programme Management[Risk is] An uncertain event or set of events which, should it occur, will have an effect on the achievement of objectives; a risk is measured by a combination of the probability of a perceived threat or opportunity occurring and the magnitude of its impact on objectives. |
Managing Successful Programmes (OGC) |
Project ManagementWhat all definitions [of risk] have in common is agreement that risk has two characteristics: |
Idiots Guide to Project Management |
[Risk is the] Combination of the probability or frequency of occurrence of a defined threat or opportunity and the magnitude of the consequences of the occurrence. |
Association of Project Management |
[Risk is] An uncertain event or set of events that, should it occur, will have an effect on the achievement of objectives. A risk is measured by a combination of the probability of a perceived threat or opportunity occurring, and the magnitude of its impact on objectives. |
PRINCE2 Glossary of terms |
Software Development[Risk is] An ongoing or upcoming concern that has a significant probability of adversely affecting the success of major milestones. |
Rational Unified Process 2000 |
Analysis of the Definitions
Breadth of Scope
Narrow Definitions: Some industries, particularly those dealing with physical safety (e.g., construction, manufacturing), tend to focus on risks to people or machinery resulting from specific hazards.Broad Definitions: Other fields, such as finance or strategic management, view risk as any uncertainty that could affect outcomes, whether positively or negatively.
Emphasis on Probability vs. Impact
Some definitions, like those in project management, emphasize both the probability of an event occurring and the magnitude of its impact. Others, particularly in everyday usage, focus more on the potential for negative outcomes without explicitly mentioning probability.Inclusion of Positive Outcomes
While most definitions focus on negative consequences, some (e.g., ITIL, RAMP) acknowledge that risk can also involve the possibility of positive outcomes or opportunities.Context-Specific Elements
Information security definitions often include elements specific to their field, such as threats and vulnerabilities. Business-oriented definitions may emphasize the potential for preemptive action to mitigate risks.Common Themes in Risk Definitions
While definitions of risk vary, they often share some common elements:- Uncertainty: Most definitions acknowledge that risk involves an unknown or uncertain element.
- Potential for Negative Outcomes: Many definitions focus on the possibility of adverse effects or losses.
- Probability: Risk often involves the likelihood or chance of an event occurring.
- Impact: The magnitude of the consequences is frequently considered part of risk.
Download this list 10 risk definitions
Risk Definition - references
ITIL® glossary and abbreviationsRisk Analysis and Management of Projects (RAMP), UK, web site circa 1998
Abstracted from Association of Project Management (UK) APMP Syllabus 2nd Edition, January 2000, Abridged Glossary of Project Management Terms (Rev.4)
Baker, K and Baker, S. 2000. Idiots Guide to Project Management, alpha books.
OGC, Managing successful programmes (Office of Government Commerce), London: TSO, 2007 pg. 51. Latest edition Managing successful programmes
BSi - Information Security Risk Management ISO/IEC 27001 https://shop.bsigroup.com/upload/Standards%20&%20Publications/publications/BIP0076-Chapter1.pdf
Oxford Dictionaries https://www.oxforddictionaries.com/definition/english/risk
Business Dictionary https://www.businessdictionary.com/definition/risk.html
PRINCE2 Glossary of terms https://www.stakeholdermap.com/prince2/prince2-glossary-R-records.html