What is “risk”?

Too many people have no idea what “risk” actually means – let alone how risks can be mitigated or controlled. So let’s try and get to grips in this post with the fundamental principles

Too risky …

Risk is a combination of the harm or damage that an event may cause, and the likelihood that the event will occur. What that means is that the highest risk activities are those that are highly likely to happen and will cause a lot of harm when they do. The lowest risk activities are obviously the reverse of that, events that are unlikely to occur and would cause little harm even if they did

As an example to illustrate this I heard an interesting debate halfway through the year when scientists were preparing to fire up the Large Hadron Collider (LHC) under the Alps. Some people suggested that the event could get out of hand and create a black hole that would swallow the earth. This would be a highly inconvenient event for all of us should it happen. The scare stories were immediately tempered by many qualified scientists who were keen to point out just how minuscule the likelihood of that was. So in “risk” terms, we were talking about high harm versus tiny likelihood – giving an overall low risk score. However, one commentator asked how high the likelihood of planetary oblivion needed to be before the risk became unacceptable. In other words, is a very small chance we will wipe out civilization tolerable? A fair point you might think

But tolerable risk is a difficult concept over which to achieve universal agreement. Some years ago, the Health & Safety Commission published a document entitled “Taking a Sensible Approach to Risk”. This was seen by many at the time to be a reaction to some high profile inappropriate risk management strategies that had been adopted particularly by public sector bodies, especially schools. The problem with quantifying risk is that it is not an exact science. People have different perceptions of what might be the potential harm and particularly the likelihood of it transpiring. When we identify a risk, we have three broad choices for how we deal with it. We can;

  • Accept it (decide we can live with it, or that we can’t do much about it anyway)
  • Reduce the risk (implement controls that reduce the potential harm of the event, or reduce the likelihood, or both)
  • Eliminate the risk completely (clearly, all things being equal, the most preferred option)

Take the example of school field trips and excursions as an example of an activity that carries some risk. At worst it may present a combination of circumstances that may end up with a fatality – it happens unfortunately. Because of this risk many school headmasters are minded to take the “most preferred option” of eliminating all risk associated with these activities …. by banning them. Is this the right thing to do or is it a disproportionate action? It’s a difficult call, but normally we have to find a way of getting on with our lives, doing things, but also finding ways of reducing our exposure to unnecessary risk. We can’t hide under the bed indefinitely. It might collapse on top of us and kill us

People’s perception of risk

The way that people view a risk is in turn affected by variables. There is, for example, the phenomenon of desensitization. That means that the more we are exposed to a risk without suffering harm, the less high we are likely to rate that risk. A good example of this might be the attitude of a dangerous driver. The more times he gets away with dangerous over-taking manoevres, the more cavalier his attitude to the inherent risk is likely to be. In this case the individual is underestimating the size of the risk by underestimating the “likelihood” side of the equation. Chances are he knows fine well that a head-on collision will do him no favours at all, he just believes it is unlikely to happen

Another thing that affects people’s attitude to risk is previous experience of or exposure to the harm. For example a person who has recently been bitten by a dog (or knows someone that has) is likely to see the event as more likely to occur than someone who has not. Maybe that’s where the old saying comes from …

In business terms we have to find a way to get things done and, as it is often very difficult to eliminate risk, it is usually inevitable that a certain amount of risk must be tolerated. It is difficult to quantify what “tolerable” actually is, however perhaps the best way to look at it might be to apply the old gambling adage

Never bet more than you can afford to lose


This clip actually provides a useful illustration on the concept of “desensitization” to risk. Despite the fact that the young lady comes within a second of being pulped, notice how quickly she recomposes herself and walks off as though this was the most normal of occurrences. If that had been me, I’d have been quivering on the platform for a good few minutes

This entry was posted in Risk & Assurance and tagged , . Bookmark the permalink.

6 Responses to What is “risk”?

  1. Mark Harbor says:

    Unfortunately Shaun, many people seem to use hazard (or consequence of hazard) and risk synonymously…even some of our safety specialists who should really know better.

    The HSE (Nuclear Safety Directorate) have produced a document called The Tolerability of Risk From Nuclear Power Stations (link: http://www.hse.gov.uk/nuclear/tolerability.pdf) that tries to shed a degree of common sense on the subject, but I’ve noticed that level, or rather perception of level of risk often varies with a particular inspector’s particular bug-bear.

    This is not something restricted to HSE inspectors of course…my MD in Consett wouldn’t consider Brake Presses, even when these were the most effective and efficient tool for the job, because he’d witnessed an accident in his past

    Seddon and his cohorts ‘dis’ risk assessment as a tool, and have recently cited the recent volcano dust problems as examples of why risk assessment is a less than useful tool

    A guy, Dave Snowden, a leading light in Knowledge Management, has started to highlight something called Power Distributions (see this blog > http://www.cognitive-edge.com/blogs/dave/2010/01/elephants_fleas_and_the_city_o.php) where the outlier events in the areas beyond the 6 Sigma point on Gaussian distribution start to become more likely (thus increasing the risk). His argument is that systems, particularly in what he calls the complex domain, need to be resilient (being able to handle the unlikely) rather than robust (that is designed to handle every eventuality).

    The problem I guess is that ‘tolerability’ of risk is a very subjective matter…I guess the guys involved in Chernobyl thought the risk was tolerable!

  2. admin says:

    Thanks for that thoughtful comment Mark and that great link. I am always amazed by people who cite an example of something done badly as an argument to invalidate the entire approach. No doubt if John Seddon came and took a look at my fence he would press for the abolition of all fences and similar boundary defining items


  3. admin says:

    Thanks for the link Rob

  4. selçuk aytimur says:

    This is a very good summary, Shaun.

  5. Shaun says:

    Thanks for the vote of approval Selcuk. I do my best

Leave a Reply

Your email address will not be published. Required fields are marked *