Definition of Risk

I was always happy with the accepted way that risk was defined. That being the combination of the probability that something would happen, combined with the severity of its impact, or variations on that theme with slightly different wording. OHSAS 18001:2007, for example, defines risk as “the combination of the likelihood of an occurrence of a hazardous event or exposure(s) and the severity of injury or ill health that can be caused by the event or exposure(s)”. The reason I like that definition is mainly because it is easy to understand and you can actually do something practical with it. It means that you could plot risk on an x-y axis, and look at ways at treating the risk by looking for ways to move it down either axis, or preferably both.

The recent definition of risk that I have seen being thrown about (i.e. “the effect of uncertainty”) has me baffled. I first came across it in the CD for ISO 9001:2015, but it has its origins, apparently, in ISO 31000. I’ve tried to analyse the definition and understand the rationale. Maybe I just wasn’t getting something? Anyway, I thought I’d jot down the results of my own analysis (I still don’t get it, by the way)

My first issue with defining risk as “the effect of uncertainty” is that the effects of uncertainty are nearly always behavioural. Most often it could be fear or caution. Now if the risk is the effect of uncertainty, and the effect of uncertainty is fear, that means fear is risk. Now that’s not right is it? Fear is a reaction to the risk, not the risk itself. That said, you can actually reduce the fear by reducing the likelihood or impact of the event, but again the reduction in the fear would be a consequence of the action taken, you are not actually treating the “risk” (i.e the fear under this definition). The other anomaly I believe exists in this definition is that if we are to actually treat the risk (i.e the behavioural consequence of uncertainty, be that fear or caution or whatever) we could actually reduce the effects by the administration of sedative drugs, alcohol, a nap in a quiet room or a spot of counselling. Again, can that be right?

So, basically, risk just cannot be defined as the effect of uncertainty. Not only is it impractical (as you would be able to reduce “the risk” just by getting folk to calm down a bit somehow) but it inexplicably messes about with something that actually works very well.  I’d be interested to hear any other perspectives on this because, as it stands, I am just not getting this at all.

This entry was posted in ISO 9000, Risk & Assurance and tagged , , , , , . Bookmark the permalink.

6 Responses to Definition of Risk

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.