Risk is a possibility of negative impact happening, and an unknown event or a situation of uncertainty. According to ISO 9000, risk is the “effect of uncertainty on an expected result” and an effect is a positive or negative deviation from what is expected. The following two paragraphs will explain what this means. This definition recognizes that all of us operate in an uncertain world. Whenever we try to achieve something, there’s always the chance that things will not go according to plan. Sometimes we get positive results and sometimes we get negative results and occasionally we get both. Because of this, we need to reduce uncertainty as much as possible. Uncertainty (or lack of certainty) is a state or condition that involves a deficiency of information and leads to inadequate or incomplete knowledge or understanding. In the context of risk management, uncertainty exists whenever the knowledge or understanding of an event, consequence, or likelihood is inadequate or incomplete. While this definition argues that risk can be positive as well as negative, a note acknowledges that "the term risk is sometimes used when there is only the possibility of negative consequences".
Risk Management is a work process to eliminate or minimise potential impact such as loss money or extend schedule or less performance caused by a risk. A work process is a risk identification, assessment and analysis (probability and impact), treatment classification (risk response), prioritisation, reporting, monitoring and controlling. A method of risk treatment classification (hedging) is an Avoidance (not to take: High probability and high impact); a Transfer (Financing, Insurance: Low probability and high impact); a Mitigation (Sharing, Contingency provision: High probability and low impact), and an Acceptance (Taking, Retention, and Unidentified Risk: Low probability and low impact). A Risk Hedging is an activity, to reduce the risk. (Refer to Risk Management)
Risk Assessment is a work process of an analysis and examining the risk items in terms of probability and their consequences and impacts. A Risk Analysis is a part of a Risk Assessment work process
Risk Classification is a risk treatment work process by an occurrence and impact. Classified as a Risk Avoidance (High probability and high impact), an Acceptance (Taking, Retention, and Unidentified Risk, Low probability and low impact), a Mitigation (Sharing, Contingency provision, High probability and low impact), and a Risk Transfer (Financing or Insurance, Low probability and high impact). A Risk Response refers to a Risk Classification
B. Risk Classification (Risk Response)
Risk Avoidance means that a risk of business or project or activity is not taken. The Avoidance risk is a high probability of occurrence and high impact event.
Risk Acceptance means a taking risk with a possible opportunity. A probability of occurrence of an acceptance risk is a low and an impact is low too.
- A Risk Resilience is an ability to accommodate risk.
- A Risk Retention means that the risk is classified as a risk acceptance after a risk management work process is performed. (Refer to a Self Insurance)
- A Risk Assumption is to take a minor risk.
- A Residual Risk is an unidentified Risk after a risk management plan is initially set-up.
Risk Mitigation is to reduce of a risk impact, a loss money or extend schedule or less performance. The risk an occurrence is a high probability and impact is low.
- A Risk Sharing is a risk management method (Risk Mitigation), share a risk with partner.
- A Risk Diversification is a risk allocation to all participants.
- A Risk Reduction refers to a Risk Mitigation
Risk Transfer is a risk management and control strategy that involves the contractual shifting of a risk from one party to another by purchasing insurance or transferring contractual liability.
- A Risk Financing is a contingency arrangement, provisional risk money.
C. Other Definition
Risk Register is a risk or opportunity management tool used by the project manager and project personnel that provides a means of recording and quantifying the identified risks and opportunities.
Risk Report is a summarise identified risks, assessment and analysis results, treatment classifications and an action plan for a management approval.
Risk Based Thinking refers to a coordinated set of activities and methods that organisations use to manage and control the many risks that affect its ability to achieve objectives. Risk based thinking replaces what the old standard used to call preventive action. Whilst risk based thinking is now an essential part of the new standard, it does not actually expect you to implement a formal risk management process nor does it expect you to document your organisation’s risk based approach. (Source: ISO)
ISO 31000 Risk Management: Risks affecting organizations can have consequences in terms of economic performance and professional reputation, as well as environmental, safety and societal outcomes. Therefore, managing risk effectively helps organizations to perform well in an environment full of uncertainty. ISO 31000:2009, Risk management – Principles and guidelines, provides principles, framework and a process for managing risk. It can be used by any organization regardless of its size, activity or sector
To be developed continuously...including guideline, template and standard formats