by David Hillson

Misconceptions about risk

Risk Management

Misconceptions about risk
Misconceptions about risk

We all know that risk management is supposed to manage risks. But people have very different understandings when they use the word. Unfortunately most people ignore official definitions when they manage risk in practice and instead rely on their own ideas, reducing the effectiveness of the risk process from delivering the full range of potential value.

One common misconception about risk is that it refers only to uncertain events that might occur in the future, and which would affect the achievement of objectives if they did occur. The limitation has partly arisen from the use by some of the term "risk event" as shorthand for all types of risk, leading the majority of risk practitioners to think only of uncertain future events when they identify risks in their projects or business. Of course risk does include uncertain future events (we might call this stochastic uncertainty), but the risk process must also address other kinds of risk. What are they?

Starting with the idea that risk is "uncertainty that matters", we can ask what uncertainties might matter. There are several types in addition to uncertain future events. Using alternative words to describe different types of uncertainty can help us to find them.

We should consider three main non-event types of uncertainty as part of our risk process:

1.            First is variability, where there is uncertainty about some key characteristics of a planned event or activity or decision. For example, we plan to conduct a test of some new equipment but we are uncertain about how long the test will take. Risk specialists sometimes call this aleatoric uncertainty, where a range of outcomes are possible but we're not sure which one might actually happen.

2.            Secondly, ambiguity exists where we are uncertain about what might happen, if anything. For example, we intend to launch a new product into a competitive marketplace - how will competitors and potential customers react? Another name for ambiguity is epistemic uncertainty, arising from imperfect knowledge.

3.            A third type is usually called unknown unknowns, although a better name would be unknowable unknowns (and their proper name is ontological uncertainty). These arise from limitations in our conceptual frameworks or world-view. They are the risks we do not see because we don't know that we should be looking for them.

Risk practitioners will probably need to explain these technical terms carefully if we want to use them with our colleagues! But as risk specialists we ourselves need to be aware that these non-event types of uncertainty exist and could be relevant. Whichever terms we use to describe risk, it is important for the risk concept to be extended beyond uncertain future events, and for the risk process to include techniques to identify, assess and respond to all types of "uncertainty that matters". Only then will we unlock the full value that risk management offers, using it to manage every kind of risk and not limiting ourselves just to uncertain future events.

For more info:


comments powered by Disqus


This edition

Issue 29


TPM_Editor “Technology is an exciting and rewarding career,” states Lorraine Steyn firmly. 14 days - reply - retweet - favorite

TPM_Editor Last chance to register for the SMME Opportunity Roadshow! 23 days - reply - retweet - favorite

TPM_Editor Coaching your team to thrive under pressure 27 days - reply - retweet - favorite

  • Bareng Geoffrey Mogorosi
  • Lucky Kgoete
  • Coba Van Rooyen
  • Janine Williams