The word risk connotes events that are uncertain, unpredictable, beyond the sphere of one’s control.
As found in the ISO/IEC Guide 73, risk is the combination of the probability of an event occurring and its consequences. For example the probability of loss of business due to competition or loss of an asset that affects business continuity and so on.
Frank H. Knight was co-chair of the department of economics at the University of Chicago from the 1920s to the late 1940s. In his classic book published in 1921, Risk, Uncertainty and Profit, he distinguished between risk and uncertainty. Risk, he argued, was a randomness — as in a game of roulette — whose probability could be determined. Uncertainty implied unknown and perhaps unknowable probabilities. Will we be invaded by extra-terrestrial beings in the next 100 years? Will human cloning be commonplace in a generation? Those are uncertainties.
Generally people tend to associate the word risk with negative consequences. On the contrary, risk denotes and can result in both positive and negative outcomes. Risk can sometimes be pure risks (negative) — where the only possibility to be considered is that of loss — and speculative risk (positive / opportunities) — where there is a possibility of gain as well as loss. From a business perspective, these distinctions are rarely useful since running a business (and all the risks that are involved) are speculative risks. Whether in our personal lives or in business activities we are knowingly or unknowingly taking decisions to either prevent or lessen the effect of risk events from happening.
Everyone must have heard of the adage – “no risk – no reward”, there is no business endeavour that can be started with a pure zero risk rating. Businesses are set up and continue to flourish where its management perceives “risk” as a positive “opportunity” that could provide benefits or rewards. Good Leadership can create wealth in times of uncertainty if they are able to spot risks that can be converted into opportunities and capitalize on them.
No one can stop taking risks – however businesses have to take risks those that they do take should play to their strengths. Writing down answers to questions like – what is the worst that could happen if I pursue this opportunity? How much will I lose? How long will I have to payout to ultimately reap the benefits? (Basically you are assessing your own unique risk appetite and this varies across individuals, businesses, organizations, etc.)
The risk examples are endless, but just to name a few –
A team responsible for developing new markets or introducing new products can be easily overtaken by a competitor or new technologies can render them useless if they do not act on time. Here the opportunity for increased revenue and new markets can be lost if the internal risks (let us say – information leak through employees, or bad project management) or external risks such as evaluation of legal risks in the new market are not satisfactorily done.
Highly sensitive bids or tenders for a contract or project if not completed and submitted on time can result in a lost opportunity leading to loss of potential revenue for the business.
Risks related to logistics disruptions (such as a hurricane or storm delaying shipment from vendors) if not tracked and monitored can affect delivery of raw materials on time for manufacture and this can have a cascading effect on delayed manufacture / delivery to customers leading to customer dissatisfaction or even cancelled orders.
Key persons leaving the company during critical project execution stage or poached by competition could leave the enterprise struggling to find replacements that can come up to speed.
Not having a proper disaster recovery plan for your information systems can have serious consequences and pose a threat for your continued uninterrupted business operations.
There was an organization that believed, that in all circumstances, all its staff were loyal and trustworthy and nothing untoward would happen because of the employee workforce. This was a costly presumption to make, since the same organization was faced with a situation of a massive financial fraud committed by one of its employees that left it gasping for funds. It paid the hard way because of its failure to identify pro-actively the process related risks and failure to put in adequate internal controls for mitigation.
In summary, why should you be aware of risks and tackle them in the most appropriate time and manner? Just because there is no risk that has happened so far, does not necessarily mean it wont happen now or soon or sometime later.