When we speak about risk we are often concerned with the negative consequences of an event in a particular context. The following list provides examples of events and some of their possible contexts (shown in italics):
- earthquake (city)
- a new drug in the market (patients, doctors, the pharmaceutical company)
- losing a tennis match (the player, the coach, the team)
- a terror act against a country
- a money laundering transaction (banks, country)
- loss of a senate seat (a senator or a party or the constituents)
- failure of a project (project team, the team leader, investors)
Notwithstanding many definitions for risk, we define risk as the expected value of the outcomes of an event in a context. This expected value normally is in terms loss of something. Risk of an earthquake in a city can be determined in the context of damages to properties and life; risk of a new drug for a pharmaceutical company is in terms of financial loss in case of negative side effects on patients; risk of losing a senate seat in an election in terms of expected loss of income or prestige if the context is the senator and in terms of expected political loss if the party (e.g., democrat or republican) is the context; and in the case of a project, say a carbon finance project, the expected economic loss in the event the emission reduction requirements are not met.
Broadly speaking, two elements contribute to occurrence of an event and thus to risk: weaknesses and threats. For example, risk of a terror act is influenced by a country’s open borders (i.e., its weaknesses) as well as the existence of terrorists (i.e., the threats). As another example, a tennis player’s weak backhand could lead to losing a tennis match but the same tennis player is less at risk against an opponent who doesn’t play to his backhand. In the latter case, while the weakness (i.e., weak backhand) remains the same, the level of threat is different.
To reduce the risk, we have to deal with the causes of weaknesses and threats. But we can also establish control mechanisms that reduce the chance of the occurrence of the event and take mitigating actions which deal with reducing the expected loss in case the event occurs. Thus, in analyzing risk, we develop a causal model that considers all the elements that influence risk: weaknesses, threats, control mechanisms, and mitigating actions. See figure 1 for a graphical representation.