top of page

What’s in a name called risk? – (frankly dear I really don’t give a damn) – Part 1

Key message: a clear, common language reduces critical communication risks

Courtesy of Tenor

Frankly dear I do give a damn…… In this article and the one to follow I am going to challenge the fundamentals of the definitions/language provided as guidance for the risk profession.

I have been working in Asia for quite a few years and what strikes me the most about this work is the variety of languages and dialects spoken. Each language has its own nuances and slang attached to it. So when we operate in the professional world and communicate business to business nothing frustrates me more than not being able to speak the same language.

So to overcome this we introduce ISO type standards complete with their comprehensive glossary of terms….well almost comprehensive. Dealing in the risk space is challenging in itself, but when the very documents used to assist and standardise approaches and languages increases these challenges, it is not helpful. Thankfully the ISO 31000 standard and its companion document Vocab 73 are not compliance standards. This standard is produced as guidance only and therefore as risk professionals we should use and adapt the language to suit the context and not be blinded by the definitions and be compelled to use them verbatim. But that is the tendency, by many professionals. As the definitions are enshrined in an ISO standard, who are we to challenge them?

I for one do challenge at least one of the definitions embodied in these risk standards and the term is the most basic – the definition of a risk. Let me remind you of the definition presented – “the effect of uncertainty on objectives” where the effect can be positive or negative. Here in lies the challenge in my opinion. If you look up even the most rudimentary English dictionary or even Wikipedia then the words that pop out clearly point, when you search for the term “Risk”, to a negative event or potential loss. Yet, the ISO want us to convert this very natural and automatic perception to mean either a loss or a gain. My experience has been that it is hard for people who speak English as a second language to comprehend what we as native speakers take for granted. How can we expect them to understand English and in turn the language of risk when we add another layer of complexity?

In the consulting work I have been involved in I have tried to wean myself away from the definition as presented in the ISO standard and use the following – A risk is both a threat and opportunity. Threats are the negative effect of uncertainty on objectives. Opportunities are the positive effect of uncertainty on objectives. Thus I have moved away from talking about risk as such and now clearly refer to potential events as either Threats or Opportunities. This aligns better with the more commonly used and understood SWOT Analysis.

So now I have coined the term Threat & Opportunity Management (TOM) rather than Risk Management. In this way I have made it decidedly easier for those non English speaking individuals to embrace the true essence of the meaning of risk as originally defined in the standard.

14 views0 comments

Recent Posts

See All


bottom of page