Risk Language

The report, authored by Donald Espersen, highlights the language of Risk and relays the importance of the following four key issues when communicating risk terms and processes:

• creating a language for everyone to understand – one that is simple;
• defining concepts clearly to avoid confusion;
• providing real world examples;
• using a glossary for reference.

Everyone in an organization has a role in risk management.  However, if no common definition of risk is established, then everyone is likely to manage risk based on their own concept and view of what constitutes “risks.”  Both those who are risk adverse and those who are risk seekers believe they are managing risks to acceptable levels.  An organization should not assume everyone is on the same page in regards to risk.  The article states “Several organizations have combined four of the words from this [Institute of Internal Auditor’s definition of risk] definition with simple and clear definitions to create their own risk language: 

• Objective: A goal or desired result.
• Event: What could go wrong?  This could be a threat or an accident.
• Impact: The possible level of consequence of the event (i.e., the ‘so what’ factor related to the event).  Impact factors can include dollar loss and reputation or brand damage.
• Likelihood or uncertainty: The chance that the event will happen.  Likelihood factors can include history, probability, trends and changes, vulnerability, and control effectiveness.”

By embracing the importance of a common language for risks, confusing risk terminology can be replaced with clear and simple risk terms and processes.

Original Article Source: “The Language of Risk,” by Donald Espersen, Internal Auditor, June 2007, pp. 69-73.