What is your definition of risk? Ask this question and you will likely get a myriad of different answers. However, effective risk management within organizations requires collaboration and coordination. Things are much easier when everyone has a clear and shared understanding of risk.

Various definitions are proposed by standard-setting bodies and professional associations that develop guidance for risk management. These definitions continue to evolve. They are refined over time, through additional research and consultations. These efforts must be encouraged.

At first glance however, the various definitions of risk may appear confusing. On the other hand, they provide a range of perspectives that help understand the many facets of risk. For instance, risk is often defined in relation to objectives, uncertainties, events, effects and outcomes.

• Objectives – Risks need to be identified in relation to objectives. This approach is known as an objective-centric perspective. Focusing on “objectives” to achieve (i.e. goals, strategies and related objectives) is fundamental for relevant and meaningful risk management. Effective risk management targets the most significant risks that can impede the achievement of objectives.

• Uncertainties – Conceptually, there is no risk if there is certainty. Such circumstances involve very predictable issues or challenges that can be addressed with well-adapted and proven solutions. In such cases, there is in fact very little or no risk. Just issues or challenges to address, and solutions to implement. Accordingly, risks are present only when there is uncertainty.

• Events – Some events happen quickly while others are trends or changing conditions that evolve over time. For example, a flood in the basement of a building is an event that happens quickly, while a deterioration of foundations takes place over many years. Similarly, the effect of a competing product sold on the Internet can have immediate effects on sales, while the growing importance of e-commerce is a trend that evolved over many years.

• Effects and outcomes – Uncertainties and events are relevant for risk management only to the extent that they have an effect on the achievement of objectives. The effects and their outcomes may be desirable or undesirable. Some risks such as investing can result in a positive or negative outcome, while others such as accidents only result in a negative outcome.

A definition of risk should be clear and easy to remember. It should also be consistent with guidelines and best practices for risk management. Evidently, a definition of risk needs to explain the nature of risk, and leave no doubt on the importance of managing risks. Because of the undeniable link between risk and reward, and the imperative for organizations to perform and achieve results, there is also a clear benefit to incorporate these notions in a definition of risk. Moreover, it is also understood that risks should be identified in relation to what an organization is trying to achieve. For all of these reasons, the following definitions are proposed in my book on enterprise risk management:

RISKS – Risks are uncertainties that can affect organizational performance and results, including the achievement of goals, strategies and objectives.

UNCERTAINTIES – Uncertainties are events that may occur, including trends or conditions that may change, which can impact organizations positively or negatively.

The first definition links the notion of risk with performance, results and objectives. This linkage is critical given the importance of integrating risk management with planning and performance management. The second definition outlines how uncertainties originate, and their positive or negative consequences. But most importantly, these definitions are relatively easy to understand and remember, and they leave no doubt on the importance of managing risks.