Risk: Definitions, Perceptions and the Considerable Variations and Combinations Across Time, Professions, Context and Disciplines
Ridley Tony
Experienced Leader in Risk, Security, Resilience, Safety, and Management Sciences | PhD Candidate, Researcher and Scholar
You say 'risk', I say 'risk'. The probability that we are both talking about the same thing now, yesterday or sometime in the future remains very remote. Now extrapolate that across a group, profession, community and country.
In short, 'risk' does not mean what you think it means, and it doesn't mean what the person you are speaking with right now thinks it means.
"Risk" is contextual, the product of culture and societal influences, in addition to being routinely personally or professional constructed (modified, debated and updated), yet never static in application or usage over time or across groups.
So, which risk definition do you use? Moreover, those that express or explore derivatives such as risk perception, risk culture, risk frameworks, risk management, organisational risk, operational risk, enterprise risk, security risk, safety risk...what do they mean?
It remains highly improbable (and confirmed) that they aren't speaking about or referencing the same thing.
Further distorting narratives, comprehension or daily discourse associated, about or representative of 'risk'.
Popular tv legal speak might call your current view on risk as "fruit of the poisonous tree", or something catchy like that. Economists might categorise this as an 'information cascade'. Psychologists and philosophers might remind us of the inevitable, divergent aspects of hermeneutics or fallacies associated with constructionist theories. Statisticians might include this as a 'dependent variable'. Lexicographers and etymologists would no doubt remind us the word risk is derived from ancient French and Italian language or lingua franca / corpus linguistics. Whereas risk sciences will likely agree with all views and offerings, because that is the nature of studying and applying 'risk' in a practical setting or real-world environment. Sociologies, criminologists and anthropologists would likely support the objective view(s), based on versions of grounded theory and hypothesis testing. However, standards, auditors and many 'risk frameworks' simply make up their own definition and demand the world comply. Ironic, to say the least. Moreover, these fabricated definitions are not found in any dictionaries.
So, the question is...which definition do you use? How is risk therefore perceived by you and that of others? Wicked question, for a truly wicked problem.
Your 'risk' words and language are your windows to the world. That is, they define, inform, guide, obscure, blind and filter your vision in varying ways, at all times, as you navigate the real world.
In other words, risk vocabulary and definitions influence how you view the world as it is, including risk, threats, harms, dangers and hazards.
It is therefore essential we understand our own views and how enabling or restrictive they may be in context to others and the things happening around us.
Risk definitions should be at the top of the list of any risk professional, risk academic and risk scientist. Because it influences how we see 'risk', which alters?everything?from this point forward
Culture within organisations, communities and individuals remains a complex construct. Safety, security, risk and resilience cultures are both distinctly unique but influence, interact and change differently, further compounding the notion of a neat, singular view of what culture is or isn't.
Moreover, each of these cultural dimensions comprises multiple factors, each represented, visible, concealed and expressed in varying ways.
Again, confounding a single statement or assumption that 'culture is....'.
Teams, individuals and organisations love to leap to the 'treatment' of risk.
That is, any-and-all risk(s) seemingly have a solution to lower, mitigate, transfer or generally solve.
Treatments abound and great emphasis, decision and investment is made on the strength of these new found health, wellness and resilience prescriptions, based on the revised risk rating.
However, how much rigour and analysis (including empirical/positivist evidence) underpins these treatment medications, including how they might interact with the host, collectively or in doses not consistent with 'safe' levels of consumption?
Much is said and even more relied upon when it comes to 'situational awareness, yet little is offered or measured when it comes to consistent application or units of analysis.
That is, just what are you being 'aware of' in any given situation, what modifies your view, response or efficacy, and how can you compare your approach to that of others?
In other words,?situational awareness?is not merely a process of looking around, asking questions, thinking deeply about a problem or reading/researching widely.
Risk management policy is influenced by organisational and individual doctrine.
That is, organisational and individual ideology shapes both policy and framing of 'risk', inclusive of how it is 'managed'.
However, few organisations and entry-level risk practitioners adequately understand or disclose doctrinal variance or alternatives, including the likely counterpart for each dominate doctrinal approach.
More problematic is that of risk management policy which is created over many years, via many stakeholders and varying leadership.
In other words, current risk management policy may be the product of many varied and past doctrinal influences and ideology.
Risk is neither consistently understood nor perceived from person-to-person, let alone across cultures, industries or vocations.
That is,?risk cognition?(the mental action or process of acquiring knowledge and understanding through thought, experience, and the sense) remains highly variable, subject to change and influenced by numerous internal and external stimuli.
Moreover, how information is received, which leads to knowledge, fundamentally shapes and creates risk in the minds of individuals and culture of organisations.
As a result, the process remains inherently unique, unless consistent, structures and discipline is applied to risk cognition, long before assessment or management event make an appearance.
Risk?as an expression is an explosion of variable definitions, understanding, disciplines and comprehension.
Notwithstanding,?risk?as a concept, varies across cultures, time, memory and how it is perceived.
As a result, basic consideration and understanding of risk variables are required by individuals, organisations and governments.
That is, no two risks are directly comparable unless units of analysis, methodology and scales of construction are adequately applied and disclosed.?Including?the people interviewed, affected, conducting the analysis or for whom the assessment was created for in the first instance.
Expressions of risk, resilience and guidance on urgent business actions such as crisis are routinely dearth of specific organisational contexts or characteristics.
That is, risk and resilience are not neutral nor universal across all types of organisations and typologies meaning that crisis or any other extra ordinary ‘call to action’ must be planned, considered and actioned within the context in which the organisation exists.
Moreover, threats and crisis that impact multiple organisations, industries and geographies must also consider a multitude of organisational constructs, typologies and characteristics too.
Distinctions between?safety?and?security?remain blurred, overlap or indiscernible in practice for most laypeople and professionals alike.
That is, what we mean and that which we practice influences both?safety?and?security.
Therefore, how do we effectively seperate and address safety or security independently or collectively?
领英推荐
Perhaps an effective means for determining distinctions and that of relevance is to segment systems, environment and malicious versus accidental intent. SEMA offers the basic framework for the beginnings of such constructs.
Risk is rarely neutral, meaning that people, communities and society influence just how minimal or great a?risk?issue is to them, their lives and their immediate surroundings.
As a result, small risks can become significantly greater than the reality or scale of harm due to the fear, uncertainty, emotion, awareness or media coverage afforded anyone one issue that may/may not represent a threat/harm to individuals or groups.
Shark attacks and cigarette smoking are perfect examples.
So too are terrorist attacks and heart disease.
There is no one definition nor standard for either?risk?or?stakeholder.
Therefore, both risk and stakeholder are prone to highly subjective units of analysis leading to variable scales of prioritisation.
So what risk do you communicate and to whom?
Perhaps a more effective start point for individuals and organisations is that of audience and topic characteristics.
To apply security and/or risk management in isolation without understanding or consideration of the broader socio-technical system/s, is to fail.
That is, what practitioners, professional, organisations and governments believe to be either security and/or risk management is but a snapshot in time and practice of the broader issues of integration, overlap, conflict, evolution and tension between cultural, sociological, economic, political, scientific and legal systems.
In other words, disparate elements of socio-technical systems are in a constant state of evolution, decay and variance which confounds models, consistency or static approaches to security and/or risk management, inclusive of safety.
Have you stopped to consider exactly how 'security' comes to be what you practice, see, experience or expect at any given moment?
That is, what specific events, influence/s and action/s occur that influence the development and forming of security that informs or guides security within commercial, private or governmental operational systems?
Safety science has long considered systems thinking and socio-technical interactions informing safety culture, practices, beliefs, standards and processes. Especially in hierarchical societies and jurisdictions.
Individual, group and community orientation have immeasurable influence on views, perspectives and consideration of matters related to risk.
Especially pre-management factors such as threat, hazards and harm.
That is, your own personal ideology, that of the group or the community/organisation in which you evaluate 'risk' influences, distorts and frames not only your thinking but the way you approach risk.
This includes risk awareness, risk identification, risk analysis, risk assessment which all influence the management of risk in many and varied ways.
Risk and how it is perceived is unevenly distributed across communities, professions and disciplines. Moreover, risk is not only socially constructed but also socially influenced, including amplification.
As a result, a broad classification of what risk means to various stakeholders is required as a basic foundational understanding.
In other words, if you don't have a sense or view of how risk may vary across individuals and groups, you really don't have an adequate understanding of risk within organisations or society.
In particular, insurance, health, environmental protection, safety engineering, decision-making (psychology and economics) and policy makers/governments all have varying perspectives and competing priorities when it comes to the management, messaging and understanding of risk. Moreover, this varies yet again from geography-to-geography and culture-to-culture.
Fear, safety, security and risk have been ever increasing topics associated with modern life.
But is this a modern concern or result of modern technology, life and threats?
Thanks to modern technology (ironically), large volumes of historical text and books have been converted to digital format.
As a result, key word scans for topics, themes and variance over years, decades and even centuries are now possible, for the first time in human history.
Postmodernity publications and written word has grown exponentially, with blogs, magazines, books and other media producing content and data at a staggering rate, each passing minute.
Focusing on safety, security and risk, it is evident from published works that the past few decades has seen exponential growth and emphasis on these core themes and topics
If one starts with the acknowledgement and understanding that everyday expressions such as?risk,?safety?and?security?have many different meanings, including often sharing the same meaning, whilst simultaneously meaning the opposite... we all might have a better understanding of the constant confusion, conflict and need for clarity when discussing such matters.
Confused...good!
In other words, when you say or write risk, safety and security, not only is there more than one valid or legitimate meaning for the term, but more than one person will interpret one or more of the alternate definitions resulting in divergent, overlapping and confusing context or understanding.
In sum, risk defies universal definition and consistency in usage, expression and representation.
That is, the word risk varies considerably from one discussion, cohort and context to the next, even within the same profession(s).
Therefore, practitioners, researchers, professionals and academics must constantly question... what do you/they 'mean' when they say 'risk', here, right now? Because it is almost always different.
As a result, measurement and comparison of risk, especially perception, culture, management and treatment, vary considerably in alignment to any one or more definitions or concepts related to 'risk'.
Which definition do you use? How do you perceive risk? How do those around you perceive, process, express and converse on topics or matters related to risk?
Let alone their own proximity to threats, harm, hazards or perils...which all form the basis of 'risk', and remain highly variable and contextual in their own right.
References:
Risk: Analysis, perception and management(1992) Report of a Royal Society Study Group, The Royal Society, p.95
Vlek, C., & Keren, G. (1991, August). Behavioural decision theory and environmental risk management: What have we learned and what has been neglected. In Proceedings of the 13th Research Conference on Subjective Probability, Utility and Decision Making. Fribourg, Switzerland.
Administration, Security & General Service Management
2 年Very well articulated writing. Thanks sir
Independent Consultant at Self-Employed
2 年you should raise those questions to the client. the sole guide in determining risks is the client's perception of what are the risks to her/his enterprise. using client's feedback as benchmark, a risk management "expert" has to work out with the client in identifying other potential risks.
Risk | Resilience | Assurance | Governance
2 年I once joined an organisation and asked the person in charge of risk what definitions and terminology they used. I got a blank look, they said “the usual ones” and sent me a copy-and-paste from the Wikipedia page on risk.
GM ValiCor UA | H.E.A.T. UA - Emotion Intellect | Board Member ValiCor US | Risk/Crises Management | Corporate Security PRO | UA Military and Iraq Veteran | Author's model of Convergent Security | Security What's Matters
2 年Risk is like the weather. In the morning, there was no sign of a downpour. But if you are a security pro, by the signs of nature, even in the evening at sunset, you can predict rainy weather with a high probability. And if you pay attention to details, such changes in the probability of the risk of rain can be predicted in advance. Everything is simple...
Intresting how many times the word 'undesired' comes up when risk can have just as many or in fact more positive outcomes if managed effectively. I agree your point, so important to listen and agree a definition of risk when working with others. Risk while contextual is also subjective unless defined and agreed at which point it becomes far more objective.