Risk: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 09:46, 19 June 2024 edit Mwernicke (talk \| contribs) 1 edit →International Organization for Standardization: https://www.iso.org/standard/44651.html ← Previous edit		Latest revision as of 19:19, 15 October 2024 edit undo MrOllie (talk \| contribs) Extended confirmed users, Pending changes reviewers, Rollbackers 231,129 edits Restored revision 1245323554 by Remsense (talk): Rv selfpub book Tags: Twinkle Undo
(23 intermediate revisions by 16 users not shown)
Line 1: {{~~short~~Short description\|~~The possibility~~Possibility of something bad happening}} {{Other uses}} [[File:3 Alarm Building Fire.jpg\|thumb\|upright=1.35\|[[Firefighter]]s are exposed to risks of [[fire]] and building collapse during their work.]] In simple terms, '''risk''' is the possibility of something bad happening.<ref name="Cambridge">{{Cite web\|url=https://dictionary.cambridge.org/dictionary/english/risk\|title=Risk\|website=Cambridge Dictionary}}</ref> Risk involves [[uncertainty]] about the effects/implications of an activity with respect to something that humans value (such as health, well-being, wealth, property or the environment), often focusing on negative, undesirable consequences.<ref name="SRA2018">{{cite web \|title=Glossary \|url=https://www.sra.org/sites/default/files/pdf/SRA%20Glossary%20-%20FINAL.pdf \|publisher=Society for Risk Analysis \|access-date=13 April 2020}}</ref> Many different definitions have been proposed. ~~The~~One [[ISO standard\|international standard]] definition of risk ~~for common understanding~~is ~~in different applications is~~the "effect of uncertainty on objectives".<ref name="~~ISOGuide73~~ISO 31073">{{~~Cite~~cite ISO standard ~~web~~\|url=https://www.iso.org/obp/ui/en/#iso:std:iso:~~guide:73~~31073:ed-1:v1:en\|title=~~Guide~~ISO 7331073:~~2009~~2022 — Risk ~~Management~~management -— Vocabulary~~\|website=ISO~~}}</ref> The understanding of risk, the methods of assessment and management, the descriptions of risk and even the definitions of risk differ in different practice areas ([[business]], [[economics]], [[Environmental science\|environment]], [[finance]], [[information technology]], [[health]], [[insurance]], [[safety]], [[security]] etc). This article provides links to more detailed articles on these areas. The international standard for risk management, [[ISO 31000]], provides principles and general guidelines on managing risks faced by [[Organization\|organizations]].<ref name ="ISO31000">{{Cite web\|url=https://www.iso.org/obp/ui/#iso:std:iso:31000:ed-2:v1:en\|title=ISO 31000:2018 Risk Management - Guidelines\|website=ISO}}</ref> == Definitions of risk == Line 16: The [[Cambridge Advanced Learner's Dictionary]] gives a simple summary, defining risk as "the possibility of something bad happening".<ref name="Cambridge"/> === International Organization for Standardization ===<!--- This section should be updated to present ISO 31000--> The [[International Organization for Standardization]] (ISO) ~~Guide 73 (withdrawn)~~31073 provides basic vocabulary to develop common understanding on risk management concepts and terms across different applications. ISO ~~Guide 73:2009 (withdrawn)~~31073 defines risk as:<ref>{{cite ISO standard \|url=https://www.iso.org/obp/ui/en/#iso:std:iso:31073:ed-1:v1:en:term:3.1.1 \|title=ISO 31073:2022 — Risk management — Vocabulary — risk}}</ref> <blockquote>effect of uncertainty<ref><blockquote>state, oneven ~~objectives~~partial, of deficiency of information related to understanding or knowledge ~~Note 1: An effect is a deviation from the expected – positive or negative.~~ Note 1: In some cases, uncertainty can be related to the organization’s context as well as to its objectives. Note 2: Objectives can have different aspects (such as financial, health and safety, and environmental goals) and can apply at different levels (such as strategic, organization-wide, project, product and process).▼ Note 2: Uncertainty is the root source of risk, namely any kind of “deficiency of information” that matters in relation to objectives (and objectives, in turn, relate to all relevant interested parties’ needs and expectations). ~~Note 3: Risk is often characterized by reference to potential events and consequences or a combination of these.~~ </blockquote>{{cite ISO standard \|url=https://www.iso.org/obp/ui/en/#iso:std:iso:31073:ed-1:v1:en:term:3.1.3 \|title=ISO 31073:2022 — Risk management — Vocabulary — uncertainty}}</ref> on objectives<ref><blockquote>result to be achieved Note 1: An objective can be strategic, tactical or operational. ~~Note 4: Risk is often expressed in terms of a combination of the consequences of an event (including changes in circumstances) and the associated likelihood of occurrence.~~ ▲Note 2: Objectives can ~~have~~relate to different ~~aspects~~disciplines (such as financial, health and safety, and environmental goals) and can apply at different levels (such as strategic, organization-wide, project, product and process). ~~Note 5: Uncertainty is the state, even partial, of deficiency of information related to, understanding or knowledge of, an event, its consequence, or likelihood.<ref name="ISOGuide73"/></blockquote>~~ Note 3: An objective can be expressed in other ways, e.g. as an intended outcome, a purpose, an operational criterion, as a management system objective, or by the use of other words with similar meaning (e.g. aim, goal, target). This definition was developed by an international committee representing over 30 countries and is based on the input of several thousand subject-matter experts. It was first adopted in 2002. Its complexity reflects the difficulty of satisfying fields that use the term risk, in different ways. Some restrict the term to negative impacts ("downside risks"), while others also include positive impacts ("upside risks").▼ </blockquote>{{cite ISO standard \|url=https://www.iso.org/obp/ui/en/#iso:std:iso:31073:ed-1:v1:en:term:3.1.2 \|title=ISO 31073:2022 — Risk management — Vocabulary — objective}}</ref> Note 1: An effect is a deviation from the expected. It can be positive, negative or both, and can address, create or result in opportunities and [[threat (security)\|threats]].<ref><blockquote>potential source of danger, harm, or other undesirable outcome Note 1: A threat is a negative situation in which loss is likely and over which one has relatively little control. Note 2: A threat to one party may pose an opportunity to another.</blockquote>{{cite ISO standard \|url=https://www.iso.org/obp/ui/en/#iso:std:iso:31073:ed-1:v1:en:term:3.3.13 \|title=ISO 31073:2022 — Risk management — Vocabulary — threat}}</ref> Note 2: Objectives can have different aspects and categories, and can be applied at different levels. Note 3: Risk is usually expressed in terms of risk sources, potential events, their consequences and their likelihood.</blockquote> ▲This definition was developed by an international committee representing over 30 countries and is based on the input of several thousand subject-matter experts. It was first adopted in 2002 for use in standards.<ref>{{cite ISO standard \|csnumber=34998 \|title=ISO/IEC Guide 73:2002 — Risk management — Vocabulary — Guidelines}}</ref> Its complexity reflects the difficulty of satisfying fields that use the term risk, in different ways. Some restrict the term to negative impacts ("downside risks"), while others also include positive impacts ("upside risks"). [[ISO 31000]]:2018 "Risk management — Guidelines" uses the same definition with a simpler set of notes.<ref name ="ISO31000">{{Cite web\|url=https://www.iso.org/obp/ui/#iso:std:iso:31000:ed-2:v1:en\|title=ISO 31000:2018 Risk Management - Guidelines\|website=ISO}}</ref> === Other === Line 44 ⟶ 55: "Measurable uncertainty". This definition comes from Knight's "Risk, Uncertainty and Profit" (1921).<ref>{{cite book \|last1=Knight \|first1=Frank \|title=Risk, Uncertainty and Profit \|url=https://archive.org/details/riskuncertaintyp00knig \|date=1921\|publisher=Boston, New York, Houghton Mifflin Company }}</ref> It allows "risk" to be used equally for positive and negative outcomes. In insurance, risk involves situations with unknown outcomes but known probability distributions.<ref>{{cite journal \|last1=Masci \|first1=Pietro \|title=The History of Insurance: Risk, Uncertainty and Entrepreneurship \|journal=Journal of the Washington Institute of China Studies \|date=Spring 2011 \|volume=5 \|issue=3 \|pages=25–68 \|url=https://www.bpastudies.org/bpastudies/article/view/153/296 \|access-date=13 April 2020}}</ref> "Volatility of return". Equivalence between risk and variance of return was first identified in Markovitz's "Portfolio Selection" (1952).<ref>{{cite journal \|last1=Markovitz \|first1=H. \|title=Portfolio Selection \|journal=The Journal of Finance \|date=March 1952 \|volume=7 \|issue=1 \|pages=77–91}}</ref> In finance, volatility of return is often equated to risk.<ref name = "Hubbard">{{cite book\|first=Douglas\|last=Hubbard\|title=The Failure of Risk Management: Why It's Broken and How to Fix It \|publisher=John Wiley & Sons \|date=4 Mar 2020 \|isbn=9781119522034}}</ref> "Statistically expected loss". The [[expected value]] of loss was used to define risk by Wald (1939) in what is now known as [[decision theory]].<ref>{{cite journal \|last1=Wald \|first1=A \|title=Contributions to the Theory of Statistical Estimation and Testing Hypotheses \|journal=Annals of Mathematical Statistics \|date=1939 \|volume=10 \|issue=4 \|pages=299–326\|doi=10.1214/aoms/1177732144 \|doi-access=free }}</ref> The probability of an event multiplied by its magnitude was proposed as a definition of risk for the planning of the [[Delta Works]] in 1953, a flood protection program in the [[Netherlands]].<ref>[[Wired Magazine]], [https://www.wired.com/science/planetearth/magazine/17-01/ff_dutch_delta?currentPage=3 Before the levees break], page 3.</ref> It was adopted by the US Nuclear Regulatory Commission (1975),<ref>{{cite book \|last1=Rasmussen \|title=An Assessment of Accident Risks in U.S. Commercial Nuclear Power Plants \|date=1975 \|publisher=US Nuclear Regulatory Commission \|ref=WASH-1400}}</ref> and remains widely used.<ref name="Stanford"/> "Likelihood and severity of events". The "triplet" definition of risk as "scenarios, probabilities and consequences" was proposed by Kaplan & Garrick (1981).<ref name="Kaplan&Garrick">{{cite journal \|last1=Kaplan \|first1=S. \|last2=Garrick \|first2=B.J. \|title=On the Quantitative Definition of Risk \|journal=Risk Analysis \|date=1981 \|volume=1 \|issue=1\|pages=11–27 \|doi=10.1111/j.1539-6924.1981.tb01350.x }}</ref> Many definitions refer to the likelihood/probability of events/effects/losses of different severity/consequence, e.g. ISO Guide 73 Note 4.<ref name="~~ISOGuide73~~ISO 31073"/> "Consequences and associated uncertainty". This was proposed by Kaplan & Garrick (1981).<ref name="Kaplan&Garrick"/> This definition is preferred in [[Bayesian inference\|Bayesian analysis]], which sees risk as the combination of events and uncertainties about them.<ref name = "Aven">{{cite book \|last1=Aven \|first1=Terje \|title=Quantitative Risk Assessment – The Scientific Platform \|date=2011 \|publisher=Cambridge University Press}}</ref> "Uncertain events affecting objectives". This definition was adopted by the Association for Project Management (1997).<ref>{{cite book \|title=Project Risk Analysis and Management Guide \|date=1997 \|publisher=Association of Project Management}}</ref><ref>A Guide to the Project Management Body of Knowledge (4th Edition) ANSI/PMI 99-001-2008</ref> With slight rewording it became the definition in ISO Guide 73.<ref name="~~ISOGuide73~~ISO 31073"/> "Uncertainty of outcome". This definition was adopted by the UK Cabinet Office (2002)<ref>{{cite book \|title=Risk: Improving government's capability to handle risk and uncertainty \|date=2002 \|publisher=Cabinet Office Strategy Unit \|url=http://www.integra.com.bo/articulos/RISK%20IMPROVING%20GOVERMENT.pdf}}</ref> to encourage innovation to improve public services. It allowed "risk" to describe either "positive opportunity or negative threat of actions and events". Line 162 ⟶ 173: Risk is ubiquitous in all areas of life and we all manage these risks, consciously or intuitively, whether we are managing a large organization or simply crossing the road. Intuitive risk management is addressed under the [[#Psychology of risk\|psychology of risk]] below. Risk management refers to a systematic approach to managing risks, and sometimes to the profession that does this. A general definition is that risk management consists of "coordinated activities to direct and control an organization with regard to risk".<ref name="~~ISOGuide73~~ISO 31073"/> [[ISO 31000]], the international standard for risk management,<ref name="ISO31000"/> describes a risk management process that consists of the following elements: Line 195 ⟶ 206: ===Risk identification=== Risk identification is "the process of finding, recognizing and recording risks". It "involves the identification of risk sources, events, their causes and their potential consequences."<ref name="~~ISOGuide73~~ISO 31073"/> [[ISO 31000]] describes it as the first step in a risk assessment process, preceding risk analysis and risk evaluation.<ref name="ISO31000"/> In safety contexts, where risk sources are known as hazards, this step is known as "hazard identification".<ref>{{cite book \|last1=Lyon \|first1=Bruce \|title=Fundamental Techniques \|date=2016 \|publisher=John Wiley & Sons \|location=In Popov G, Lyon BK, Hollcraft B (eds.). Risk Assessment: A Practical Guide to Assessing Operational Risks}}</ref> Line 211 ⟶ 222: ===Risk analysis=== Risk analysis is about developing an understanding of the risk. ISO defines it as "the process to comprehend the nature of risk and to determine the level of risk".<ref name="~~ISOGuide73~~ISO 31073"/> In the ISO 31000 risk assessment process, risk analysis follows risk identification and precedes risk evaluation. However, these distinctions are not always followed. Risk analysis may include:<ref name="ISO31010"/> Line 395 ⟶ 406: It is common for people to dread some risks but not others: They tend to be very afraid of epidemic diseases, nuclear power plant failures, and plane accidents but are relatively unconcerned about some highly frequent and deadly events, such as traffic crashes, household accidents, and [[medical error]]s. One key distinction of dreadful risks seems to be their potential for catastrophic consequences,<ref name="Slovic P 1987">{{cite journal \| last1 = Slovic \| first1 = P \| year = 1987 \| title = Perception of risk \| journal = Science \| volume = 236 \| issue = 4799 \| pages = 280–285 \| doi=10.1126/science.3563507\| pmid = 3563507 \| bibcode = 1987Sci...236..280S }}</ref> threatening to kill a large number of people within a short period of time.<ref>Gigerenzer G (2004) Dread risk, 11 September, and fatal traffic accidents. Psych Sci 15:286−287.</ref> For example, immediately after the [[11 September attacks]], many Americans were afraid to fly and took their car instead, a decision that led to a significant increase in the number of fatal crashes in the time period following the 9/11 event compared with the same time period before the attacks.<ref>{{cite journal \| last1 = Gaissmaier \| first1 = W. \| last2 = Gigerenzer \| first2 = G. \| year = 2012 \| title = 9/11, Act II: A fine-grained analysis of regional variations in traffic fatalities in the aftermath of the terrorist attacks \| journal = Psychological Science \| volume = 23 \| issue = 12 \| pages = 1449–1454 \| doi=10.1177/0956797612447804\| pmid = 23160203 \| s2cid = 3164450 \| url = http://nbn-resolving.de/urn:nbn:de:bsz:352-279310 \| hdl = 11858/00-001M-0000-0024-EF79-3 \| hdl-access = free }}</ref><ref name="Lichtenstein S 1978">{{cite journal \| last1 = Lichtenstein \| first1 = S \| last2 = Slovic \| first2 = P \| last3 = Fischhoff \| first3 = B \| last4 = Layman \| first4 = M \| last5 = Combs \| first5 = B \| year = 1978 \| title = Judged frequency of lethal events \| journal = Journal of Experimental Psychology: Human Learning and Memory\| volume = 4 \| issue = 6 \| pages = 551–578 \| doi=10.1037/0278-7393.4.6.551\| hdl = 1794/22549 \| hdl-access = free }}</ref> Different hypotheses have been proposed to explain why people fear dread risks. First, the [[~~Risk~~#psychometric paradigm\|psychometric paradigm]] suggests that high lack of control, high catastrophic potential, and severe consequences account for the increased risk perception and anxiety associated with dread risks. Second, because people estimate the frequency of a risk by recalling instances of its occurrence from their social circle or the media, they may overvalue relatively rare but dramatic risks because of their overpresence and undervalue frequent, less dramatic risks.<ref name="Lichtenstein S 1978"/> Third, according to the preparedness hypothesis, people are prone to fear events that have been particularly threatening to survival in human evolutionary history.<ref>{{cite journal \| last1 = Öhman \| first1 = A \| last2 = Mineka \| first2 = S \| year = 2001 \| title = Fears, phobias, and preparedness: Toward an evolved module of fear and fear learning \| journal = Psychol Rev \| volume = 108 \| issue = 3 \| pages = 483–522 \| doi=10.1037/0033-295x.108.3.483\| pmid = 11488376 }}</ref> Given that in most of human evolutionary history people lived in relatively small groups, rarely exceeding 100 people,<ref>{{cite journal \| last1 = Hill \| first1 = KR \| last2 = Walker \| first2 = RS \| last3 = Bozicevic \| first3 = M \| last4 = Eder \| first4 = J \| last5 = Headland \| first5 = T \|display-authors=etal \| year = 2011 \| title = Co-residence patterns in hunter-gatherer societies show unique human social structure \| journal = Science \| volume = 331 \| issue = 6022 \| pages = 1286–1289 \| doi=10.1126/science.1199071\| pmid = 21393537 \| bibcode = 2011Sci...331.1286H \| s2cid = 93958 }}</ref> a dread risk, which kills many people at once, could potentially wipe out one's whole group. Indeed, research found<ref>{{cite journal \|last1=Galesic \|first1=M \|author-link=Mirta Galesic \|last2=Garcia-Retamero \|first2=R \|year=2012 \|title=The risks we dread: A social circle account \|journal=PLOS ONE \|volume=7 \|issue=4 \|page=e32837 \|bibcode=2012PLoSO...732837G \|doi=10.1371/journal.pone.0032837 \|pmc=3324481 \|pmid=22509250 \|doi-access=free}}</ref> that people's fear peaks for risks killing around 100 people but does not increase if larger groups are killed. Fourth, fearing dread risks can be an ecologically rational strategy.<ref>{{cite journal \| last1 = Bodemer \| first1 = N. \| last2 = Ruggeri \| first2 = A. \| last3 = Galesic \| first3 = M. \| year = 2013 \| title = When dread risks are more dreadful than continuous risks: Comparing cumulative population losses over time \| journal = PLOS ONE \| volume = 8 \| issue = 6 \| page = e66544 \| doi=10.1371/journal.pone.0066544\| pmid = 23840503 \| pmc = 3694073 \| bibcode = 2013PLoSO...866544B \| doi-access = free }}</ref> Besides killing a large number of people at a single point in time, dread risks reduce the number of children and young adults who would have potentially produced offspring. Accordingly, people are more concerned about risks killing younger, and hence more fertile, groups.<ref>{{cite journal \| last1 = Wang \| first1 = XT \| year = 1996 \| title = Evolutionary hypotheses of risk-sensitive choice: Age differences and perspective change \| journal = Ethol Sociobiol \| volume = 17 \| pages = 1–15 \| doi=10.1016/0162-3095(95)00103-4\| citeseerx = 10.1.1.201.816 }}</ref> ====Outrage==== Line 421 ⟶ 432: ===Psychology of risk taking=== A growing area of research has been to examine various psychological aspects of risk taking. Researchers typically run randomised experiments with a treatment and control group to ascertain the effect of different psychological factors that may be associated with risk taking.<ref>{{Cite journal \|last=Cerf \|first=Moran \|date=October 4, 2022 \|title=Risk Assessment Under Perceptual Ambiguity and its impact on category learning \|url=https://psyarxiv.com/uyn4q/ \|journal=PsyArXiv \|doi=10.31234/osf.io/uyn4q \|s2cid=221756622}}</ref> Thus, positive and negative feedback about past risk taking can affect future risk taking. In one experiment, people who were led to believe they are very competent at decision making saw more opportunities in a risky choice and took more risks, while those led to believe they were not very competent saw more threats and took fewer risks.<ref> {{cite journal \|last1=Krueger, Jr. \|first1=Norris \|last2=Dickson \|first2=Peter R. \|date=May 1994 \|title=How Believing in Ourselves Increases Risk Taking: Perceived Self-Efficacy and Opportunity Recognition \|url=https://onlinelibrary.wiley.com/doi/abs/10.1111/j.1540-5915.1994.tb00810.x \|journal=[[Decision Sciences]] \|volume=25 \|issue=3 \|pages=385–400 \|doi=10.1111/j.1540-5915.1994.tb00810.x \|access-date=2023-05-18\|url-access=subscription }}</ref> People show risk aversion, so that they reject fair risky offers like a coin toss with an equal chance of winning and losing the same amount.<ref>{{cite journal \|last=Rabin \|first=Matthew \|title=Risk Aversion and Expected-Utility Theory: A Calibration Theorem \|journal=Econometrica \|volume=68 \|issue=5 \|year=2000 \|pages=1281–1292 \|url=https://pubs.aeaweb.org/doi/pdfplus/10.1257/jep.15.1.219 \|doi=10.2307/2999450}}</ref> The expected premium for taking risks increases as the gambled amount increases.<ref>{{cite journal \|last1=Holt \|first1=C. A. \|last2=Laury \|first2=S. K. \|title=Risk aversion and incentive effects \|journal=American Economic Review \|volume=92 \|issue=5 \|year=2002 \|pages=1644-1655 \|doi=10.1257/000282802762024700}}</ref> Critically, people's intuitive response is often less risk-averse than their subsequent reflective response.<ref>{{cite journal \|last1=Voudouri \|first1=A. \|last2=Białek \|first2=M. \|last3=De Neys \|first3=W. \|title=Fast & slow decisions under risk: Intuition rather than deliberation drives advantageous choices \|journal=Cognition \|volume=250 \|year=2024 \|pages=105837 \|doi=10.1016/j.cognition.2024.105837}}</ref> ==== Sex differences ==== {{excerpt\|Sex differences in humans\|Financial risk-taking}} Line 433 ⟶ 447: Thus, [[Knightian uncertainty]] is immeasurable, not possible to calculate, while in the Knightian sense risk is measurable. Another distinction between risk and uncertainty is proposed by Douglas Hubbard:<ref>~~Douglas~~{{cite book \|last=Hubbard "\|first=Douglas \|isbn=9781118539279 \|title=How to Measure Anything: Finding the Value of Intangibles in Business~~" pg. 46,~~ \|publisher=John Wiley & Sons, ~~2007.~~\|date=17 Mar 2014}}</ref><ref name="Hubbard"~~>Douglas~~ ~~Hubbard "The Failure of Risk Management: Why It's Broken and How to Fix It, John Wiley & Sons, 2009. Page 22 of https:~~/~~/canvas.uw.edu/courses/1066599/files/37549842/download?verifier=ar2VjVOxCU8sEQr23I5LEBpr89B6fnwmoJgBinqj&wrap=1</ref~~> :'''Uncertainty''': The lack of complete certainty, that is, the existence of more than one possibility. The "true" outcome/state/result/value is not known. Line 489 ⟶ 503: \| ''Judgment Under Uncertainty: heuristics and biases'' \|\| [[Daniel Kahneman]], [[Paul Slovic]], and [[Amos Tversky]] \|\| 1982 \|- \| ''Mapping Vulnerability: disasters, development, and people'' \|\| Greg Bankoff, Georg Frerks, and [[Dorothea Hilhorst]] \|\| 2004 \|- \| ''Man and Society in Calamity: The Effects of War, Revolution, Famine, Pestilence upon Human Mind, Behavior, Social Organization and Cultural Life'' \|\| [[Pitirim Sorokin]] \|\| 1942 Line 566 ⟶ 580: [[Risk analysis (business)]] * [[Peltzman effect]] * [[Risk transformation]] * [[Risk-neutral measure]] * [[Sampling risk]]