Risk glossary

This glossary is provided as a guide to some of the terms you will often find in the risks management field. It’s very long so you will have to open it on its own page.

A |B |C |D |E |F |G |H |I |J |K |L |M |N |O |P |Q |R |S |T |U |V |W |X |Y |Z

As low as reasonably practicable; a safety risk management requirement imposed by the Health and Safety at Work Act. Also known as SFARP, so far as reasonably practicable.

UK association of insurance and risk managers (in industry and commerce). For more details see their website.

The (UK) national forum for risk management in the public sector, formerly the association of local authority risk managers. For more details see their website.

ANZ Standard
Australian and New Zealand standard for risk management, AS/NZS 4360:2004. Used by The Risk Agenda as the basic standard for risk management. It has associated Risk Management Guidelines, HB 436:2004, although really the standard itself is only a guideline for of good practice. Now superseded by ISO 31000. See also the British Standard BS 31100 and the IRM Standard.

Baseline business model
The model of a project, business or organisation which is used to act as the baseline for a risk model. The key point is to make sure the two are consistent with no gaps or overlaps.

Bayesian network
An influence diagram (or directed acyclic graph) where the links are probabilistic; effectively conditional probabilities. You can use software to calculate them, for example to update probabilities in the light of new information.

Bayes Theorem
The basic relationship between inverse conditional probabilities. Normally used to start from the probability of observed data given a hypothesis to provide the probability of a hypothesis given observed data.

bell curve
Informal name for a graph of a continuous probability distribution, so-called because of its bell shape when the distribution is normal.

beta distribution
A continuous probability distribution on a finite range (a,b) for which the PDF is a power low at each end so that p(x)∝(x-a)s(b-x)t. The mean is ((t+1)a+(s+1)b)/(s+t+2) and the variance is (s+1)(t+1)(b-a)2/((s+t+2)2(s+t+3)).

binomial distribution
A discrete probability distribution which reflects the chance of n successes in N trials where the probability of success is p for each trial. The probability distribution, p(n), is (N!/n!(N-n)!)pn(1-p)N-n, the mean is Np and the variance is Np(1-p).

BS 31100:2008
The British standard for ‘Risk management – Code of practice’. See also ISO 31000 and our RiskBite on standards.

The capital asset pricing model which is claimed to relate an asset’s expected return to its volatility on the market.

chi-square distribution
A continuous probability distribution which is a special case of the exponential distribution with a PDF proportional to xn/2-1e-x/2. The mean is n and the variance is 2n. This distribution is said to be a chi-square distribution with n degrees of freedom and is the distribution of the sum of the squares of n identical normally distributed random variables.

central limit theorem
The sum of many independent random variables is approximately normal. This can frequently be used to carry out sanity checks on risk models, and particularly the so-called direct method.

An approach to decision making which is based on subjective probabilities and utilities. If you are not coherent in your approach to decisions you might become a money making machine.

conditional probability
The probability of an event, A, say, given that some other event, B, say, has happened. Written as p(A|B).

Outcome or impact of an event. There can be more than one consequence per event, they can be positive or negative, they can be expressed qualitatively or quantitatively and they should be expressed in relation to the achievement of objectives. Taken from the ANZ standard.

A financial reserve which can be used to implement a contingency plan, ie the contingency plan is to spend the contingency if the risk materialises.

contingency plan
A risk reduction measure aimed at reducing the consequences of a risk if it materialises. The point is that the plan is implemented only if the risk event occurs.

A statement that two events or effects have a measurable interrelationship, for example through the correlation coefficient. If the correlation is not zero the events are not independent. If the events are independent the correlation is zero. Be careful, the reverse of neither of these is necessarily true.

correlation coefficient (or rank correlation coefficient)
A measure of correlation involving the difference between the expected value of the product of two random variables and the product of the expected value, normalised by the two standard deviations. The rank correlation coefficient is the same thing, but based on the rank of samples rather than the sample values themselves. (This is a bit sloppy. The sample correlation coefficient is an estimator of the correlation coefficient; the rank correlation coefficient is a sample statistic that is not an estimator of anything.)

cumulative probability distribution
A way of representing a probability distribution, particularly for continuous random variables. It is the probability that the random variable is less than a specific value, and drawn as an S-curve. A useful alternative to probability density functions which people do not understand.

decision tree
A tree like structure where the nodes are either decision points or event outcomes. They can be developed from influence diagrams and quantified using probabilities. It is then possible to calculate the decision sequence which maximises expected utility.

Where there are interrelationships reflecting an absence of independence.

direct method
A Risk Agenda term for a simple technique for calculating a risk model. It involves summing the mean and variance of independent random variables and adopting the normal approximation suggested by the central limit theorem.

estimating risk
The Risk Agenda term for guessing or calculating quantitative risk levels. This is based on the use of estimators in statistical inference.

A function of observed events which approximates to some parameter of the underlying distribution. For example the mean of a sample is an estimator of the mean of the underlying distribution.

The occurrence of a particular set of circumstances, certain or uncertain, a single occurrence or a series. Taken from the ANZ standard.

event tree
A risk model which comprises a branching structure which traces the events which can follow an initiating event. Often built into more comprehensive models with fault trees.

expected value
The probability weighted average of a random variable, also called the mean.

exponential distribution
A continuous probability distribution which represents the time to the next event in a Poisson process. The PDF is p(t)=fe-ft for 0≤t, the mean is 1/f and the variance is 1/f2.

fault tree
A risk model which comprises a branching structure which traces the ways a top event can arise from a number of base events. This is often used in reliability analysis. Often built into more comprehensive models with event trees.

fN line
A measure of risk often used in safety risk models which estimate frequencies. It is the equivalent of an S-curve, but at each consequence level, N (eg the number of deaths), it plots the frequency of events which have consequences equal to or higher than N.

A measure of probability per unit time often used in safety risk modelling. Technically it reflects a Poisson process rather then a one off probability of an event happening. The formal definition in the ANZ standard is ‘a measure of the number of occurrences per unit time’. The Risk Agenda is not sure this helps.

gamma distribution
A continuous probability distribution for which the PDF is a power low multiplied by a decaying exponential: p(x)&#8733xse-ks. The mean is (s+1)/k and the variance is (s+1)/k2.

Green Book
The UK treasury’s mandatory ‘guidance’ on the appraisal of expenditure including situations where risk is an issue. Specifically this requires the use of optimism biases to reflect risk prior to its full estimation.

A term used in safety risk analysis to mean a situation with the potential to cause harm. It is therefore a precursor or source of risk, a term which in this context is taken to reflect the probability of the harm occurring.

Health and Safety at Work Act
The main legal framework for health and safety at work on the UK. Spawns numerous other regulations affecting the need to carry out risk assessments and also for specific issues.

A common term for the consequences of a risk.

A statement of the absence of an interrelationship between two effects. The probability of two independent events is the product of their individual probabilities, and if the probability of two events is the product of their individual probabilities they are idependent. Similarly the joint probability distribution of two independent random variables is the product of their individual probability distributions, and if the joint probability distribution of two random variables is the product of their individual probabilties they are independent.

influence diagram
A net work of blobs joined to each other by arrows. The blobs represent events or effects and the arrows represent how one affects another.

Institute of Risk Management
UK based professional organisation for those interested in risk management, focussing on education. For more information see their website.

IRM Standard
Standard for risk management maintained by the IRM, AIRMIC and ALARM. Likely to become a British or European standard. It is more a statement of useful principles than a standard. See also the Australian and New Zealand standard.

ISO 31000:2009
Standard for ‘Risk Management – Principles and guidelines’ issued after much discussion in 2009. This supersedes the excellent Australian and New Zealand standard. See also our RiskBite on standards.

law of large numbers
Informally, the idea that taking a large number of samples will stabilise the fraction of those in which a specific event occurs. Mathematically it is the assertion that the probability that the fraction is a certain distance from the stabilised value decreases at least as fast as the inverse number of samples. This underpins the Monte Carlo method.

lognormal distribution
A continuous probability distribution for the random variable X=eY where Y is normally distributed with mean μ, say, and standard deviation σ. The mean is exp(μ+σ2/2) and the variance is exp(2μ+σ2)(exp(σ2)-1).

An informal expression of the degree of belief that an event or events will occur. The formal definition is ‘used as a general description of probability or frequency which can be expressed qualitatively or quantitatively’. This is taken from the ANZ standard.

mean value
Another name for expected value.

mixed distribution
A probability distribution which is partly discrete and partly continuous. If X is drawn with probability p from some distribution with mean μ, say, and standard deviation σ and X=0 with probability 1-p then the mean of X is pμ and the variance of X is 2+p(1-p)μ2.

Monte Carlo
An approximate technique for calculating risk models in which a large number of possible futures is explored by selecting randomly from the probability distributions of the input to develop the probability distribution of the output.

An approach to decision making where there are a number of attributes which need to be traded off, including, perhaps, risk-related attributes. This is typically resolved using a scoring scheme.

normal distribution
A continuous probability distribution which is of fundamental importance as, for a given mean and variance, it is the minimally informative distribution. This is why, according to the central limit theorem, the distribution of a sum of independent random variables is approximately normal. The PDF is p(x)=(2πσ2)-1/2exp(-(x-μ)2/2σ2) where the mean is μ and the standard deviation is σ.

A risk with a positive consequence for objectives. Contrasted with a threat.

optimism bias
A concept put forward by the UK Treasury in its Green Book on expenditure appraisal. It is a set of factors to be applied to project cost to reflect risk issues prior to their full evaluation. Essentially this reflects Treasury frustration with over-optimistic estimates of project cost and duration.

Orange Book
Guidance from the UK Treasury on the implementation of risk management in Government departments.

A description of a point on a cumulative probability distribution. The 80th percentile, for example, is the value for which there is a 20% probability of a higher value and a 80% probability of a lower.

A common convention for percentiles. For example P80 is the 80th percentile.

Poisson process
A random process in which the probability of an event occurring during a short period of length t is ft where f is the Poisson parameter, sometimes called the frequency. The number of times that the event occurs in any period of length T has a Poisson distribution: p(n)=(fT)nexp(-fT)/n!.

precautionary principle
One way of saying we have to be extra careful with safety and environmental risks. It official statement, from the Rio summit is: ‘where there are threats of serious or irreversible environmental damage, lack of full scientific certainty shall not be used as a reason for postponing cost effective measures to prevent environmental degradation’. This is not coherent.

private finance initiative (PFI)
A form of public procurement in the UK which allows the public sector to gain the services of a new or improved capital asset through regular payment of a service charge. The asset is built or refurbished though private finance. This is intended to allow a better risk allocation, and specifically to transfer risk from the public to the private sector. It is a subset of Public Private Partnerships, PPP.

probability density function (PDF)
A representation of a probability distribution for a continuous random variable which is often not properly understood. The Risk Agenda prefers cumulative probability distributions.

A numerical expression of the degree of belief that an event will occur. It can be generated from the concept of a set of repeatable experiments and represents the fraction in which the event occurs. This concept allows a theory of probability to be developed and used. The formal definition, taken from the ANZ standard is ‘a measure of the chance of occurrence expressed as a number between 0 and 1.’

probability distribution
A set of probabilities applied to an event or a random variable which reflects the likelihood that the event will occur or the random variable will take a certain value. Probability distributions may be either discrete or continuous.

probability impact diagram (PID)
A term sometimes used for a risk matrix.

public private partnership (PPP)
A generic term for public procurement on a non-traditional basis of which PFI is the prime example.

random variable
A numerical function defined for a complete set of events which may or may not happen.

rank correlation
See correlation.

reliability analysis
The analysis of the risk that a component or system will not be functional at a given point in time.

residual risk
The risk remaining after the implementation of risk treatment. Taken from the ANZ standard.

The chance of something happening which will have an impact on objectives. The ‘something’ is often specified in terms of an event or circumstance and the consequences which may flow from it. Risk is measured in terms of a combination of the consequences of an event and their likelihood. Risk may have a positive or a negative impact. Taken from the ANZ standard. Positive impact risks are known as opportunities and those with a negative impact are sometimes known as threats.

risk analysis
A systematic process to understand the nature of and to deduce the level of risk. This provides the basis for risk evaluation and decisions about risk treatment. Taken from the ANZ standard.

risk assessment
The overall process of risk identification, risk analysis and risk evaluation. Taken from the ANZ standard.

risk appetite
The idea developed from risk criteria that some risks are acceptable and some are not. There is no formal definition and it is not a helpful concept.

risk averse
An inclination to take decisions regarding risk which reflect a preference for certainty over uncertainty. Technically this might mean a concave down utility function, that is decreasing utility for higher amounts, but revealed behaviour often indicates greater aversion than this. The opposite is risk seeking.

risk criteria
The terms of reference by which the significance of risk is assessed. Taken from the ANZ standard.

risk evaluation
The process of comparing the level of risk against risk criteria. It assists in decisions about risk treatment. Taken from the ANZ standard.

risk identification
The process of determining what, when, why and how something could happen. Taken from the ANZ standard.

risk management
The culture, processes and structures that are directed towards realising potential opportunities whilst managing adverse effects. Taken from the ANZ standard.

risk management process
The systematic application of management policies, procedures and practices to the tasks of communicating, establishing the context, identifying, analysing, evaluating, treating, monitoring, and reviewing risk. Taken from the ANZ standard.

risk management framework
The elements of an organisation’s management system concerned with managing risk. Management systems elements can include strategic planning, decision making, and other strategies, processes and practices for dealing with risk. Taken from the ANZ standard.

risk matrix
A matrix of likelihood and consequence categories. Qualitative risk analysis assigns individual risks to cells of this matrix, possibly both with and without risk treatment.

risk map
An illustration of those aspects of a system which are important for generating the risk associated with the system and which determines the nature of the risk. At The Risk Agenda we have put considerable effort into developing our ideas on risk mapping. We see it as an important step between the risk workshop and risk modelling, which also enables much more rigorous risk registers to be generated. See our risk mapping page.

risk model
A quantitative model which comprises a set of inputs, a set of output linked to the inputs and a set of probability distributions on the inputs.

risk premium
The price sought or paid for accepting risk beyond the expected value. There is no real theory for what people pay or charge in most circumstances. However the capital asset pricing model is one example.

risk provision
An amount on top of baseline to account for with risk. Subtly different from contingency: contingency may eat into the baseline, or may only be part of the provision.

risk register
A database of risks which have been identified, typically including other information such as category, likelihood, consequence, ownership, treatment, responsibility for treatment and so on. Can be used to draw the risk matrix.

risk seeking
An inclination to take decisions regarding risk which reflect a preference for risk or uncertainty over certainty. Technically this might mean a convex down utility function, that is increasing utility for higher amounts, but revealed behaviour may indicate more enthusiasm for risk taking than could be explained by this. The opposite is risk aversion.

risk treatment
The process of selection and implementation of measures to modify risk. Risk treatment measures can include avoiding modifying sharing or retaining risk – see the 5 Ts. Taken from the ANZ standard.

risk workshop
A meeting of experts convened to carry out the initial risk identification of a system. The output can be used to generate a risk register and/or a risk map.

scatter chart
A useful form of presentation of risk in which, for example, the inputs and outputs of individual simulations in a Monte Carlo calculation are plotted, or the probability and consequence of a number of risks.

schedule risk analysis
The analysis of project risks, particularly the time to complete the project.

A graph of a cumulative probability distribution, so-called because it moves from bottom left to top right with a sinuous shape.

sensitivity chart
A bar chart in which the dependence of outputs on inputs is drawn. The Risk Agenda prefers to draw these as vertical bars expressing the whole range and also the P20 and P80 values.

So far as reasonably practicable – see ALARP.

spider plot
A chart in which the relationships between an output and the inputs of a risk model are plotted. The vertical axis is the output and the horizontal axis is a normalised measure for the inputs, for example fractional change from the mean, or the percentiles. The Risk Agenda prefers sensitivity charts.

standard deviation
A measure of the spread of a random variable. It is the root mean square distance from the mean of the random variable and therefore has the same units as the random variable. (Its square is the variance which has simpler statistical properties.)

standardisation of PFI contracts, Version 3 (SoPC3)
A standardised form of contract for PFIs issued by the UK Treasury. This sets out the preferred risk allocation.

The 4 (or 5) Ts
The four classic measures for dealing with risk: ‘tolerate’, ie do nothing, ‘treat’, ie do something, ‘transfer’, ie insure or pass to a customer or contractor, and ‘terminate’, ie do something else. The fifth is ‘take’ the opportunity. See also risk treatment.

A risk with a negative consequence for objectives. Contrasted with an opportunity.

tornado chart
A form of risk presentation of risk model results intended to demonstrate the importance of each input to an output. It is a bar chart of the (rank) correlation coefficient between the two variables. If you draw it as horizontal bars in increasing order vertically it looks vaguely like a tornado.

triangle distribution
A continuous probability distribution which it is often convenient to use to represent bounded random variables in risk models. They are specified by thier minimum, maximum and most likely values with a linear PDF between the minimum and most likely and the most likely and maximum. The mean is (Min+ML+Max)/3 and the variance is ((ML-Min)2+(Max-ML)2+(Max-Min)2)/36.

uniform distribution
A discrete or continuous probability distribution where the probabilitity is split equally between the first N integers (discrete) or the values (continuous) within a range (a,b). For the discrete distribution the probability distribution, p(n), is 1/N, the mean is (N+1)/2 and the variance is (N²-1)/12. For the continuous distribution the PDF is p(x)=1/(b-a) for a≤x≤b, the mean is (a+b)/2 and the variance is (a-b)²/12.

A number representing an individual’s preference for outcome. A coherent decision maker maximises their expected utility.

value of information
In decision theory the amount (if any) by which the expected utility is increased if you can acquire more information about the probability of outcomes. The idea is you get the information if the cost of doing so is less than the value.

A measure of the spread of a random variable. It is the mean square distance from the mean of the random variable. Its square root is the standard deviation which has the units of the underlying variable and is thus a direct measure of spread.

weighted average cost of capital (WACC)
The cost of capital averaged across all the sources of finance. This sets the required rate of return for a project. It will therefore be higher if there is high risk equity, reflecting a risk premium. It is an open question whether this adequately accounts for the risks involved and people’s behaviour.

Weibull distribution
A continuous probability distribution which represents a process in which the rate changes with time. The PDF is p(t)=abtb-1exp(-atb). The mean is a-1/bΓ(1+1/b) and the variance is a-2/b(Γ(1+2/b)-Γ2(1+1/b)).

willingness to pay / willingness to accept
A common measure, used in public policy, of the value of a change including something which increases or reduces risk. This might be expressed explicitly or revealed through people’s behaviour. In general the willingness to pay for a benefit such as reduced risk is less than the payment people might be prepared to accept for increased risk. This means policy makers prefer revealed willingness to pay as they would otherwise not get anything done.

Leave a Reply

Your e-mail address will not be published. Required fields are marked *