Risk is a concept with many different definitions and in some cases, the definition is adapted to the specific risk context or risk type. For instance, the Concise Oxford Dictionary (2008) defines risk as a “hazard, a chance of bad consequences, loss or exposure mischance.” From scholars and practitioners such as McNeil et al. (2005), risk is “any event or action that may adversely affect an organisation‟s ability to achieve its objective and execute its strategies.” Adding to this definition the quantitative component of risk, McNeil et al. (2005) say risk is also “the quantifiable likelihood of loss or less-than-expected returns.”
From the analysis of operations research and the decision making theory, risk is related to randomness and uncertainty. From different kinds of events, one can differentiate multiple kinds of risks affecting a decision. For example, Eppens et al. (1998) identify risk under the decision perspective and state that decisions under risk are those where it is possible to estimate the probability of the several states of nature that the decision maker has to deal with.
The risk review from March and Shapira (1987) provides insights for the understanding of the risk concept. These authors presented a comparison between the risk concept from the decision theory and the concept that the managers held The difference starts from a managerial focus on risk as potential organisational losses and not on the organisational positive results or variance view of the outcomes; equally, managers concentrate more on the value of the loss than on the probability of the events with the observation that the attitude is that managers are not strongly oriented to measure the risk but to perceive it.
Regarding risk attitudes, March and Shapira (1987) presented that manager‟s risk attitudes and the way of dealing with risk is associated with this statement “They feel that a manager who fails to take risks should not be in the business of managing.” And the authors conclude “Managers look for alternatives that can be managed to meet targets, rather than assess or accept risks.” The point with this attitude and risk view is the influence on the support and implementation RM processes because the identification of capacity to control results and to design incentives that lead risk attitudes or choices.
As a complement of the risk definition and the attitudes to risk McNamara and Bromiley (1999) studied the specific case of a bank where the assessed risk should contribute to the expected return indicating that risk refers to “the likelihood of default by the borrower.”
In this article the presentation includes the need of considering measures on the lending process as a means to understand the judgemental decisions and the links among business processes in the bank. The authors conclude that the managerial definitions of risk and return require a strong “effort to understand and to manage” the risk-adjusted measures that the evaluation of organisations performance require. Indication risk where KM has involvement: operational, financial and innovation level. In section 2.3.6 the value of IT in RM is presented and in particular the observation of the risk concept for Tanriverdi and Ruefi (2004) represented by the chance of losses and magnitude of losses.
These definitions have some components associated with the probability distribution of events that can occur, and the negative effect that those events can produce. In a financial institution, there are different events and risks, such as property or life contingencies and negative changes in returns, currency exchange rates, etc. The
probability law that a risk follows differentiates risk from uncertainty, where nothing is known; neither the probability, nor the event characteristics of occurrence.
Risks have been studied and analysed independently in financial institutions. Given the nature of the financial institutions, where a wide exposure can be affected by many environmental factors and from the wide spectrum of financial service activities, there are different kinds of risk that are involved in several actions and decisions in a financial organisation structure. Classification of risks can be indicated depending on the area where the risk analysis is performed. For example, Ong (2006), Van Greuning and Brajovic (2003) and Crouhy et al. (2001) present a classification of risks mainly referring to financial institutions and related to market risk and business risk, such as an operational risk. Market risk and Credit risk have been studied more deeply than operational risk, which has been studied in depth by few authors, such as Panjer (2006).
Other risks, non financials, are classified as event risks, such as political risk, and these are shown by Harms (2000). A summary (See Figure 2-2) of the kind of risks is as follows:
Financial: credit, currency, market, capital, etc.
Business: legal, regulatory, country, etc.
Operational: fraud, damage, information, products, etc.
Event: political, contagion, etc.
Risk Types
Figure 2-2 Kinds of risks in a financial institution
Finally, risk classification is equally applicable to risks in society, and not only for business purposes such as Bischoff (2008) presents which indicates several risks affecting the current society such as health care, community risks and global risks. Each classification can involve probability laws that describe each type of risk that affect the financial institution and society.