In This Section

News and Articles



How Does Your Organization Define Risk, and Why Does It Matter?

Aug 08, 2022
Safety professional man talking to two colleagues about their definition of risk

Safety professionals think about risk every day, but what really defines it?

The answer: It depends on who you ask — and that can make communication difficult.

According to a recent Professional Safety article by Bruce Lyon, P.E., CSP, SMS, ARM, CHMM, and Georgi Popov, Ph.D., CSP, QEP, SMS, ARM, CMC, FAIHA, that was also the subject of a Management Practice Specialty webinar, risk is broadly defined as “having the capacity to produce harm or loss and is measured in terms of likelihood of occurrence and severity of impact.”

But underneath that wide definition, risk means different things to different groups within an organization.

Occupational safety and health practitioners see risks derived from hazards, while production and operational managers see risks coming from operations. Executives take a much broader view to include financial and strategic risks that threaten business objectives, Lyon and Popov write.

This has led to the concept of risk being viewed in silos. But the days of operating in silos are fading into the past. A new set of skills is required for today’s safety professionals as more organizations adopt an enterprise risk management perspective, enabling them to be more agile and resilient.

Defining Risk and Opportunity Across Silos

If we look to occupational safety, health and environmental standards for guidance, risk is generally defined as the probability or likelihood of an occurrence and the severity of its potential consequences. But different definitions surface in standards, leaving questions about the source of risk and the role of uncertainty. Some even leave the definition open to suggest risk could be “a good thing.”

When considering the fundamental meaning of risk across definitions, a meta-definition is the potential for adverse outcomes.

For example, risk is the potential for adverse outcomes from operating a machine, performing elevated work, traveling abroad, acquiring a business, making an investment or building an addition. This meta-definition crosses all silos and incorporates enterprise risk management perspectives.

Risk cannot be considered a “good thing” because of its inherent relation to “adverse outcomes,” though sometimes people mistakenly believe risk creates opportunity.

Here’s how the authors view it: “Opportunity and risk are conjoined but are on opposite sides of the same coin.”

They define opportunity as the potential for favorable outcomes.

For example, opportunities such as adding a new product line, ending a partnership, expanding operations in a foreign country or acquiring a business all have risk or a potential for adverse outcomes.

If you think of risk and opportunity on both sides of a coin, that coin might be uncertainty, which drives both risk and opportunity.

Whether you want to reduce risk or take advantage of opportunities, recognizing and managing uncertainty is key.

Understanding and Managing Uncertainty

The authors contend that all decisions are made either knowingly or unknowingly of the level of uncertainty involved. In their view, the difference is that decisions made with a better understanding of risk are more likely to be successful.

The authors also offer a meta-definition of uncertainty as the lack of knowing outcomes. But underneath that are two different kinds of unknown outcomes: There are unknowns that are known (epistemic uncertainty) and unknowable unknowns (aleatoric uncertainty). 

Epistemic uncertainty may “include uncertainty regarding the likelihood of an event, the consequences that may occur and the magnitude of the consequences.” You can reduce this type of uncertainty through investigation and assessment.

Aleatoric uncertainty comes from an unpredictable process such as flipping a coin. There is no way to predict which way the coin will flip and therefore there is no way to reduce the risk — only identify and quantify it.

Within uncertainty, there are also specific events categorized as black swans and gray rhinos. These receive significant attention, and represent significant risk, so it’s important for safety professionals to understand them and their impact.

Black swans are unprecedented or unexpected in the course of human history. These are unknowable unknowns — random events, often with multiple causes, that have catastrophic results. Examples include some volcano eruptions or the Fukushima nuclear incident of 2011.   

Gray rhinos are more knowable: We anticipate a risk and understand it’s highly probable, but we don’t take it seriously or recognize the significance of its potential impact. Examples include the bursting of the housing bubble in 2008, the devastating aftermath of Hurricane Katrina and other natural disasters, and the fall of the Soviet Union. All occurred after a series of warnings involving visible evidence.  

To reduce uncertainty, Lyon and Popov recommend that you:

  • Reduce the size of the decision: Break it into smaller steps, reducing the potential impact of each choice.
  • Understand the options: Knowledge is power, and the antidote to the unknown.
  • Defer the decision: Postpone making the decision until you know more.
  • Focus on one decision: Keep the focus on a single decision rather than combining an assessment of risks from multiple decisions.
  • Understand the credible worst case: Determine the worst-case scenario, focusing only on what is credible, and define the potential outcomes.
  • Clarify potential outcomes: Estimate the consequences of the decision, both positive and negative, and the risk drivers that may influence outcomes.
  • Understand the context: Know the reasons for the decision, the internal and external stakeholders, and the goals and values of the organization.
  • Be flexible and adaptable: Keep your options open and adjust as you learn more.
  • Remain objective and unemotional: Set aside your emotions and maintain a calm, rational mind-set.

Questions to Consider:

Taking these definitions and issues into consideration, our Management Practice Specialty hosted an online water cooler chat that allowed professionals to delve into these concepts and see where others landed on key questions. Here are three questions they discussed that will help refine your thought process:

  1. How does your organization define risk? Does that definition differ between departments? Do you have a preferred method for reducing uncertainty?
  2. The authors contend that organizations are removing silos and integrating the enterprise risk management definition of risk, enabling them to be more agile and resilient. Do you agree that removing silos allows organizations to be more agile?
  3. Which is more worrisome to you: Black swans or gray rhinos? Why?


Find Your FOCUS and Master an Area of Expertise

SafetyFOCUS is back for a fall session, with immersive education to help you advance. Join us for live courses in Columbia, MD, or online and get back in the classroom before the end of the year.

Learn more



Are You Passionate About Safety?

Volunteer with ASSP today.

Get involved


Jumpstart Your Learning

Access our latest free webinars, articles and more.

Advance Your Career

Earning an ASSP certificate can enhance your career.

Get Insight & Analysis

Learn about the latest trends in safety management, government affairs and more.

Connect With ASSP