Risks

Risk is a concept which relates to human expectations. It denotes a potential negative impact to an asset or some characteristic of value that may arise from some present process or from some future event. In everyday usage, "risk" is often used synonymously with "probability" of a loss or threat. In professional risk assessments, risk combines the probability of an event occurring with the impact that event would be and with its different circumstances. However, where assets are priced by markets, all probabilities and impacts are reflected in the market price, and risk therefore comes only from the variance of the outcomes; this startling fact is one of the conclusions of Black-Scholes pricing theory.

Defined aspects of risk
There are many definitions of risk, they depend on the specific application and situational contexts. Most general, every risk (indicator) is proportional to the expected losses which can be caused by a risky event and to the probability of this event.

Therefore, the differentiation of risk definitions depends on the losses context, their assessment and measurement, as well as, when the losses are clear and invariable, for example a human life, the risk assessment is focused on the probability of the event, event frequency and its circumstances.

We distinguish two types of risk, the first is based on scientific and engineering estimations and the second, called effective risk is dependent on human risk perception. In practice, these two assessments are in continuous conflicts in social and political sciences.

Engineering definition of risk, an example:


 * $$ Risk = \frac {probability\ of\ an\ accident}{events\ per\ time\ period} \times  \frac{consequence\ in\ lost\ money\ or\ deaths}{ per\ event} $$.

Financial risk is often defined as the unexpected variability or volatility of returns, and thus includes both potential worse than expected as well as better than expected returns. References to negative risk below should be read as applying to positive impacts or opportunity (e.g. for loss read "loss or gain") unless the context precludes.

In statistics, risk is often mapped to the probability of some event which is seen as undesirable. Usually the probability of that event and some assessment of its expected harm must be combined into a believable scenario (an outcome) which combines the set of risk, regret and reward probabilities into an expected value for that outcome. (See also Expected utility)

Thus in statistical decision theory, the risk function of an estimator &delta;(x) for a parameter &theta;, calculated from some observables x; is defined as the expectation value of the loss function L,


 * $$ R(\theta,\delta(x)) = \int L(\theta,\delta(x))\times f(x|\theta)\,dx$$

where:
 * &delta;(x) = estimator
 * &theta; = the parameter of the estimator

There are many informal methods used to assess or to "measure" risk. Although it is not usually possible to directly measure risk. Formal methods measure the value at risk.

In scenario analysis "risk" is distinct from "threat." A threat is a very low-probability but serious event - which some analysts may be unable to assign a probability in a risk assessment because it has never occurred, and for which no effective preventive measure (a step taken to reduce the probability or impact of a possible future event) is available. The difference is most clearly illustrated by the precautionary principle which seeks to reduce threat by requiring it to be reduced to a set of well-defined risks before an action, project, innovation or experiment is allowed to proceed.

In information security a "risk" is defined as a function of three variables:
 * 1) the probability that there's a threat
 * 2) the probability that there are any vulnerabilities
 * 3) the potential impact.

If any of these variables approaches zero, the overall risk approaches zero.

The management of actuarial risk is called risk management.

Scientific background
Scenario analysis matured during Cold War confrontations between major powers, notably the USA and USSR, but was not widespread in insurance circles until the 1970s when major oil tanker disasters forced a more comprehensive foresight. The scientific approach to risk entered finance in the 1980s when financial derivatives proliferated. It did not reach most professions in general until the 1990s when the power of personal computing allowed for wide spread data collection and numbers crunching.

Governments are apparently only now learning to use sophisticated risk methods, most obviously to set standards for environmental regulation, e.g. "pathway analysis" as practiced by the US EPA.

Risk vs. Uncertainty
In his seminal work "Risk, Uncertainty, and Profit", Frank Knight (1921) established the distinction between risk and uncertainty. … Uncertainty must be taken in a sense radically distinct from the familiar notion of Risk, from which it has never been properly separated. … The essential fact is that "risk" means in some cases a quantity susceptible of measurement, while at other times it is something distinctly not of this character; and there are far-reaching and crucial differences in the bearings of the phenomena depending on which of the two is really present and operating. … It will appear that a measurable uncertainty, or "risk" proper, as we shall use the term, is so far different from an un-measurable one that it is not in effect an uncertainty at all.

Risk in business
Means of measuring and assessing risk vary widely across different professions--indeed, means of doing so may define different professions, e.g. a doctor manages medical risk, a civil engineer manages risk of structural failure, etc. A professional code of ethics is usually focused on risk assessment and mitigation (by the professional on behalf of client, public, society or life in general).
 * See also:


 * Insurance industry
 * Financial risk
 * Credit risk
 * Interest rate risk
 * Legal risk
 * Liquidity risk
 * Market risk
 * Reinvestment risk

Risk-sensitive industries
Some industries manage risk in a highly-quantified and numerate way. These include the nuclear power and aircraft industries, where the possible failure of a complex series of engineered systems could result in highly undesirable outcomes. The usual measure of risk for a class of events is then, where P is probability and C is consequence;

$$R = P (of the Event) \times C$$

The total risk is then the sum of the individual class-risks.

In the nuclear industry, 'consequence' is often measured in terms of off-site radiological release, and this is often banded into five or six decade-wide bands.
 * See also:


 * Operational risk
 * Safety engineering

The risks are evaluated using Fault Tree/Event Tree techniques (see safety engineering). Where these risks are low they are normally considered to be 'Broadly Acceptable'. A higher level of risk (typically up to 10 to 100 times what is considered broadly acceptable) has to be justified against the costs of reducing it further and the possible benefits that make it tolerable - these risks are described as 'Tolerable if ALARP'. Risks beyond this level are classified as 'Intolerable'.

The level of risk deemed 'Broadly Acceptable' has been considered by Regulatory bodies in various countries - an early attempt by UK government regulator & academic F. R. Farmer used the example of hill-walking and similar activities which have definable risks that people appear to find acceptable. This resulted in the so-called Farmer Curve, of acceptable probability of an event versus its consequence.

The technique as a whole is usually referred to as Probabilistic Risk Assessment (PRA), (or Probabilistic Safety Assessment, PSA). See WASH-1400 for an example of this approach.

Risk in finance
"The chance that an investment's actual return will be different than expected. This includes the possibility of losing some or all of the original investment. It is usually measured by calculating the standard deviation of the historical returns or average returns of a specific investment".

Risk in finance has no one definition, but some theorists, notably Ron Dembo, have defined quite general methods to assess risk as an expected after-the-fact level of regret. Such methods have been uniquely successful in limiting interest rate risk in financial markets. Financial markets are considered to be a proving ground for general methods of risk assessment.

However, these methods are also hard to understand. The mathematical difficulties interfere with other social goods such as disclosure, valuation and transparency.

In particular, it is often difficult to tell if such financial instruments are "hedging" (decreasing measurable risk by giving up certain windfall gains) or "gambling" (increasing measurable risk and exposing the investor to catastrophic loss in pursuit of very high windfalls that increase expected value).

As regret measures rarely reflect actual human risk-aversion, it is difficult to determine if the outcomes of such transactions will be satisfactory. Risk seeking describes an individual who has a positive second derivative of his/her utility function. Such an individual would willingly (actually pay a premium to) assume all risk in the economy and is hence not likely to exist.

In financial markets one may need to measure credit risk, information timing and source risk, probability model risk, and legal risk if there are regulatory or civil actions taken as a result of some "investor's regret".

"A fundamental idea in finance is the relationship between risk and return. The greater the amount of risk that an investor is willing to take on, the greater the potential return. The reason for this is that investors need to be compensated for taking on additional risk".

"For example, a U.S. Treasury bond is considered to be one of the safest investments and, when compared to a corporate bond, provides a lower rate of return. The reason for this is that a corporation is much more likely to go bankrupt than the U.S. government. Because the risk of investing in a corporate bond is higher, investors are offered a higher rate of return".

Regret
In decision theory, regret (and anticipation of regret) can play a significant part in decision-making, distinct from risk aversion (preferring the status quo in case one becomes worse off).

Framing
Framing is a fundamental problem with all forms of risk assessment. In particular, because of bounded rationality (our brains get overloaded, so we take mental shortcuts) the risk of extreme events is discounted because the probability is too low to evaluate intuitively. As an example, one of the leading causes of death is road accidents caused by drunk driving - partly because any given driver frames the problem by largely or totally ignoring the risk of a serious or fatal accident.

The above examples: body, threat, price of life, professional ethics and regret show that the risk adjustor or assessor often faces serious conflict of interest. The assessor also faces cognitive bias and cultural bias, and cannot always be trusted to avoid all moral hazards. This represents a risk in itself, which grows as the assessor is less like the client.

For instance, an extremely disturbing event that all participants wish not to happen again may be ignored in analysis despite the fact it has occurred and has a nonzero probability. Or, an event that everyone agrees is inevitable may be ruled out of analysis due to greed or an unwillingness to admit that it is believed to be inevitable. These human tendencies to error and wishful thinking often affect even the most rigorous applications of the scientific method and are a major concern of the philosophy of science. But all decision-making under uncertainty must consider cognitive bias, cultural bias, and notational bias: No group of people assessing risk is immune to "groupthink":  acceptance of obviously-wrong answers simply because it is socially painful to disagree.

One effective way to solve framing problems in risk assessment or measurement (although some argue that risk cannot be measured, only assessed) is to ensure that scenarios, as a strict rule, must include unpopular and perhaps unbelievable (to the group) high-impact low-probability "threat" and/or "vision" events. This permits participants in risk assessment to raise others' fears or personal ideals by way of completeness, without others concluding that they have done so for any reason other than satisfying this formal requirement.

For example, an intelligence analyst with a scenario for an attack by hijacking might have been able to insert mitigation for this threat into the U.S. budget. It would be admitted as a formal risk with a nominal low probability. This would permit coping with threats even though the threats were dismissed by the analyst's superiors. Even small investments in diligence on this matter might have disrupted or prevented the attack-- or at least "hedged" against the risk that an Administration might be mistaken.

Fear as intuitive risk assessment?
For the time being, we must rely on our own fear and hesitation to keep us out of the most profoundly unknown circumstances.

In "The Gift of Fear", Gavin de Becker argues that "True fear is a gift. It is a survival signal that sounds only in the presence of danger. Yet unwarranted fear has assumed a power over us that it holds over no other creature on Earth. It need not be this way."

Risk could be said to be the way we collectively measure and share this "true fear" - a fusion of rational doubt, irrational fear, and a set of unquantified biases from our own experience.

The field of behavioral finance focuses on human risk-aversion, asymmetric regret, and other ways that human financial behavior varies from what analysts call "rational". Risk in that case is the degree of uncertainty associated with a return on an asset.

A recognition of, and respect for, the irrational influences on human decision making, may go far in itself to reduce disasters due to naive risk assessments that pretend to rationality but in fact merely fuse many shared biases together.

Papers

 * Holton, Glyn A. (2004). Defining Risk, Financial Analysts Journal, 60 (6), 19–25. A paper exploring the foundations of risk. (PDF file)
 * Knight, F. H. (1921) Risk, Uncertainty and Profit, Chicago: Houghton Mifflin Company. (Cited at:, § I.I.26.)

Books
A good example for a risk-controlling, yet utopian civilisation was written by Ian M. Banks in his science fiction Culture novels. Historian David A. Moss's book When All Else Fails explains the U.S. government's historical role as risk manager of last resort. Peter L. Bernstien. Against the Gods ISBN 0-471-29563-9. Risk explained and its appreciation by man traced from earliest times through all the major figures of their ages in mathmatical circles.

Magazines

 * Actuarial News And Risk Management Resource : Home
 * Actuary .NET Actuarial News and Risk Management Info: Home
 * Risk and Insurance : Home