CHAPTER TWO THE NATURE OF RISK

INTRODUCTION
Risk is endemic, it exists in different contexts and understood in a variety of ways. We speak of children being at risk or the risk of fire in a building or a bridge collapsing. If the many understandings of risk are studied it can be argued that the term can be viewed as being on a continuum of meaning ranging from the engineers view that risk can be measured using probability to the view that risk is danger which is culturally determined (Holzheu, 1993)i. The common factors that unite the many views as to the nature of risk are the fear of something going wrong together with conditions of uncertainty. In other words the downside of life. If we are to be able to manage risk its nature as viewed from different perspectives needs to be understood. In this chapter it is intended to review the nature of risk.

TOWARDS AN UNDERSTANDING OF RISK

Risk may be considered from a number of different standpoints that can be argued to form a continuum ranging from a very narrow view to a much broader understanding of the nature of risk. At the narrow or quantitative end of the scale is the view held mainly by engineers. This approach takes the stance that risk is represented by the quantitative measure of the probability of an untoward event occurring. Risk is distinguished from a hazard, this being a situation that increases the probability of an accident or other untoward event occurring. As Engineers have developed responsibility for safety in technology this understanding of risk is often used in the context of safety and is viewed as the probability of failure. (Beck, 1992)ii Legislators, in accepting the engineering view of risk in health and safety, refer to risk in health and safety statutes such as the

Irish Safety, Health and Welfare at Work Act 1989 and the European directives relating to safety. In this paradigm the risk of an accident is assessed using a numerical approach whilst measures to reduce or prevent a loss occurring are aimed at hazards.

Economists tend to view risk differently. Again probability theory is used but it is applied to all possible outcomes arising out of a particular event. By multiplying the probability by the outcome an expected loss is produced. When all outcomes are multiplied by their respective probabilities a probability distribution is produced. Various means are used to measure the outcome of an event. The cost of the outcome in monetary terms may be used so that the expected loss will consist of the probability of all the outcomes times the costs that may arise. Utility is often used instead of cost to take into account factors other than money. Utility refers to the satisfaction obtained from an action or product, an example being the purchase of a good. Thus when applying utility theory to a problem economists calculate expected utility by multiplying the utility of the outcomes by the probability of its occurrence. The outcomes are seen as a function of the event so that in order to obtain the expected value of the event all the utilities or losses are ascertained and multiplied by their respective probabilities to obtain the expected value. Similarly decision theorists use a quantitative approach by using the idea of an expected loss or gain or by using regret models. In these cases risk and opportunity go together. Risk arises out of the uncertainty of the future which can be measured and compared to favourable outcomes. Dealing with risk means collecting as much information as possible so that a rational decision can be made on how to deal with the unknown eventuality.

Financiers also view risk from a different perspective. Although they consider risk to be

quantifiable they tend to use the statistical concept of variance to measure risk. The expected value from all possible outcomes from a particular situation is calculated, this being the mean, the risk arising out of this situation is then measured by calculating the average difference of each outcome from the mean, that is the variance. Risk is therefore the variability about the normal, it is the unexpected as compared to the average. Actuaries similarly consider risk from a quantitative perspective. They calculate expected losses or gains from uncertain situations such as deaths within a population or gains that may be made from investments. This profession deals with a risk from a mathematical base; all reference to risk is purely from a quantitative approach. The engineers, economists and financiers assume that there is a rational approach to risk. They assume that individuals can foresee all possible untoward events as well as their outcomes. The risk is the unwanted deviance from the expected norm measured in different ways.

At the other end of the scale is the idea that risk is a function of fairness considerations such as trust, liability distribution, and consent. Issues of probability are virtually excluded from this view (Rayner 1993)iii. Holzheu (1993)iv and Douglas (1994)v argue that risk is socially constructed. Each society decides what is to be feared and what, if any, action is to be taken. Risk is considered to be danger, something that can go wrong. Society decides what it is that is dangerous. An example of society deciding what to fear is the BSE crisis, which, despite arguments produced by the UK government that there was nothing to be feared from eating British beef based on scientific evidence, led to a fall off in international demand for this product. Societies decided that there was a problem with British beef and came to the conclusion that it was too risky to consume. The fact that scientific evidence was produced was not sufficient to change their views.

If it can be argued that risk is socially constructed it follows that risk will be understood in different ways by various societies. Hofstede (1980)vi supports this view by showing how organisations having different cultures react differently to uncertainty. The perceptions held by different cultures is often ignored when considering the management of risk. It must be borne in mind that each society, whether it be a business, profession or country, has a different culture, this means that organisational culture is just as important to take into account when considering risk as national culture. Societies decide what to fear and why (Dake & Wildavsky, 1990)vii therefore any attempt at managing risk must take this factor into account. Societies also set the level of risk that they are prepared to bear. This can work negatively if a government is concerned about accidents. If society maintains a particular level of risk which it considers acceptable an attempt to reduce a particular risk in one way may lead to members of society attempting to compensate for the reduction by increasing the risk in other ways. For example efforts may be made by the legislature to reduce the risk of employees being injured by machinery by insisting that guards be placed over all moving parts. This reduces the risk of injury. Employees will initially use the guards but thus reduces the risk involved to a point lower than that they are prepared to take. As a result there will be a desire to increase the risk and this may be done by, for example, workers not using the guards or working at a faster rate. Accidents cannot be reduced or prevented without dealing with risk acceptability. Wilde (1994) refers to this phenomena as risk homeostasisviii.

Beck is of the view that risk may be defined as a systematic way of dealing with hazards and insecurities induced and introduced by modernisation (Beck, 1992:21)ix. Knights & Vurdubakis (1993:730)x argue that risk has emerged as a conceptual vehicle for societal self-reflection, both at the global level of (late modern) society as a whole, and at the more local level of specific social

problems. Risk tends to be understood in different ways consequently the term cannot be understood in isolation from the background, sets of constitutive practices or from the political and cultural debates within which they are embedded.

What does this mean for the idea that risk can be managed? Firstly it must be accepted that risk is a concept viewed differently by different groups but despite this there is a commonality which can be assumed. Risk is seen as a result of the uncertainty of the future and of the possibility of something going wrong, but what that something is varies as does the intensity of the fear of that event from society to society. Organisations, especially those involved in business, would often see risk as the downside of opportunity. If an opportunity occurs there is a possibility of an event or events that could interfere with the fulfilment of the opportunity. Thus, in managing risk three questions need to be answered. What can go wrong? How likely is it to go wrong? How does the organisation see the world?

Often a distinction has been made between the scientific view of risk and the perceptions held by non-scientists. It is argued that the latter have a poor understanding of the nature of risk based on their assessment of dangers that could befall them. They perceive risk that is somehow different from the scientific understanding of risk. In fact there is no real difference, Scientists understand risk from their own perspective whilst non-scientists do the same. The difference lies in their understanding, experiences, backgrounds and beliefs. The idea of risk as viewed from the various standpoints can be distilled down to the idea that a risk is an unacceptable and unexpected outcome. What these are and how they are measured will vary based on a variety of factors. The individual will have varying experiences colouring their view of what is to be feared and this will

be enhanced by the social interaction that occurs in the activity where the risks occur. Also the wider society within the organisation, profession and nature will also affect how the individual defines what is acceptable. If risk management is to identify, evaluate and control risk they must be aware of the effect of various levels of social reality have on the understanding of risk and take this into account when setting about controlling risk.

RESPONSE TO RISK
Now we have considered the meaning of risk we should consider the factors that affect an organisation or individuals response to risk. According to Sitkin & Pablo (1992)xi there are three clusters of factors that are involved in forming a response to risk. These are the characteristics of the individual, the characteristics of the organisational context and the characteristics of the problem. Characteristics of the individual include risk propensity, risk preference and risk perception. Characteristics of the organisation include group composition; cultural risk values; leader risk orientation and control systems. The problem characteristics are problem familiarity and problem framing (Sitkin & Pablo, 1992:12; Sitkin & Weingart (1995)xii)

Individuals have different risk propensities. These range from risk averse, through risk neutral to risk seeking. Someone who is risk averse attempts to avoid risky situations whilst individuals who are risk seeking look for these experiences. They might enjoy bungy-jumping or parachuting. Risk propensity will differ depending on the circumstances, someone who enjoys taking risks whilst parachuting may not be prepared to take part in motor racing. Economists and decision theorists assume that individuals, in making decisions, are risk averse. That is they will take steps not to enter into risky situations. Despite this assumption there is evidence to indicate that an individual may be risk seeking in one set of circumstances and risk avoiding in another (Sitkin & Pablo,

1992)xiii. This leads to the conclusion that attitudes towards risk depend on the situation.

Risk perceptions involve people's beliefs, attitude judgements and feelings as well as the wider social or cultural values and dispositions that people adopt towards hazards and their benefits (Royal Society 1993: 89)xiv. How people see risk is affected by a number of factors, including past experience and the control an individual or organisation may have over the particular event. According to Holzheu (1993:240)xv there are two levels to be distinguished here: the concrete level of risk perception on the part of those affected, and the theoretical level, on which the risk perception is conceptually structured and analysed. Risk management will be involved in the theoretical level but will have to consider the view of those affected by the activity.

Individuals will be facing risk when dealing with a particular problem or activity. The problem will be defined by its familiarity to the doer and how that problem is framed. The activities surrounding the workplace are usually familiar to the employee and this can lead to an understanding of the risks involved as well as contempt for the dangers. When dealing with a problem it may be framed in different ways

THE MEANING OF RISK

This discussion leads to the necessity to consider what we mean by risk in this text. In everyday language risk does not have a precise meaning but has a negative connotation. Generally it refers to imminent loss, damage or injury. The level of risk is intuitively associated with the damage potential and the intensity of the threat (Holzheu, 1993;xvi Bondi, 1995xvii). Despite this reference is often made to the probability of an event occurring but in this case this generally refers to a subjective estimation of probability based on experience or other factors. It can be

argued that a common understanding of risk refers to something that can go wrong or some deviation from the planned. It is the downside of a plan or strategy formulated by an organisation or individual. Business organisations will often see risk as the converse of opportunity. If an action is taken there is both a risk that a loss will occur and a likelihood of achieving a satisfactory outcome. Consideration will have to be given to whether there is sufficient opportunity to outweigh the possible risks or downside. Each society, including organisations, will have different opinions based on a variety of factors on what will be the downside risk.

Although different groups may have alternative views on the intensity of a risk the measurement of risk is useful in order to be able to prioritise actions to reduce risk but these measures will only be successful if they are acceptable to the organisation. This means that in order to formulate a strategy the size of any risk which may arise will have to be measured. In order to implement any strategy consideration will have to be given to the culture of the organisation. Culture can be considered to be way things are done in an organisation, the acceptable manner in which things are carried out or its values and beliefs. If a strategy for risk is to be implemented it must conform to the culture of the organisation. This will mean that individuals within the organisation will have to agree on the risks which are being faced, the means of measurement and the way the risk is to be handled.

CLASSIFICATION OF RISK
In order to be able to identify risk a means of classification is necessary. In the risk management literature risk has been classified under a number of different headings. These classifications have generally been formulated in order to assist in deciding what action to be taken to manage risk, in particular whether a risk can be insured. The most common classification has been to distinguish

between pure and speculative risk. Pure risk is an event whose outcome does not lead to profit but only to loss. Examples of pure risk are fires, burglaries and natural disasters. Speculative risk involves both profit and loss and would include betting on the horses or entering into business transactions. This categorisation was formulated by insurance/risk managers to assist them in distinguishing between insurable and uninsurable risks. In their view only pure risks could be insured and therefore were the subject of risk management. (Vaughan & Vaughan:1995)xviii. A further classification is into static and dynamic risks. The latter are events which are related to the economic situation whilst the former are occurrences which could happen regardless of the economic situation such as storms or earthquakes. Neither of these classifications are of assistance when identifying risk and they lead to a narrow classification of risk if identification of all risks is to take place.

When it comes to measuring risk and deciding what is acceptable difficulties have arisen. For example safety officials have referred to acceptable risk and tolerable risk. The former is generally regarded by those who are exposed to the risk as not worth worrying about whilst the latter is a risk that society is prepared to live with in order to have certain benefits and in the confidence that the risk is being properly controlled (Glendon & McKenna, 1995)xix. What is acceptable risk has been a conundrum which engineers have been unable to solve. Attempts have been made to enumerate acceptable risk using probability. Unfortunately this has not been accepted by the society to which it has been applied who do not generally accept the figures submitted as a meaningful means of measuring risk. An example of this is the reaction of the British and European publics to the fear that BSE in cattle can be transferred to humans referred to above.

There are three general approaches to deciding what is acceptable risk. The first is professional judgement implemented by codes of practice or judgement out of skill. The second is a form of analysis using mathematics and the third is by means of revealed preferences and base acceptability based on behaviour. Again this is not useful in identifying risk although may be a guide when considering evaluating the danger which could be caused by the existence of the risk.

In order to identify risk we need some structure that can assist the analyst to work through the problem. To do this we must consider the types of risk that can occur. We have decided that risk involves the downside of life. If a family decides to venture to the beach for a picnic there is the risk of rain, which will spoil the familys enjoyment of the day, there is also the risk of a motor car accident. These risks affect the individual or group in their private activities. Similarly an organisation or individual operating within the business environment will also face risks. Products could fail to be sold on the market, or they could cause injury. Not only that but the price of raw materials purchased from abroad could increase in price because of an unfavourable change in exchange rates. Thus in addition to private risks there are business risks to be faced. This means that an organisation or individual can face both business risks in the business environment and personal risks in the private domain.

Thus the first classification is between business and personal risk. The former adversely affects an organisation or individual operating a business in achieving its objectives. These objectives are diverse, for example an organisation may exist to make profit or to maximise returns to the shareholder or just to survive. Often an organisations objectives will be unstated, despite this it is assumed that the organisation wishes to continue in some form.

There are a number of dangers that could affect the continued existence of the organisation. In order to analyse these risks they can be further classified into societal, technological, economic, environmental or political risk (STEEP). Societal risk involves the acceptance of the activities of an organisation by society. For example the pollution of local waterways by farmers and factories may be unacceptable to society and produce a reaction that could affect the operation of a business. Another example of an activity unacceptable to society is cloning of human beings or the consumption of genetically modified vegetables. Criminal activities can also be argued to be societal risks in that they are not acceptable to society as a whole and can lead to losses. Technological risk involves the possibility that a particular technology does not fulfil its function as happened in the case of thalidomide. Another aspect of technology risk would be the fear that a particular technology such as genetic modification could cause harm. This could also lead to losses. Economic risks involve the possibility of an economic down turn, inflation or unemployment. Environmental risks involve the possibility of earthquakes or storms causing severe damage whilst political risk is a change in legislation, trades sanctions or war.

These risks can be further sub-divided by considering the objects that may be affected by the operation of a danger. These can be listed as damage to property, personnel, financial or liability. Property risk involves damage to fixed or moveable property. This includes buildings, furniture or your personal jewellery. Personnel risk involves death or personal injury to individuals or a decrease in their health or welfare. This will also include an attack on their personal integrity such as libel or slander. Financial risk concerns monetary matters such as an unfavourable change in the price of shares on the stock market affecting the value of the company or the assets being held by

the organisation or a drop in profits. Liability risk follows on loss or damage to one of the aforementioned objects. If property owners perceive that their goods have been destroyed or damaged by the wrongful act of another person or as a result of a breach of the law the injured party may decide to pursue an action against the person causing the loss. Similarly in the case of an individuals personal integrity being breached a legal action may follow. Thus liability risk is the risk of being sued following an event that could cause damage to one of the other factors, i.e. property, personnel, or finances. If the loss arises from a breach of the law damages are payable by the tortfeasor. This classification of risk can be applied both to organisations and individuals and be used as a basis on which to consider risks faced by both. Thus consideration will be given to whether business or personal risk is being considered and then a STEEP analysis carried out on property, personnel and finances to see whether they will be affected and the consideration given to liability risk. CONCLUSION The above discussion shows that risk can be viewed from a variety of different perspectives. In managing risk this will have to be taken into account. In the past the management of risk has generally been divided between various specialists such as health and safety, financial risk management and business risk but if risk is to be managed efficiently all classifications of risk should be considered.

Risk can be accepted as measurable in certain circumstances but it must be borne in mind that societies decide what is dangerous and what is acceptable. The analysis and acceptability of a risk cannot be imposed on an organisation or society without involving those members who are directly involved with the risk. In this context risk is socially constructed. Throughout this work it is

intended to bear in mind that there are many types of which need to be considered by both the individual and the organisation. In this work it is intended to concentrate on the corporate risk. There are risks to be faced but throughout the process of managing risk the fact that the organisation and the wider society will decide what to fear will have to be borne in mind. In particular consideration will have to be given to the culture of the organisation if it is intended to try to reduce losses arising out of unforeseen events.

Now that the nature of risk has been discussed it is intended to consider the discipline of risk management on the basis that risk is the likelihood of the occurrence of an event which could adversely affect the attainment of the objectives of an organisation. These risks may be viewed differently by members of the organisations and this will have to be taken into account during the risk management process. The culture of an organisation is an important consideration in managing risk, as this will govern a firms attitudes towards risk. Consequently the approach to the identification and measurement of risk must take into account societies views.

i Holzheu, F. 1993. Institutionalized risk perception: an economic perspective. In: Risk is a construct, ed. by Bayerische Ruck. Munich: Knesebeck GmbH, pp 240 - 267 ii Beck, U. 1992. Risk Society. London: Sage Publications iii Rayner, S. 1993. Risk perception, technology acceptance, and institutional culture: case studies of some new definitions. In:Risk is a construct. Edited by Bayerische Ruck. Munich: Knesebeck GmbH & Co iv Holzheu, F. 1993. Institutionalized risk perception: an economic perspective. In: Risk is a construct, ed. by Bayerische Ruck. Munich: Knesebeck GmbH, pp 240 - 267 v Douglas, M. 1994. Risk and blame. London; Routledge vi Hofstede, G. 1980. Cultures consequences. London: Sage Publications vii Dake, K. & Wildavsky, A. 1991. Individual differences in risk perception and risk-taking preferences. In: The analysis, communication and perception of risk. Edited by Garrick. B.J. and Gekler, W.C.. New York: Plenum Press. viii Wilde, G.J.S. 1994. Target risk. Toronto: PDE Publications Ltd. ix Ibid. x Knights, D. & Vurdubakis, T. 1993. Calculations of risk: towards an understanding of insurance as a moral and political technology. Accounting organizations and society. Vol.18, No. 7/8, pp. 729-764 xi Sitkin, S.B. and Pablo, A.L. 1992. Reconceptualizing the determinants of risk behaviour. Academy of Management review, Vol.17, no.1, pp. 9-38 xii Sitkin, S.B. and Weingart, L.R. 1995. Determinants of risky decision-making behaviour: a test of the mediating role of risk perception and propensity. Academy of Management Journal, vol.38, no.6, pp. 1573-1592 xiii Ibid xiv Royal Society Report on risk and safety. 1993: London xv Ibid

xvi Ibid xvii Bondi, H. 1985. Risk in perspective. In: Risk man-made hazards to man. Edited by Cooper, M.G. Oxford: Clarendon Press xviii Vaughan and Vaughan. 1995. Risk management and insurance. New York: Wiley xix Glendon, A.I., & McKenna, E.F. 1995. Human safety and risk management. London: Chapman & Hall