Risk Management: Types Of Risk And Risk Levels

  • Words 2768
  • Pages 6
Download PDF


We face uncertainty, almost every day and its measure is a risk. In this article, I will talk about how we can identify the risk we are facing, evaluate it and plan accordingly. These skills are important especially for people facing hard decisions with great consequences if chosen poorly, so it is crucial to be able to see which risks are acceptable and which countermeasures to take to deal with them.


We make decisions every day of our lives and each decision has its own risk associated with it. Risk is unavoidable so we need to learn how to manage it to potentially lower it or remove it from some situations. As risk is an everyday occurrence many scientific disciplines like statistics, mathematics, finances study it and try to find solutions on how to minimize its effects.

Click to get a unique essay

Our writers can write you a new plagiarism-free essay on any topic

As humans for generations and generations have expanded our knowledge of the world and we have advanced and keep on advancing our technology to new and new heights. With the hep of a lot of discoveries and the passage of time and the experience brought about with it we have minimized or exterminated some forms of risk. Today medicine has eradicated some diseases and with it eliminate the risk of a person dying from that, or for example with our experience and new technologies we are creating safer and faster cars, thus minimizing the risk of dying in a car accident.

Pierre Simon de Laplace in 1972 is the person who developed a prototype for the contemporary quantitative method of risk analysis. He made his prototype by using probability of survival to people who had received smallpox vaccinations and people who hadn’t received them[1].

With the development of capitalism and more and more people engaged in activities involved in the investment of money, the ability to manage risk efficiently has become a sought-after trait of good managers. As managers face themselves with decisions which could cost money if chosen poorly, they seek to upgrade their intuition and their skill and risk management so they can excel at their jobs.

Risk management is not only important in corporate situations it is also of imperative value in leading a country, where we can face a lot harder risks because the consequences are way more drastic here. A country risk usually refers to political, legal, societal, environmental, infrastructural and the risk from natural hazards. Each one of them has a different solution and a different approach to them and all of them are important to a country’s well-being, but usually almost every country would agree that for the calculation of the risk they use the most common method which is explained later on in this paper.

Types of risk

As risk is encountered in every part of our lives, we can classify it into several types for better understanding of what types of risk we can encounter. The types of risk are the following[2]:

  • Objective risk is defined as the relative deviation of the actual loss from the expected one. In insurance practice, objective risk is the acceptable error margin between the assumed results and the actual results.
  • Subjective risk is the individual assessment of the possibility of something happening. This risk is immeasurable as it varies from person to person, their mood, psychological or physiological condition, so we take this risk as one who is unreliable.
  • Systematic risk is defined as the risk which affects a whole group of people and this risk cannot be controlled as its factors are from an outside source. An example for this kind of risk is how the economic situation of a region influences a certain company.
  • Specific risk relies on the individual decisions of the customers and can be controlled easily.
  • Financial risk causes losses which can be expressed in financial terms
  • Non-financial risk causes losses which can’t be expressed in financial terms
  • Static risk happens without being affected by the economic or technological progress or by the passing of time.
  • Dynamic risk happens because of economic or technological changes, more precisely the changes in prices, fashion, inflation, innovations, etc.
  • Natural risk is created by the nature and it is referred to the elementary hazards like earthquakes, floods, storms etc.
  • Social risk is created by an individual or society like camping outside and the camp fire spreading to a forest needed to a forestry company.
  • Personal risk is the risk which involves the loss of life, health, social standing etc.
  • Property risk is the risk related to stealing or loosing some property of yours
  • Speculative risk is the risk when we plan some new service for a business and depending on how its being done can lead to loss, profit or neither loss nor profit.
  • Pure risk is when an event plays out and it leads to some kind of loss and if the event doesn’t play out it doesn’t give any profit.
  • Fundamental risk is a risk, which consequences affect the whole society
  • Particular risk is of personal risk and the materialization of the risk are the results of the actions from the individual and can have impact on the individual’s behavior
  • Probabilistic risk is divided into to 2 parts one calculated by mathematical methods and one by statistical methods.
  • Estimation risk happens when an individual estimate something and the possibility of its error is the risk.

We use these classifications of risk as to better understand each and every one of them. Some are more often than others, but they all play a role in our lives. Each risk has its own characteristics and some need a different method to lower their impact. This helps people to easier explain the kind of risks they are facing and to focus their efforts on the type they are facing.

Risk Management

The definition which we will use for risk management is as follows: the making of decisions that ensures the highest level of security and the limitation of the influence that outside factors have on the outcome can be classified as risk management. With risk management, we are aiming to eliminate or limit the causes or effects associated with the risk.[1]

We can identify two phases of risk management:

Risk identification is the recognition of the risks that can appear and their characteristics. This requires knowledge from lots of spheres of our lives but mostly it requires experience. A common trap for inexperienced people identifying risks is to focus all of the attention on the large and obvious risks and neglect the minor ones which can have huge consequences. Several techniques for identifying risks are the following:

  • Brain-storming
  • Questionnaires
  • Looking at every process of the business and identifying the possible risks
  • Evaluating the risk posed by outside factors
  • Looking in the history of similar businesses and what challenges they faced
  • Ask yourself the “what if” question, imaging bad scenarios for the business.[1][4][5]

Risk estimation is used to determine the level of the risk which we are tackling. The measurement can be both qualitative and quantitative firstly we are going to focus on the quantitative measurement. When we want to calculate the risk the main thing that we would like to know is “what is the probability of this occurring” and the second thing we are interested in is how much would it cost us if the risk should occur. Using these 2 variables we can create the risk exposure formula which is the following:

Risk Exposure RE=Probability of risk occuring*Total loss if risk occurs. The above-mentioned formula is used for the quantitative measurement, if we do not know the exact probability of something happening, we will use a qualitative measurement. The simplest way to achieve this is with using terms such as “very low”, “low”, “medium”, “high” and “very high” and then allocating a set of numbers to them.

When the risks have been identified we would like to know about how to reduce those risks, that’s where the Risk reduction leverage formula helps us.

Risk reduction leverage of a countermeasure RRL=Reduction in risk exposure. Cost of countermeasureRisk reduction leverage calculates a value for the return on investment for a countermeasure and can thus be used to prioritize possible countermeasures.[5]

Risk evaluation is the comparison of the estimated risk values using the criteria created by the organization. In simpler terms in means the data we got from the risk estimation is categorized and used to see which risks are acceptable and which aren’t.[1]

Planning is when we are seeing which risks are the acceptable ones and which we will take, and determine a skeleton of a strategy on how to approach them and limit or eliminate their impact on the business.

Controlling’s definition would be going through the strategy which we created in the planning part step by step down to the simplest detail and seeing if we have missed out on something. This is also known as risk verification, which also include the monitoring of the indicators od acceptable risk levels and maintaining them.[1]

Monitoring is a continuous process of seeing if the correct control mechanism and strategies are in place to contain the risk, and whether they are being observed as they should be.

Risk Levels

We cannot put a price on uncertainty, but we can put a price on risk. Every organization in terms of risk can be divided into two parts:

Risk-tolerant organizations accept the benefits of having higher risk so they can achieve greater goals (usually bigger profit).

Risk-averse organizations avoid taking big risks and usually they play on the safer side. They will work with greater stability but the potential gains are smaller since they avoid risks. Usually organizations like this are those in which if the unfavourable situation comes up they will face law-suits, health hazards or even death.

From the above-mentioned formula we take the variables and combine them and we get the 4 basic categories of risk levels. As we can see from the figure the risk levels depend on the magnitude of loss and on the probability of occurrence.

Risk acceptance is often the best course of action for organizations that face risks with low probability of occurrence and low magnitude of loss. Even if the risk materializes its consequences aren’t that great and the gains outweigh the potential losses.

Risk transfer is when an organization faces a risk with a high probability of occurrence and a high magnitude of loss. Organizations in this case usually decide to avoid the risk completely and transfer it on a third party as the consequences of the risk would be far too great for the organization.

Risk mitigation is used when organizations face any risk whose effects can be neutralized or downgraded so they identify the risk and use preventive measures to mitigate its effects. This usually means having safety procedures, ensuring quality, customer support, good management etc[3].

Case study

In this part of my paper I will show you practical examples on how we can use the formulas which were explained in this paper in real life scenarios.

This particular example is for an IT company offering interactive solutions and on the following table you will see some of the risks he is facing with, and how those risks are calculated using the formula. (Note: Any of the numbers given in the below table are fictional and are representative of the real costs)

Risk Probability of occurring Total Loss if it occurs Risk Exposure

Malfunction of the hardware 0.50% $65,000.00 $325.00

Sanctions from the government 7.50% $50,000.00 $3,750.00

Worker Strike 5.00% $10,000.00 $500.00

Hacker Attack 15.00% $7,000.00 $1,050.00

Appearance of a critical bug in the software 12.50% $21,500.00 $2,687.50

Green – the risk exposure is low, so these kinds of risks aren’t the major ones

Yellow – these kinds of risk aren’t a major threat necessarily but can pose a formidable challenge for the organization if they occur

Red – these risks are an immediate threat to the organization and need its immediate attention for them to be eliminated or lower their risk exposure as their value could have devastating impact on the organization.

Risk Probability of occurring Total Loss if it occurs Risk Exposure

Malfunction of the hardware 0.50% $65,000.00 325.00

Countermeasure Total cost New risk probability New total loss New RE RRL

Improving quality of hardware $20,000.00 0.10% $62,500.00 62.50 0.0131

Getting better maintenance $7,250.00 0.35% $54,250.00 189.88 0.0186

New more skilled workers $5,250.00 0.25% $42,500.00 106.25 0.0417

Green – Most optimal countermeasure for this risk

The higher the RRL the more cost-effective the counter measure is, which usually makes it the most optimal counter measure.

For this precise case the RRL for the Improving quality of work countermeasure had been found out this way: RRL= 325-62.5020000=0.0131Risk Probability of occurring Total Loss if it occurs Risk Exposure

Sanctions from the government 7.50% $50,000.00 3,750.00

Countermeasure Total cost New risk probability New total loss New RE RRL

Better working conditions $25,000.00 4.00% $25,725.00 1,029.00 0.1088

Become more Socially Responsive $42,500.00 2.15% $12,500.00 268.75 0.0819

Assure that everything is legal $4,500.00 3.25% $42,500.00 1,381.25 0.5264

Risk Probability of occurring Total Loss if it occurs Risk Exposure

Worker Strike 5.00% $10,000.00 500.00

Countermeasure Total cost New risk probability New total loss New RE RRL

Better working conditions $25,000.00 1.50% $7,250.00 108.75 0.0156

Higher wages $12,500.00 2.75% $8,150.00 224.13 0.0221

Better Management $15,000.00 4.25% $7,750.00 329.38 0.0113

Risk Probability of occurring Total Loss if it occurs Risk Exposure

Hacker attack 15.00% $7,000.00 1,050.00

Countermeasure Total cost New risk probability New total loss New RE RRL

New Hardware $8,250.00 11.00% $6,750.00 742.50 0.0372

Better online security $650.00 6.25% $3,750.00 234.38 1.2548

Regular software updates $1,250.00 8.75% $3,125.00 273.44 0.6212

Risk Probability of occurring Total Loss if it occurs Risk Exposure Appearance of a critical bug in the software 12.50% $21,500.00 2,687.50 Countermeasure Total cost New risk probability New total loss New RE RRL

Debugging team $5,750.00 8.50% $14,500.00 1,232.50 0.2530

Double-checking code $7,900.00 10.35% $18,500.00 1,914.75 0.0978

Working only with quality software $3,250.00 11.50% $19,750.00 2,271.25 0.1280

From the countermeasure tables, we can see that every risk’s probability of loss can be lowered if the proper countermeasures are in place. The way we choose a countermeasure is through examining these tables in detail and seeing how much the countermeasure costs and if its effects are good enough for us. The easiest way to see this is through the RRL, the higher it is the better. The high RRL means that it is more cost-effective than a countermeasure with a low RRL.


From all of this, we can learn the usefulness of Risk management, especially in the business sector. It is especially important for a good manager to have good risk management skills because he bears the consequences of his decisions and they can be drastic in some cases. The basics for risk management can be easily learned through this article, but to become an expert in it the most important factor is experience.

Risk cannot be always eliminated, but its effects can be mitigated. We should always strive towards the elimination of risk, but as that is not always possible our efforts should be concentrated on limiting its effects to the best of our abilities. The way to do this is through using cost-effective countermeasures which will lower the loss and probability chance of the risk. The main thing to learn from this is that we should always try and find effective countermeasures because that is the only thing to do when facing the risk, except not taking the risk entirely, which is not always the best course of action.

This method of assessing and managing risk is easy to learn and quite effective for most situations, so every aspiring Manager should spend at least a bit of time learning it. Of course, for complex projects with more complex risks, you would combine this with other statistical methods not necessarily associated with the risk to get a more accurate representation of the facts and the situations that the manager is in.


  1. Ostrowska, M. Mazur, S. 2014 ‘Diversified Risk Management’, Science Direct. Available at: https://ac.els-cdn.com/S2212567115003706/1-s2.0-S2212567115003706-main.pdf?_tid=67127a2f-6879-4ac0-9f8a-056d1ec8bc44&acdnat=1543158535_c19fe617001a25a06fcc98c4d7cb4c67
  2. Ostrowska, M. Mazur, S. 2014 ‘Risk in a Crisis Situation’, Science Direct. Available at: https://ac.els-cdn.com/S2212567115003731/1-s2.0-S2212567115003731-main.pdf?_tid=86c1260d-ef9d-4605-aeb0-9b87e8d6eab4&acdnat=1543159058_c0786695e16287548d0e7f31aea5d5f6
  3. Peter J. Sherman. 2014. Calculated Risk. [ONLINE] Available at: http://asq.org/quality-progress/2014/02/back-to-basics/calculated-risk.html?fbclid=IwAR2U7b2vAInLmA-BEwkxCPqXrtqLZRPB-V6PdWawYdLqnUV2urUdByih0RM. [Accessed 7 December 2018].
  4. Syque. 2004. Calculated Risk. [ONLINE] Available at: http://www.syque.com/quality_tools/tools/TOOLS11.htm. [Accessed 7 December 2018].
  5. Small Business. Risk Management. [ONLINE] Available at: https://www.smallbusiness.wa.gov.au/business-advice/insurance-and-risk-management/risk-management?fbclid=IwAR05W2egCP7iw8QRNb3RfIa9Na1ZX0PO4M5b7J6jqwqkd5vwMWKwHtPJ0uY. [Accessed 7 December 2018].
  6. Mind Tools. Risk Analysis and Risk Management. [ONLINE] Available at: https://www.mindtools.com/pages/article/newTMC_07.htm?fbclid=IwAR1Jg4XuTLO0GGKh4aRugOiWmv70TNO7HwSb9TTMAaCLgXYW_xevSEPvdIk. [Accessed 7 December 2018].
  7. National Research Council. 2005. The Owner’s Role in Project Risk Management. Washington, DC: The National Academies Press. https://doi.org/10.17226/11183.
  8. Info Entrepreneurs. 2009. Manage Risk. [ONLINE] Available at: https://www.infoentrepreneurs.org/en/guides/manage-risk/?fbclid=IwAR0z2dk5BzaSRYKaKzgYuJj6DvcXMWfLI1GoQnkIN5OQD20Ymek8bNwpU5M. [Accessed 7 December 2018].
  9. Investopedia. 2018. Risk Management. [ONLINE] Available at: https://www.investopedia.com/terms/r/riskmanagement.asp. [Accessed 7 December 2018].
  10. Risk management (n.d.). In Wikipedia. Retrieved December 7, 2018, from https://en.wikipedia.org/wiki/Risk_management?fbclid=IwAR0L6EgfpjPOPkYCebi3sBJTo3ckG-dSpVQDo75KST6hkKgCY6MMe5CcmwU
  11. Institute of risk management. About Risk Management. [ONLINE] Available at: https://www.theirm.org/the-risk-profession/risk-management.aspx?fbclid=IwAR1SQ7ursqSE_gAVMjE3HpCOMbYh89swM912JLN8QMp78y803k0aMYVtaF0. [Accessed 7 December 2018].
  12. Tim Parker. 2018. Calculating Risk and Reward. [ONLINE] Available at: https://www.investopedia.com/articles/stocks/11/calculating-risk-reward.asp. [Accessed 7 December 2018].
  13. Risk Assessment (n.d.). In Wikipedia Retrieved December 7, 2018, fromhttps://en.wikipedia.org/wiki/Risk_assessment
  14. Zenwealth. Portfolio Risk and Return. [ONLINE] Available at: http://www.zenwealth.com/BusinessFinanceOnline/RR/Portfolios.html. [Accessed 7 December 2018].
  15. Treasury Today. 2014. How to manage country risk effectively. [ONLINE] Available at: http://treasurytoday.com/2014/03/how-to-manage-country-risk-effectively-ttti. [Accessed 7 December 2018].


We use cookies to give you the best experience possible. By continuing we’ll assume you board with our cookie policy.