Minggu, 01 Mei 2016

Risk

Definition Risk

 Risk is the potential of gaining or losing something of value.[1] Values (such as physical healthsocial status, emotional well-being or financial wealth) can be gained or lost when taking risk resulting from a given action or inaction, foreseen or unforeseen. Risk can also be defined as the intentional interaction with uncertainty. Uncertainty is a potential, unpredictable, and uncontrollable outcome; risk is a consequence of action taken in spite of uncertainty.

Definitions

The Oxford English Dictionary cites the earliest use of the word in English (in the spelling of risque from its Arabic original "رزق" ) which mean working to gain income gain and profit (see Wikipedia Arabic meaning ) as of 1621, and the spelling as risk from 1655. It defines risk as:
  1. Risk is an uncertain event or condition that, if it occurs, has an effect on at least one [project] objective. (This definition, using project terminology, is easily made universal by removing references to projects).[5]
  2. The probability of something happening multiplied by the resulting cost or benefit if it does. (This concept is more properly known as the 'Expectation Value' or 'Risk Factor' and is used to compare levels of risk)
  3. The probability or threat of quantifiable damage, injury, liability, loss, or any other negative occurrence that is caused by external or internal vulnerabilities, and that may be avoided through preemptive action.
  4. Finance: The possibility that an actual return on an investment will be lower than the expected return.
  5. Insurance: A situation where the probability of a variable (such as burning down of a building) is known but when a mode of occurrence or the actual value of the occurrence (whether the fire will occur at a particular property) is not.A risk is not an uncertainty (where neither the probability nor the mode of occurrence is known), a peril (cause of loss), or a hazard (something that makes the occurrence of a peril more likely or more severe).
  6. Securities trading: The probability of a loss or drop in value. Trading risk is divided into two general categories: (1) Systematic risk affects all securities in the same class and is linked to the overall capital-market system and therefore cannot be eliminated by diversification. Also called market risk. (2) Non-systematic risk is any risk that isn't market-related. Also called non-market risk, extra-market risk or diversifiable risk.
  7. Workplace: Product of the consequence and probability of a hazardous event or phenomenon. For example, the risk of developing cancer is estimated as the incremental probability of developing cancer over a lifetime as a result of exposure to potential carcinogens (cancer-causing substances).

International Organization for Standardization

The ISO 31000 (2009) / ISO Guide 73:2002 definition of risk is the 'effect of uncertainty on objectives'. In this definition, uncertainties include events (which may or may not happen) and uncertainties caused by ambiguity or a lack of information. It also includes both negative and positive impacts on objectives. Many definitions of risk exist in common usage, however this definition was developed by an international committee representing over 30 countries and is based on the input of several thousand subject matter experts.

Economic risk


Economic risks can be manifested in lower incomes or higher expenditures than expected. The causes can be many, for instance, the hike in the price for raw materials, the lapsing of deadlines for construction of a new operating facility, disruptions in a production process, emergence of a serious competitor on the market, the loss of key personnel, the change of a political regime, or natural disasters.

Health

Risks in personal health may be reduced by primary prevention actions that decrease early causes of illness or by secondary prevention actions after a person has clearly measured clinical signs or symptoms recognized as risk factors. Tertiary prevention reduces the negative impact of an already established disease by restoring function and reducing disease-related complications. Ethical medical practice requires careful discussion of risk factors with individual patients to obtain informed consent for secondary and tertiary prevention efforts, whereas public health efforts in primary prevention require education of the entire population at risk. In each case, careful communication about risk factors, likely outcomes and certainty must distinguish between causal events that must be decreased and associated events that may be merely consequences rather than causes.

Information technology and information security


Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. Information security grew out of practices and procedures of computer security.
Information security has grown to information assurance (IA) i.e. is the practice of managing risks related to the use, processing, storage, and transmission of information or data and the systems and processes used for those purposes.

Insurance


Insurance risk is a risk treatment option which involves risk sharing. It can be considered as a form of contingent capital and is akin to purchasing an option in which the buyer pays a small premium to be protected from a potential large loss.
Insurance risk is often taken by insurance companies, who then bear a pool of risks including market risk, credit risk, operational risk, interest rate risk, mortality risk, longevity risks, etc.

High reliability organizations (HROs)


high reliability organization (HRO) is an organization that has succeeded in avoiding catastrophes in an environment where normal accidents can be expected due to risk factors and complexity. Most studies of HROs involve areas such as nuclear aircraft carriers, air traffic control, aerospace and nuclear power stations. Organizations such as these share in common the ability to consistently operate safely in complex, interconnected environments where a single failure in one component could lead to catastrophe. Essentially, they are organizations which appear to operate 'in spite' of an enormous range of risks.
The technique as a whole is usually referred to as probabilistic risk assessment (PRA) (or probabilistic safety assessment, PSA). See WASH-1400 for an example of this approach.

Finance


In finance, risk is the chance that the return achieved on an investment will be different from that expected, and also takes into account the size of the difference. This includes the possibility of losing some or all of the original investment. In a view advocated by Damodaran, risk includes not only "downside risk" but also "upside risk" (returns that exceed expectations)
Some people may be "risk seeking", i.e. their utility function's second derivative is positive. Such an individual willingly pays a premium to assume risk (e.g. buys a lottery ticket). Knowing one's risk appetite in conjunction with one's financial well-being are important.

Security

Security risk management involves protection of assets from harm caused by deliberate acts. A more detailed definition is: "A security risk is any event that could result in the compromise of organizational assets i.e. the unauthorized use, loss, damage, disclosure or modification of organizational assets for the profit, personal interest or political interests of individuals, groups or other entities constitutes a compromise of the asset, and includes the risk of harm to people. Compromise of organizational assets may adversely affect the enterprise, its business units and their clients. As such, consideration of security risk is a vital component of risk management."

Risk assessment and analysis


Since risk assessment and management is essential in security management, both are tightly related. Security assessment methodologies like CRAMM contain risk assessment modules as an important part of the first steps of the methodology. On the other hand, risk assessment methodologies like Mehari evolved to become security assessment methodologies. An ISO standard on risk management (Principles and guidelines on implementation) was published under code ISO 31000 on 13 November 2009.

Quantitative analysis[edit]

There are many formal methods used to "measure" risk.
Often the probability of a negative event is estimated by using the frequency of past similar events. Probabilities for rare failures may be difficult to estimate. This makes risk assessment difficult in hazardous industries, for example nuclear energy, where the frequency of failures is rare, while harmful consequences of failure are severe.
Statistical methods may also require the use of a cost function, which in turn may require the calculation of the cost of loss of a human life. This is a difficult problem. One approach is to ask what people are willing to pay to insure against death[35] or radiological release (e.g. GBq of radio-iodine),[citation needed] but as the answers depend very strongly on the circumstances it is not clear that this approach is effective.
Risk is often measured as the expected value of an undesirable outcome. This combines the probabilities of various possible events and some assessment of the corresponding harm into a single value. See also Expected utility. The simplest case is a binary possibility of Accident or No accident. The associated formula for calculating risk is then:
\text{R} = (\text{probability of the accident occurring}) \times (\text{expected loss in case of the accident})
For example, if performing activity X has a probability of 0.01 of suffering an accident of A, with a loss of 1000, then total risk is a loss of 10, the product of 0.01 and 1000.
Situations are sometimes more complex than the simple binary possibility case. In a situation with several possible accidents, total risk is the sum of the risks for each different accident, provided that the outcomes are comparable:
\text{R} = \sum_\text{For all accidents} (\text{probability of the accident occurring}) \times (\text{expected loss in case of the accident})
For example, if performing activity X has a probability of 0.01 of suffering an accident of A, with a loss of 1000, and a probability of 0.000001 of suffering an accident of type B, with a loss of 2,000,000, then total loss expectancy is 12, which is equal to a loss of 10 from an accident of type A and 2 from an accident of type B.
One of the first major uses of this concept was for the planning of the Delta Works in 1953, a flood protection program in the Netherlands, with the aid of the mathematician David van Dantzig.[36] The kind of risk analysis pioneered there has become common today in fields like nuclear power, aerospace and the chemical industry.
In statistical decision theory, the risk function is defined as the expected value of a given loss function as a function of the decision rule used to make decisions in the face of uncertainty.

Dread risk

It is common for people to dread some risks but not others: They tend to be very afraid of epidemic diseases, nuclear power plant failures, and plane accidents but are relatively unconcerned about some highly frequent and deadly events, such as traffic crashes, household accidents, and medical errors. One key distinction of dreadful risks seems to be their potential for catastrophic consequences, threatening to kill a large number of people within a short period of time. For example, immediately after the September 11 attacks, many Americans were afraid to fly and took their car instead, a decision that led to a significant increase in the number of fatal crashes in the time period following the 9/11 event compared with the same time period before the attacks.

Risk in auditing

The audit risk model expresses the risk of an auditor providing an inappropriate opinion of a commercial entity's financial statements. It can be analytically expressed as:
AR = IR x CR x DR
Where AR is audit risk, IR is inherent risk, CR is control risk and DR is detection risk.


Diposting oleh di

Tidak ada komentar:

Posting Komentar

Langganan: Posting Komentar (Atom)