Article :

Risks, an Intro

An introduction into what is risk, uncertainty and a simple classification

Risks in general

What is risk?

Risk is the effect of uncertainty on objectives with the potential for either a negative outcome or a positive outcome or opportunity. Every risk has its own characteristics that require particular management or analysis.

Risks are often divided into four categories:

compliance (or mandatory) risks;
hazard (or pure) risks;
control (or uncertainty) risks;
opportunity (or speculative) risks.

Risk management

There is a range of reasons why organizations undertake risk management activities. In the book “Fundamentals of Risk Management” (Hopkin), these reasons are summarized as mandatory, assurance, decision-making and effective and efficient core processes (Madez).

In general terms, organizations will seek to minimize compliance risks, mitigate hazard risks, manage control risks and embrace opportunity risks. However, it is important to note that there is no ‘right’ or ‘wrong’ subdivision of risks but there is such a risk classification that will help an organization the most and best; each case being specific to each organization.

Risks classification or taxonomy

A great risks classification allows to visualize risk in a very effective and efficient manner and provides an holistic as well as a granular view of risks. Her is an overview of how we view and classify risks. You may form your own classification in a way that will best fit your organization”s needs and culture.

The MACRO risks

Macro risks are larger systemic risks involving trends that affect entire societies and industries. One good way to scan macro risks is to utilize the PESTLE analysis that stands for (P) Political, (E) Economic, (S) Social, (T) Technology, (L) Legal, (E) Environmental or Ecology + one more (E) for Ethical SO we have PEESTLE or PESTELE in its augmented way.

The MICRO risks

Micro risks are the risks that may affect a region, an industry or an organization when compared to a larger scale. it is useful to use a hierarchy of micro or organizational risks.

Existential and relevance risks

These are the risks that affects the very existence and relevance of an organization. A pandemic is one such case of existential risk. The failure to adapt to new market shifting trends can greatly affect the relevance and ultimately the existence of an organization. Research In Motion and its failure to adapt the Blackberry is a great example.

Other classifications

Strategic, Financial and Operation

This is a very popular classification. has done a very competent job at forming a template for such a classification.

Strategic, Financial and Operation, Information, Legal, Reputation, Governance and Disruption

This is an augmented version of the previous. We can see that a risk classification can be deep and wide.

Benefits of classification or taxonomy

As we mentioned, a great risks classification allows to visualize risk in a very holistic, granular, effective and efficient manner. It provides a more intimate and integrated view of the organization and how each of its parts (or silos) are subject to common and different risks.

When an organization creates its own classification, it must do it in a way that will best fit your organization”s needs and culture and in doing so it will allow it to adopt a common risk management language which empowers communication between divisions and departments.

A good risk taxonnomy will have positive impacts on:

  • Business processes
  • Financial management
  • Governance
  • Information management and technology
  • Knowledge management
  • Organizational transformation
  • Legal, compliance, privacy policy, policy development, information stewardship
  • Program design, project management 
  • People and resource management, values, ethics, stakeholders and partnership management
  • Etc.

Getting started

If your organization does not have a risk management program, starting off with a generic classification is probably the easiest way to get started, The generic classification can then be augmented as the scanning and study of your organization’s macro and micro risks, threaths and opportunity are revealed or evolve. You can find good resources and checklists on the internet.

To your success !


If you have questions or would like to initiate one of our solutions, do not hesitate de contact us so we can have a guiding conversation. We are here to help you.


Space intentionally left for the future.