Despite the time I've spent reading, talking, and teaching risk and risk management (an oxymoron by the way!) I now realise I haven't written as much here on risk as I had thought. I looked back and found this, and my best article here. But there is so much more from the plethora of PowerPoints in my files and some new ideas in my head. I promise here to start getting this written down and published here over the upcoming time period.
I'm going to start not with an attempt to define "risk", but instead to define how I think it must be described. All risks should be articulated as the following sentence suggests.
Because of [the uncertain event], [an event or events] might happen, which could lead to [impact or result which could be positive or negative].
Risk is not simply an uncertain event. Risk is not a "bad thing". Uncertainty is not always bad. Risk is not an event. A risk is properly articulated with all three of these elements. One must insist when talking with others about risk that these three elements are used to articulate and explain the risk. Without this articulation, the risk is not understood and is not yet ready to be "fixed" (called "mitigation" by professions).
From an understanding of risk as articulated here, we can start to understand or at least brainstorm about those things which we can influence--or not, the kind of things that can happen, and the impact (positive or negative from our own perspective). Further, we start to understand which risks we are going to try to "manage".
There are just preliminary words about a concept that I now feel I understand more clearly. It's time to get it written down.