Both good and bad things happen. Only managing the potential for failure, in my opinion, is a recipe for failure.
It is essential to consider all the things that might happen, both good and bad, if you are to achieve your objectives.
So how should we talk about the good stuff if we reserve the word ‘risk’ for the bad?
COSO and governance codes like King IV (South Africa) talk about ‘risk and opportunity’, where risk refers to the harmful effect of what might happen and opportunity is the positive side.
I have heard people talk about opportunity being the “other side of the coin” from risk.
ISO 31000:2018 refers to risk as ‘the effect of uncertainty on objectives’; the effect could be either positive or negative. (ISO does not provide a definition of uncertainty in this context. There are several dictionary definitions, few of which work in this context, but the one in Wikipedia is useful: “Uncertainty is a potential, unpredictable, and uncontrollable outcome.” That is consistent with my preference for talking about ‘what might happen’.)
We could use the ISO language, but is that useful when people generally see risk as bad?
If we can’t agree on what the terms risk and opportunity mean, how can we have a constructive conversation?
What does real life have to tell…