Risk is a measure of the extent to which an entity is threatened by a potential circumstance or event. It is a function of the adverse impacts which occur when the given circumstance or event occurs, and the likelihood of its occurrence.[1]

Risks can be divided into two groups, namely:

  1. Non-systematic risk, namely the risk that can be eliminated or reduced through diversification or risk prevention and mitigation measures.
  2. Systematic risk, risks that cannot be eliminated or reduced through diversification, usually associated with markets or events that can systematically affect market position (Iban Sofyan, 2004).

In addition, Kasidy (2010) divides the types of risk into two, namely:

  1. Speculative risk: Speculative risk is a situation faced by companies that can provide benefits and can also provide losses. Speculative risk is sometimes known as a business risk. Someone who invests funds in a place facing two possibilities. The first possibility is that the investment is profitable or even the investment is detrimental. The risks faced like this are speculative risks.
  2. Pure risk: Pure risk is something that can only cause harm or nothing happens and may not be profitable. One example is a fire, if the company suffers a fire, the company will suffer losses. Another possibility is that there is no fire. Thus, fires only cause losses, not cause profits unless there is intent to burn with certain intentions. Pure risk is something that can only cause harm or nothing happens and may not be profitable. One way to avoid pure risk is insurance. Thus the amount of loss can be minimized. That's why pure risk is sometimes known as an insurable risk.

The main difference between speculative risk and pure risk is the possibility of profit or not, for speculative risk there is still the possibility of profit while for pure risk there is no possibility of profit. Actual events sometimes deviate from estimates. This means that there is a possibility of beneficial or adverse irregularities. If both possibilities exist, then the risk is speculative. On the contrary, the opposite of speculative risk is pure risk, that is, there is only the possibility of loss and no possibility of profit. The risk manager's main task is to handle pure risk and not deal with speculative risks unless speculative risks force him to face these pure risks. Determining the source of risk is important because it affects how to handle it. Risk sources can be classified as social risk, physical risk, and economic risk. Costs incurred due to risk or uncertainty can be divided as follows:

  • Costs of unexpected losses
  • Costs of uncertainty itself[2]

Process of Measuring Risks[3]
The process of measuring risks and assigning numerical values to them has also been evolving over the years. The earlier measures of risk were simplistic and rudimentary in nature. With the passage of time, quants have started getting increasingly involved in the field of risk management. Hence, some of the newer measures are complex and mathematically advanced and hence provide better results. Here's a closer look at some of the measures of risk which have been used throughout the years.

  • Range Analysis: One of the earliest methods used to measure risk is the simple range analysis. This means that the range of possible outcomes related to an asset is considered. The highest point and the lowest point of the range are noted down and subtracted. The end result is the width of the range. Investments with the least width i.e. the least deviation from expected value are considered to be the least risky. For instance, the expected return from a certificate of deposit can vary between 3% and 4%. However, when it comes to equity, the range could be 0% to 100%. Hence, the certificate of deposit is considered less risky as compared to equity assets.
  • Expected Value: As time passes, investors realized that the range, by itself, does not give a true picture of the riskiness of an asset. This is because theoretically, the range of equity assets is infinite. However, when it comes to reality, many equity stocks are very stable. There are stocks of blue-chip companies which have been providing stable returns for many years. Hence, the data of the recent past should be taken into account while considering the riskiness of an asset. Thus, started the practice of using recent data as a benchmark to predict the possible future value. The method was quite simple, the probability of different values in the range was found out by analyzing the past data. The value and the probability were then multiplied together to find the expected value. For instance, if there is a 60% chance that the stock will give a 10% return and there is a 40% chance that it will give a 20% return. The expected value is 0.6*10 + 0.4*20 = 6% +8% = 14%! In this case, the expected return is 14%. One of the ways to manage risk is to maximize the expected value based on past data.
  • Standard Deviation: With the passage of time, quants started getting involved in the field of risk management. Investment banks started hiring some of the brightest mathematical minds in the country in their attempt to bear the risk. This is when statistical methods such as standard deviation were introduced in the risk management literature. The calculation of standard deviation is based on the calculation of the mean. The standard deviation then studies the dispersion of values from a mean (average). This is the most widely used measure of risk in the world today. All major financial models use the concept of standard deviation. This is because this measure considered the probability of every possible outcome in the range along with the probability that has been assigned to it. The simple thumb rule is that a higher standard deviation denotes a higher dispersion from the mean. Hence, the riskiness is higher. Investors look for assets with a higher mean or average rate of return and lower dispersion.
  • Coefficient of Variation: The coefficient of variation is a slightly more advanced statistical measure when compared to standard deviation. The problem with standard deviation is that the measure is relative and not absolute. Hence, it starts giving misleading results. In order to make the standard deviation comparable, it is then divided by the mean value. The value derived after this calculation is called the coefficient of variation and is more advanced as compared to the standard deviation.
  • Alpha and Beta: Alpha and beta are measures of external risk. This means that they compare the variation in the value of an asset to an external benchmark. In the case of alpha, if the asset in question outperforms the benchmark, it is said to have a positive alpha. If it underperforms the external benchmark, then it is said to have a negative alpha. The case with beta is slightly different. Beta compares the volatility of the asset as compared to the benchmark. For instance, if the value of the benchmark rose by 50% whereas that of the asset rose by 80%, it is said to have a higher beta.
  • R-Squared: R-squared is a measure of the correlation between the asset and the underlying benchmark. An investment with an r-squared value of 80 is likely to mirror the movements of the benchmark index more accurately as compared to another investment that has a benchmark value of 60.
  • Sharpe Ratio: The Sharpe ratio is a complex indicator of the underlying risk. The first step in calculating the Sharpe ratio is that the risk-free rate of return needs to be subtracted from the total rate of return. The return leftover is then divided by the standard deviation. The Sharpe ratio helps the companies predict whether the excess return generated in a period was due to smart investing or was it due to the assumption of excessive risk, in which case, the returns could drastically vary in the forthcoming periods.

The bottom line is that there are several different indicators of risk. Different indicators are used by different indicators during different times. As an organization, the decision regarding which indicators need to be used in which case needs to be mentioned in the risk policy.

See Also

  1. Risk Management: The practice of identifying, assessing, and controlling risks to an organization's capital and earnings. It's the natural extension of the concept of risk, dealing with how risks are systematically handled.
  2. Risk Assessment: A critical part of the risk management process that involves identifying and evaluating risks. This is the step that directly follows the identification of a risk.
  3. Risk Mitigation: The process of reducing the impact of a risk. It's a strategy within risk management that directly deals with individual risks.
  4. Enterprise Risk Management (ERM): A comprehensive approach to risk management that involves the entire organization. It expands the concept of risk beyond isolated instances and looks at systemic and strategic risks.
  5. Operational Risk: A category of risk that involves the potential for loss resulting from inadequate or failed procedures, systems, or policies. It's one of the many types of risks an organization might face.
  6. Financial Risk: Another category of risk specifically related to financial loss, which can come from market factors, credit factors, etc.
  7. Risk Appetite: The amount of risk that an organization is willing to accept in pursuit of its objectives. It's a strategic consideration that frames how risks are approached.
  8. Risk Tolerance: The maximum level of risk an organization is willing to accept. It's a more concrete, often quantitative, measure compared to risk appetite.
  9. Risk Transfer: A risk mitigation strategy where the potential of an adverse outcome is transferred from one entity to another, e.g., insurance.
  10. Risk Retention: A risk mitigation strategy where the organization decides to bear the risk themselves.
  11. Compliance Risk: A type of risk associated with the possibility of legal penalties, financial forfeiture, or material loss an organization faces when they fail to act in accordance with industry laws and regulations.
  12. Strategic Risk: Risks that affect the long-term goals and objectives of the organization.


  1. Defining Risk [1]
  2. Risks can be divided into two groups [2]
  3. Commonly Used Measures of Risk [3]