Risk Event

From Open Risk Manual

Definition

Risk Event denotes the concrete realization (manifestation) of an abstract Risk. It offers ex-post (materialized) evidence for what was earlier only a potentiality (Event Risk).

  • Depending on the nature (for example severity) of the risk event, alternative terms used might be Incident or Disaster.
  • While in principle all risk realizations are "events", the term is informally used to denote realizations that manifest within a narrow interval of time (where narrowness is defined with respect e.g. to the Risk Horizon

General Attributes

To characterise a risk event formally one needs:

  • A unique Risk Event Identity (comprising of adequate information to isolate the specific event among a broader collection)
  • The Legal Entity (or entities) involved in the event. The identification could be e.g. through the Legal Entity Identifier or some other mechanism that uniquely associates an individual or an organization with the risk events. Further information about the entity (not specific to the risk event) may be referenced via this identification. For events of broader scope (e.g. a financial crisis) it may not be practical to collect all relevant identities in which case the description of a risk event would be necessarily based on Aggregated Data
  • The time of Occurrence or the temporal interval(s) of occurence for composite events that extend over periods of time.
  • A qualitative description of the event (human readable text that is meaningful in a particular Risk Management context), including possible an Event Timeline. The required detail of that description is open-ended and depends on the use case and context.
  • A quantitative description of the impact (Loss, Severity), typically - but not necessarily - expressed in monetary terms (Economic Loss). The detail required is again open-ended.
  • An optional categorization by Risk Type, possibly in the context of a Risk Taxonomy that aims to provide tags / categories for all possible events within a context. A categorization according to legally defined classes might be mandatory if the event is covered by insurance or is referenced in derivative contracts (See Credit Event)

Specific Attributes

Any specific category of risk events may require specialized additional attibutes and an underlying conceptual model for a meaningful description of the event. As an example the description of a Cyber Incident requires the introduction and documentation of a Threat Actor as an essential aspect.

Implementation

Storing risk event data is an example of Risk Data and follows implicit or explicit Risk Data Standards. | Open Risk Data implementations are available within the Open Risk Manual

Examples

See Also

Issues and Challenges

  • Poor identification of the entities involved, e.g., missing key actors
  • Poor categorization of the event type due to complexity
  • Poor description of the event