This little blog stems from a question I read in a LinkedIn Group. The question was “Should risks be always stated in a negative manner?”
My view is that it doesn’t really matter as long as everyone involved accepts that risk is not only about the downside. As most modern definitions of risk refer either specifically (ISO 31000) or by inference to risk being about managing the uncertainty around our objectives, it follows that risk management is about achieving and hopefully exceeding our objectives – upside risk in some people’s terminology.
If any of your risk owners are unconvinced then try a slight change to the wording of the risk eg:
Risk V1: Failure to achieve a shareholder return of $XXX EBIT
Risk V2: Failure to achieve or exceed a shareholder return of $XXX EBIT