Long and Short Term Risks

There are several, often conflicting definitions of risk. We subscribe to the classic definition of risk as the expected loss: 1) in its mathematical definition as the mean value of a probability distribution of losses; 2) in the significance of it representing the long term loss (as determined by the central limit theorem and law of large numbers; and 3) in it being the most common understanding of risk as the possibility of losing something of value.  

Ignoring multi-level events with probability distributions for likelihood and impact for now, we can compute the risk of an event by multiplying the likelihood of the event and its impact. There are a variety of measurement methods for estimating both likelihood and impact of an event in a scientific way. In addition, Monte Carlo simulations, can be used to correct for inflated estimates of risk due to non-linearities when there are either multiple non independent sources or multiple events have consequences to one or more objectives. The resultant simulated risks are long term estimates since the law of large numbers assures that the actual risk will be arbitrarily close to the expected risk in the long term.

When optimally allocating resources to reduce risks commensurate with risk tolerance management must consider not only long term risks, but what could happen in the short term since random fluctuations about the expected value could include a catastrophic loss such that the organization does not survive for the long term. Short term risks can be ascertained from the same Monte Carlo simulations used to address non-linearities in computing long term risks. These simulations produce loss exceedance curves depicting the likelihood of losses exceeding specific percent loss values as shown below:

or ….