Defining risk and risk management

Elroy Dimson provides a good definition of risk, “Risk means more things can happen than will happen.” It is the more articulate version of the phase, “S--- happens.” Risk is the certainty that we will not be able to anticipate all that may occur or what will occur. In spite of our best efforts, we cannot foresee what may happen. The best we can do is protect ourselves from the extremes which are not expected.

Peter L Bernstein, in an article for a CFA publication titled, “Risk: The hottest four letter word in financial markets” provides a good way of thinking about risk management.

To me, risk management is not about measurement at all. It is about how we make decisions and only incidentally about the math we use in making those decisions. If we stare at just the models and equations, we lose sight of the mystery of life—we lose sight of the unknown. There would be no such thing as risk if everything were known. If only a finite number of things could happen, risk would not exist. Even the most brilliant mathematical genius will never be able to tell us what the future holds. What matters in thinking about risk is the quality of the decisions we make in the face of uncertainty.
http://www.cfapubs.org/doi/pdf/10.2469/op.v2006.n1.4387

The most salient point from Bernstein is in italics. The quality of decision-making is what determines the quality of risk management. There has been too great a focus on the measurement of risk and not the process of how to deal with risk. If Dimson is right with his definition of risk, the measurement problem will not be able to be solved. There will always be things happening which we cannot measure. Our focus has to be on how we deal with the unanticipated. The process of our decision-making is the true value proposition with risk management, yet there has been less focus on this critical issue.