What is the difference between a challenge and a risk?
Question asked by Anonymous
AFERM Experts Say...
The main difference is that a risk is an event that could possibly occur in the future, while a challenge (often referred to as an issue) is an event that has already occurred. Thinking about this question as the Office of Management and Budget (OMB) defines risk (uncertainty), there is really no distinction other than the level of confidence you have in assessing the event likelihood (see likelihood scale examples on page 97 in the Playbook) and events that fall under either term can be present on the Enterprise Risk Management (ERM) risk register. There is a higher level of confidence in assigning a very high likelihood if the event has already occurred than for events with some level of probability of occurring in the future. It is often easier to assess and evaluate challenges because you can identify the actual causal chains that led to the event which facilitates identifying root cause(s). Similarly, with events that have already occurred, it is much easier to identify the actual impact on the organization rather than having to predict what the impact might be.