What is the difference between a challenge and a risk?

Question asked by Anonymous

AFERM Experts Say...

The main difference is that a risk is an event that could possibly occur in the future, while a challenge (often referred to as an issue) is an event that has already occurred.  Thinking about this question as the Office of Management and Budget (OMB) defines risk (uncertainty), there is really no distinction other than the level of confidence you have in assessing the event likelihood (see likelihood scale examples on page 97 in the Playbook) and events that fall under either term can be present on the Enterprise Risk Management (ERM) risk register.  There is a higher level of confidence in assigning a very high likelihood if the event has already occurred than for events with some level of probability of occurring in the future.  It is often easier to assess and evaluate challenges because you can identify the actual causal chains that led to the event which facilitates identifying root cause(s).  Similarly, with events that have already occurred, it is much easier to identify the actual impact on the organization rather than having to predict what the impact might be.

This entry was posted in . Bookmark the permalink.

Comments (1)

Author’s gravatar

Challenges, or issues as you say are equivalent often occur because risks had not been adequately evaluated such that the organization would have intelligently invested in controls before the issue occurred. There can be a significant leverage to investing in controls for risks, some of which have never occurred so that the adages an ounce of prevention is worth a pound of cure or a stitch in time saves nine become true.


Leave a Reply

Your email address will not be published. Required fields are marked *

© Copyright 2014-2021 AFERM. All Rights Reserved.
Association for Federal Enterprise Risk Management
1050 Connecticut Ave NW, PO Box 66281 | Washington, DC 20035-6281
Contact Us | Privacy Notice
Request Organization Information
DUNS: 045074054 | CAGE Code: 7PL42
Association for Federal Enterprise Risk Management is a registered 501(c)(3) non-profit organization. Contributions to AFERM are tax deductible to the extent permitted by law. Membership dues and event registration fees are not considered contributions.