Risk Management

I recently received a request from ASCE for my support in developing the ASCE CEC Early Career cross-discipline certification. This request prompted me to review the CEBOK, which includes a section on Risk and Uncertainty. It further prompted me to examine the distinction between risk and uncertainty. I found this reference to Frank Wright

https://news.mit.edu/2010/explained-knightian-0602

Frank Knight was an idiosyncratic economist who formalized a distinction between risk and uncertainty in his 1921 book, Risk, Uncertainty, and Profit. As Knight saw it, an ever-changing world brings new opportunities for businesses to make profits, but also means we have imperfect knowledge of future events. Therefore, according to Knight, risk applies to situations where we do not know the outcome of a given situation, but can accurately measure the odds. Uncertainty, on the other hand, applies to situations where we cannot know all the information we need in order to set accurate odds in the first place.

Searching for Frank Knight and risk and uncertainty will yield many more references.

How do you view the difference between risk and uncertainty? Sharpening this distinction would help everyone.

I recently received a request from ASCE for my support in developing the ASCE CEC Early Career cross-discipline certification. This request prompted me to review the CEBOK, which includes a section on Risk and Uncertainty. It further prompted me to examine the distinction between risk and uncertainty. I found this reference to Frank Wright

https://news.mit.edu/2010/explained-knightian-0602

Frank Knight was an idiosyncratic economist who formalized a distinction between risk and uncertainty in his 1921 book, Risk, Uncertainty, and Profit. As Knight saw it, an ever-changing world brings new opportunities for businesses to make profits, but also means we have imperfect knowledge of future events. Therefore, according to Knight, risk applies to situations where we do not know the outcome of a given situation, but can accurately measure the odds. Uncertainty, on the other hand, applies to situations where we cannot know all the information we need in order to set accurate odds in the first place.

Searching for Frank Knight and risk and uncertainty will yield many more references.

How do you view the difference between risk and uncertainty? Sharpening this distinction would help everyone.

The CEBOK does a good job of distinguishing between risk and uncertainty, defining risk as "... the most likely consequence of a particular hazard or vulnerability combined with the likelihood or probability of it occurring." That definition, distinct from uncertainty, is consistent with the definition given in the Risk Primer  developed by this community.

I'm not enthusiastic about the CEBOK's almost constant linking of uncertainty to risk by using the phrase "Risk and Uncertainty" instead of just "Risk." While risk includes the effects of uncertainty, each term stands on its own. Risk also includes probability and consequences but we don't lump all those words into one label. Risk is risk.

Bill Mc

I recently received a request from ASCE for my support in developing the ASCE CEC Early Career cross-discipline certification. This request prompted me to review the CEBOK, which includes a section on Risk and Uncertainty. It further prompted me to examine the distinction between risk and uncertainty. I found this reference to Frank Wright

https://news.mit.edu/2010/explained-knightian-0602

Frank Knight was an idiosyncratic economist who formalized a distinction between risk and uncertainty in his 1921 book, Risk, Uncertainty, and Profit. As Knight saw it, an ever-changing world brings new opportunities for businesses to make profits, but also means we have imperfect knowledge of future events. Therefore, according to Knight, risk applies to situations where we do not know the outcome of a given situation, but can accurately measure the odds. Uncertainty, on the other hand, applies to situations where we cannot know all the information we need in order to set accurate odds in the first place.

Searching for Frank Knight and risk and uncertainty will yield many more references.

How do you view the difference between risk and uncertainty? Sharpening this distinction would help everyone.

The CEBOK does a good job of distinguishing between risk and uncertainty, defining risk as "... the most likely consequence of a particular hazard or vulnerability combined with the likelihood or probability of it occurring." That definition, distinct from uncertainty, is consistent with the definition given in the Risk Primer  developed by this community.

I'm not enthusiastic about the CEBOK's almost constant linking of uncertainty to risk by using the phrase "Risk and Uncertainty" instead of just "Risk." While risk includes the effects of uncertainty, each term stands on its own. Risk also includes probability and consequences but we don't lump all those words into one label. Risk is risk.

Bill Mc

------------------------------
William McAnally Ph.D., P.E., BC.CE, BC.NE, F.ASCE
ENGINEER
Columbus MS

Original Message:
Sent: 11-21-2025 08:23 AM
From: Mitchell Winkler
Subject: How do you distinguish between risk and uncertainty?

I recently received a request from ASCE for my support in developing the ASCE CEC Early Career cross-discipline certification. This request prompted me to review the CEBOK, which includes a section on Risk and Uncertainty. It further prompted me to examine the distinction between risk and uncertainty. I found this reference to Frank Wright

https://news.mit.edu/2010/explained-knightian-0602

Frank Knight was an idiosyncratic economist who formalized a distinction between risk and uncertainty in his 1921 book, Risk, Uncertainty, and Profit. As Knight saw it, an ever-changing world brings new opportunities for businesses to make profits, but also means we have imperfect knowledge of future events. Therefore, according to Knight, risk applies to situations where we do not know the outcome of a given situation, but can accurately measure the odds. Uncertainty, on the other hand, applies to situations where we cannot know all the information we need in order to set accurate odds in the first place.

Searching for Frank Knight and risk and uncertainty will yield many more references.

How do you view the difference between risk and uncertainty? Sharpening this distinction would help everyone.

------------------------------
Mitch Winkler P.E.(inactive), M.ASCE
Houston, TX
------------------------------

The CEBOK does a good job of distinguishing between risk and uncertainty, defining risk as "... the most likely consequence of a particular hazard or vulnerability combined with the likelihood or probability of it occurring." That definition, distinct from uncertainty, is consistent with the definition given in the Risk Primer  developed by this community.

I'm not enthusiastic about the CEBOK's almost constant linking of uncertainty to risk by using the phrase "Risk and Uncertainty" instead of just "Risk." While risk includes the effects of uncertainty, each term stands on its own. Risk also includes probability and consequences but we don't lump all those words into one label. Risk is risk.

Bill Mc

I recently received a request from ASCE for my support in developing the ASCE CEC Early Career cross-discipline certification. This request prompted me to review the CEBOK, which includes a section on Risk and Uncertainty. It further prompted me to examine the distinction between risk and uncertainty. I found this reference to Frank Wright

https://news.mit.edu/2010/explained-knightian-0602

Frank Knight was an idiosyncratic economist who formalized a distinction between risk and uncertainty in his 1921 book, Risk, Uncertainty, and Profit. As Knight saw it, an ever-changing world brings new opportunities for businesses to make profits, but also means we have imperfect knowledge of future events. Therefore, according to Knight, risk applies to situations where we do not know the outcome of a given situation, but can accurately measure the odds. Uncertainty, on the other hand, applies to situations where we cannot know all the information we need in order to set accurate odds in the first place.

Searching for Frank Knight and risk and uncertainty will yield many more references.

How do you view the difference between risk and uncertainty? Sharpening this distinction would help everyone.

In daily language "risk" is connotated with hazard, whereas uncertainty is more neutral and includes also opportunities. This coincides with the meaning of the Latin word "riscare" which means sailing around a cape (i.e. risks of ship wrecking deliberately taken for the sake of entrepreneural rewards, e.g. by Vasca da Gama searching for spices in India).

Insisting on the term "risk" to be likewise positive ("upstream risk") or negative ("downstream risk") appears to be difficult. Hence the loose practice to speak of "risks & uncertainties" -- which should more precisely be replaced by "threats & opportunities".

Note also that usually there are many uncertainties, which don't really matter in terms of success or failure of an undertaking. Hence David Hilson coined the memo: "Risks are uncertainties that matter".

The CEBOK does a good job of distinguishing between risk and uncertainty, defining risk as "... the most likely consequence of a particular hazard or vulnerability combined with the likelihood or probability of it occurring." That definition, distinct from uncertainty, is consistent with the definition given in the Risk Primer  developed by this community.

I'm not enthusiastic about the CEBOK's almost constant linking of uncertainty to risk by using the phrase "Risk and Uncertainty" instead of just "Risk." While risk includes the effects of uncertainty, each term stands on its own. Risk also includes probability and consequences but we don't lump all those words into one label. Risk is risk.

Bill Mc

I recently received a request from ASCE for my support in developing the ASCE CEC Early Career cross-discipline certification. This request prompted me to review the CEBOK, which includes a section on Risk and Uncertainty. It further prompted me to examine the distinction between risk and uncertainty. I found this reference to Frank Wright

https://news.mit.edu/2010/explained-knightian-0602

Frank Knight was an idiosyncratic economist who formalized a distinction between risk and uncertainty in his 1921 book, Risk, Uncertainty, and Profit. As Knight saw it, an ever-changing world brings new opportunities for businesses to make profits, but also means we have imperfect knowledge of future events. Therefore, according to Knight, risk applies to situations where we do not know the outcome of a given situation, but can accurately measure the odds. Uncertainty, on the other hand, applies to situations where we cannot know all the information we need in order to set accurate odds in the first place.

Searching for Frank Knight and risk and uncertainty will yield many more references.

How do you view the difference between risk and uncertainty? Sharpening this distinction would help everyone.

In daily language "risk" is connotated with hazard, whereas uncertainty is more neutral and includes also opportunities. This coincides with the meaning of the Latin word "riscare" which means sailing around a cape (i.e. risks of ship wrecking deliberately taken for the sake of entrepreneural rewards, e.g. by Vasca da Gama searching for spices in India).

Insisting on the term "risk" to be likewise positive ("upstream risk") or negative ("downstream risk") appears to be difficult. Hence the loose practice to speak of "risks & uncertainties" -- which should more precisely be replaced by "threats & opportunities".

Note also that usually there are many uncertainties, which don't really matter in terms of success or failure of an undertaking. Hence David Hilson coined the memo: "Risks are uncertainties that matter".

The CEBOK does a good job of distinguishing between risk and uncertainty, defining risk as "... the most likely consequence of a particular hazard or vulnerability combined with the likelihood or probability of it occurring." That definition, distinct from uncertainty, is consistent with the definition given in the Risk Primer  developed by this community.

I'm not enthusiastic about the CEBOK's almost constant linking of uncertainty to risk by using the phrase "Risk and Uncertainty" instead of just "Risk." While risk includes the effects of uncertainty, each term stands on its own. Risk also includes probability and consequences but we don't lump all those words into one label. Risk is risk.

Bill Mc

I recently received a request from ASCE for my support in developing the ASCE CEC Early Career cross-discipline certification. This request prompted me to review the CEBOK, which includes a section on Risk and Uncertainty. It further prompted me to examine the distinction between risk and uncertainty. I found this reference to Frank Wright

https://news.mit.edu/2010/explained-knightian-0602

Frank Knight was an idiosyncratic economist who formalized a distinction between risk and uncertainty in his 1921 book, Risk, Uncertainty, and Profit. As Knight saw it, an ever-changing world brings new opportunities for businesses to make profits, but also means we have imperfect knowledge of future events. Therefore, according to Knight, risk applies to situations where we do not know the outcome of a given situation, but can accurately measure the odds. Uncertainty, on the other hand, applies to situations where we cannot know all the information we need in order to set accurate odds in the first place.

Searching for Frank Knight and risk and uncertainty will yield many more references.

How do you view the difference between risk and uncertainty? Sharpening this distinction would help everyone.

I agree that Hillson's "Risks are uncertainties that matter" is true but is inadequate as a definition because it's incomplete and can be misunderstood. It's incomplete because it lacks explicit mention of consequences. Embedding consequences in "matter" ignores uncertainty bars on measurements and model results, which may or may not be of consequence. It can be misunderstood as a false equivalency, since uncertainties aren't necessarily risks (that matter).

A glossary is an excellent idea. ISO 31000 defines a number of terms related to risk management and offers a place for us to start on a CE risk management glossary.

Bill Mc

In daily language "risk" is connotated with hazard, whereas uncertainty is more neutral and includes also opportunities. This coincides with the meaning of the Latin word "riscare" which means sailing around a cape (i.e. risks of ship wrecking deliberately taken for the sake of entrepreneural rewards, e.g. by Vasca da Gama searching for spices in India).

Insisting on the term "risk" to be likewise positive ("upstream risk") or negative ("downstream risk") appears to be difficult. Hence the loose practice to speak of "risks & uncertainties" -- which should more precisely be replaced by "threats & opportunities".

Note also that usually there are many uncertainties, which don't really matter in terms of success or failure of an undertaking. Hence David Hilson coined the memo: "Risks are uncertainties that matter".

The CEBOK does a good job of distinguishing between risk and uncertainty, defining risk as "... the most likely consequence of a particular hazard or vulnerability combined with the likelihood or probability of it occurring." That definition, distinct from uncertainty, is consistent with the definition given in the Risk Primer  developed by this community.

I'm not enthusiastic about the CEBOK's almost constant linking of uncertainty to risk by using the phrase "Risk and Uncertainty" instead of just "Risk." While risk includes the effects of uncertainty, each term stands on its own. Risk also includes probability and consequences but we don't lump all those words into one label. Risk is risk.

Bill Mc

I recently received a request from ASCE for my support in developing the ASCE CEC Early Career cross-discipline certification. This request prompted me to review the CEBOK, which includes a section on Risk and Uncertainty. It further prompted me to examine the distinction between risk and uncertainty. I found this reference to Frank Wright

https://news.mit.edu/2010/explained-knightian-0602

Frank Knight was an idiosyncratic economist who formalized a distinction between risk and uncertainty in his 1921 book, Risk, Uncertainty, and Profit. As Knight saw it, an ever-changing world brings new opportunities for businesses to make profits, but also means we have imperfect knowledge of future events. Therefore, according to Knight, risk applies to situations where we do not know the outcome of a given situation, but can accurately measure the odds. Uncertainty, on the other hand, applies to situations where we cannot know all the information we need in order to set accurate odds in the first place.

Searching for Frank Knight and risk and uncertainty will yield many more references.

How do you view the difference between risk and uncertainty? Sharpening this distinction would help everyone.

I agree that Hillson's "Risks are uncertainties that matter" is true but is inadequate as a definition because it's incomplete and can be misunderstood. It's incomplete because it lacks explicit mention of consequences. Embedding consequences in "matter" ignores uncertainty bars on measurements and model results, which may or may not be of consequence. It can be misunderstood as a false equivalency, since uncertainties aren't necessarily risks (that matter).

A glossary is an excellent idea. ISO 31000 defines a number of terms related to risk management and offers a place for us to start on a CE risk management glossary.

Bill Mc

In daily language "risk" is connotated with hazard, whereas uncertainty is more neutral and includes also opportunities. This coincides with the meaning of the Latin word "riscare" which means sailing around a cape (i.e. risks of ship wrecking deliberately taken for the sake of entrepreneural rewards, e.g. by Vasca da Gama searching for spices in India).

Insisting on the term "risk" to be likewise positive ("upstream risk") or negative ("downstream risk") appears to be difficult. Hence the loose practice to speak of "risks & uncertainties" -- which should more precisely be replaced by "threats & opportunities".

Note also that usually there are many uncertainties, which don't really matter in terms of success or failure of an undertaking. Hence David Hilson coined the memo: "Risks are uncertainties that matter".

The CEBOK does a good job of distinguishing between risk and uncertainty, defining risk as "... the most likely consequence of a particular hazard or vulnerability combined with the likelihood or probability of it occurring." That definition, distinct from uncertainty, is consistent with the definition given in the Risk Primer  developed by this community.

I'm not enthusiastic about the CEBOK's almost constant linking of uncertainty to risk by using the phrase "Risk and Uncertainty" instead of just "Risk." While risk includes the effects of uncertainty, each term stands on its own. Risk also includes probability and consequences but we don't lump all those words into one label. Risk is risk.

Bill Mc

I recently received a request from ASCE for my support in developing the ASCE CEC Early Career cross-discipline certification. This request prompted me to review the CEBOK, which includes a section on Risk and Uncertainty. It further prompted me to examine the distinction between risk and uncertainty. I found this reference to Frank Wright

https://news.mit.edu/2010/explained-knightian-0602

Frank Knight was an idiosyncratic economist who formalized a distinction between risk and uncertainty in his 1921 book, Risk, Uncertainty, and Profit. As Knight saw it, an ever-changing world brings new opportunities for businesses to make profits, but also means we have imperfect knowledge of future events. Therefore, according to Knight, risk applies to situations where we do not know the outcome of a given situation, but can accurately measure the odds. Uncertainty, on the other hand, applies to situations where we cannot know all the information we need in order to set accurate odds in the first place.

Searching for Frank Knight and risk and uncertainty will yield many more references.

How do you view the difference between risk and uncertainty? Sharpening this distinction would help everyone.

Dear Bill Mc,

Risk is generally defined as "probabilty x consequences", hence the consequences are included in the definition. The aspect of consequences as such however, is indeed not covered when discussing uncertainties and not either in discussing hazards.

As a former member of the Swiss mirror committee to ISO 31000, I once developed the following picture:

Obviously the consequences depend on the contex; more, failing controls and lack of effectiveness of mitigation measures -- whether reducing likelyhood or consequences -- also contribute to the risk. 

I agree that Hillson's "Risks are uncertainties that matter" is true but is inadequate as a definition because it's incomplete and can be misunderstood. It's incomplete because it lacks explicit mention of consequences. Embedding consequences in "matter" ignores uncertainty bars on measurements and model results, which may or may not be of consequence. It can be misunderstood as a false equivalency, since uncertainties aren't necessarily risks (that matter).

A glossary is an excellent idea. ISO 31000 defines a number of terms related to risk management and offers a place for us to start on a CE risk management glossary.

Bill Mc

In daily language "risk" is connotated with hazard, whereas uncertainty is more neutral and includes also opportunities. This coincides with the meaning of the Latin word "riscare" which means sailing around a cape (i.e. risks of ship wrecking deliberately taken for the sake of entrepreneural rewards, e.g. by Vasca da Gama searching for spices in India).

Insisting on the term "risk" to be likewise positive ("upstream risk") or negative ("downstream risk") appears to be difficult. Hence the loose practice to speak of "risks & uncertainties" -- which should more precisely be replaced by "threats & opportunities".

Note also that usually there are many uncertainties, which don't really matter in terms of success or failure of an undertaking. Hence David Hilson coined the memo: "Risks are uncertainties that matter".

The CEBOK does a good job of distinguishing between risk and uncertainty, defining risk as "... the most likely consequence of a particular hazard or vulnerability combined with the likelihood or probability of it occurring." That definition, distinct from uncertainty, is consistent with the definition given in the Risk Primer  developed by this community.

I'm not enthusiastic about the CEBOK's almost constant linking of uncertainty to risk by using the phrase "Risk and Uncertainty" instead of just "Risk." While risk includes the effects of uncertainty, each term stands on its own. Risk also includes probability and consequences but we don't lump all those words into one label. Risk is risk.

Bill Mc

I recently received a request from ASCE for my support in developing the ASCE CEC Early Career cross-discipline certification. This request prompted me to review the CEBOK, which includes a section on Risk and Uncertainty. It further prompted me to examine the distinction between risk and uncertainty. I found this reference to Frank Wright

https://news.mit.edu/2010/explained-knightian-0602

Frank Knight was an idiosyncratic economist who formalized a distinction between risk and uncertainty in his 1921 book, Risk, Uncertainty, and Profit. As Knight saw it, an ever-changing world brings new opportunities for businesses to make profits, but also means we have imperfect knowledge of future events. Therefore, according to Knight, risk applies to situations where we do not know the outcome of a given situation, but can accurately measure the odds. Uncertainty, on the other hand, applies to situations where we cannot know all the information we need in order to set accurate odds in the first place.

Searching for Frank Knight and risk and uncertainty will yield many more references.

How do you view the difference between risk and uncertainty? Sharpening this distinction would help everyone.