In layman’s terms, risk is the possibility of harm or loss. In finance it refers to the possibility of a monetary loss associated with investments. The most common measure of risk is simply standard deviation of portfolio returns. The higher this is, the more randomness in a portfolio, and this is seen as a bad thing.

Financial risk comes in many forms:

• **Market risk:** The possibility of loss due to movements in the market, either as a whole or specific investments

• **Credit risk:** The possibility of loss due to default on a financial obligation

• **Model risk:** The possibility of loss due to errors in mathematical models, often models of derivatives. Since these models contain parameters, such as volatility, we can also speak of parameter risk, volatility risk, etc.

• **Operational risk:** The possibility of loss due to people, procedures or systems. This includes human error and fraud

• **Legal risk:** The possibility of loss due to legal action or the meaning of legal contracts

Before looking at the mathematics of risk we should understand the difference between risk, randomness and uncertainty, all of which are important.

When measuring risk we often use probabilistic concepts. But this requires having a distribution for the randomness in investments, a probability density function, for example. With enough data or a decent enough model we may have a good idea about the distribution of returns. However, without the data, or when embarking into unknown territory we may be completely in the dark as to probabilities. This is especially true when looking at scenarios which are incredibly rare, or have never even happened before. For example, we may have a good idea of the results of an alien invasion, after all, many scenarios have been explored in the movies, but what is the probability of this happening? When you do not know the probabilities then you have what Knight (1921) termed ‘uncertainty.’

We can categorize these issues, following Knight, as follows.

1. For ‘risk’ the probabilities that specified events will occur in the future are measurable and known, i.e. there is randomness but with a known probability distribution. This can be further divided.

(a) a priori risk, such as the outcome of the roll of a fair die

(b) estimable risk, where the probabilities can be estimated through statistical analysis of the past, for example, the probability of a one-day fall of 10% in the S&P index

2. With ‘uncertainty’ the probabilities of future events cannot be estimated or calculated.

In finance we tend to concentrate on risk with probabilities we estimate, we then have all the tools of statistics and probability for quantifying various aspects of that risk. In some financial models we do attempt to address the uncertain. For example, the uncertain volatility work of Avellaneda et al. (1995). Here volatility is uncertain, is allowed to lie within a specified range, but the probability of volatility having any value is not given. Instead of working with probabilities we now work with worst-case scenarios. Uncertainty is therefore more associated with the idea of stress-testing portfolios.

**CrashMetrics** is another example of worst-case scenarios and uncertainty.

A starting point for a mathematical definition of risk is simply as standard deviation. This is sensible because of the results of the Central Limit Theorem (CLT), that if you add up a large number of investments what matters as far as the statistical properties of the portfolio are just the expected return and the standard deviation of individual investments, and the resulting portfolio returns are normally distributed. The normal distribution being symmetrical about the mean, the potential downside can be measured in terms of the standard deviation.

However, this is only meaningful if the conditions for the CLT are satisfied. For example, if we only have a small number of investments, or if the investments are correlated, or if they don’t have finite variance, then standard deviation may not be relevant.

Another mathematical definition of risk is semivariance, in which only downside deviations are used in the calculation. This definition is used in the Sortino performance measure.

Artzner et al. (1997) proposed a set of properties that a measure of risk should satisfy for it to be sensible. Such risk measures are called coherent.