I've heard that Warren Buffet (who we all know is one of the world's greatest business magnates, investors and philanthropists) was once asked to define risk. Instead of going into chapter and verse, his answer was simple:
Risk comes from not knowing what you're doing...
Now, you would be hard pressed to find a contract or a commercial deal in which the parties are not exposed to some degree of risk. In my mind, that doesn't mean that the parties don't know what they are doing, it's the nature of business. However, if the parties cannot or do not identify and address those risks, then they may just fall into the category of not knowing what they're doing.
That is why it is imperative to conduct an effective and accurate assessment of all contractual risks at the outset.
Risk analysis is about developing an understanding of the risks posed. It considers the types of risks, the sources of risk, their potential positive and negative consequences and the likelihood that those consequences will occur.
The purpose of risk evaluation is to understand the outcomes of the risk analysis and to make decisions about which risks need treatment and what your priorities should be.
There are a range of ways in which to address risk and its treatment... the treatment option which is closest to my heart as a lawyer is that of legal risk transference – the act of transferring the relevant risk to your contractual counterparty. Alas, legal risk transference is not always an option, or may not always be the most commercial option.
Other methods for treating risks include:
Don’t put your head in the sand around risks, it won’t make them go away, it just means that you’re unprepared when they come to pass.